From 4af9a0d3f8b586913b9e3df8ac41dbc918fd2bd8 Mon Sep 17 00:00:00 2001 From: Knative Prow Robot Date: Mon, 21 Oct 2024 06:37:26 +0100 Subject: [PATCH] Add `WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP` env-var (#3106) Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Co-authored-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> --- webhook/env.go | 14 ++++++++++++++ webhook/webhook.go | 12 ++++++++++-- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/webhook/env.go b/webhook/env.go index ffb7570110..e622f5f97b 100644 --- a/webhook/env.go +++ b/webhook/env.go @@ -32,6 +32,8 @@ const ( secretNameEnvKey = "WEBHOOK_SECRET_NAME" //nolint:gosec // This is not a hardcoded credential tlsMinVersionEnvKey = "WEBHOOK_TLS_MIN_VERSION" + + disableNamespaceOwnershipEnvKey = "WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP" ) // PortFromEnv returns the webhook port set by portEnvKey, or default port if env var is not set. @@ -82,3 +84,15 @@ func TLSMinVersionFromEnv(defaultTLSMinVersion uint16) uint16 { panic(fmt.Sprintf("the environment variable %q has to be either '1.2' or '1.3'", tlsMinVersionEnvKey)) } } + +func DisableNamespaceOwnershipFromEnv() *bool { + disableNamespaceOwnership := os.Getenv(disableNamespaceOwnershipEnvKey) + if disableNamespaceOwnership == "" { + return nil + } + disableNamespaceOwnershipBool, err := strconv.ParseBool(disableNamespaceOwnership) + if err != nil { + panic(fmt.Sprintf("failed to convert the environment variable %q : %v", disableNamespaceOwnershipEnvKey, err)) + } + return &disableNamespaceOwnershipBool +} diff --git a/webhook/webhook.go b/webhook/webhook.go index 1b90e75fca..dc19817969 100644 --- a/webhook/webhook.go +++ b/webhook/webhook.go @@ -81,8 +81,10 @@ type Options struct { // before shutting down. GracePeriod time.Duration - // DisableNamespaceOwnership configures whether the webhook adds an owner reference for the SYSTEM_NAMESPACE - // Disabling this is useful when you expect the webhook configuration to be managed by something other than knative + // DisableNamespaceOwnership configures if the SYSTEM_NAMESPACE is added as an owner reference to the + // webhook configuration resources. Overridden by the WEBHOOK_DISABLE_NAMESPACE_OWNERSHIP environment variable. + // Disabling can be useful to avoid breaking systems that expect ownership to indicate a true controller + // relationship: https://github.com/knative/serving/issues/15483 DisableNamespaceOwnership bool // ControllerOptions encapsulates options for creating a new controller, @@ -164,6 +166,12 @@ func New( return nil, fmt.Errorf("unsupported TLS version: %d", opts.TLSMinVersion) } + // if the environment variable is set, it overrides the value in the Options + disableNamespaceOwnership := DisableNamespaceOwnershipFromEnv() + if disableNamespaceOwnership != nil { + opts.DisableNamespaceOwnership = *disableNamespaceOwnership + } + syncCtx, cancel := context.WithCancel(context.Background()) webhook = &Webhook{