Support default mode webhook networking configuration

Signed-off-by: Ben Perry <[email protected]>

Author: bhperry

deploy/cluster-manager/chart/cluster-manager/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml

@@ -91,6 +91,71 @@ spec:
                   DeployOption contains the options of deploying a cluster-manager
                   Default mode is used if DeployOption is not set.
                 properties:
+                  default:
+                    description: Default includes configurations for clustermanager
+                      in the Default mode
+                    properties:
+                      registrationWebhookConfiguration:
+                        description: RegistrationWebhookConfiguration represents the
+                          customized webhook-server configuration of registration.
+                        properties:
+                          healthProbeBindAddress:
+                            default: :8000
+                            description: |-
+                              HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000".
+                              Healthchecks may be disabled by setting a value of "0" or "".
+                            type: string
+                          hostNetwork:
+                            description: |-
+                              HostNetwork enables running webhook pods with hostNetwork: true
+                              This may be required in some installations, such as EKS with Calico CNI,
+                              to allow the API Server to communicate with the webhook pods.
+                            type: boolean
+                          metricsBindAddress:
+                            default: :8080
+                            description: |-
+                              MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080"
+                              Metrics may be disabled by setting a value of "0" or "".
+                            type: string
+                          port:
+                            default: 9443
+                            description: Port represents the port of a webhook-server.
+                              The default value of Port is 9443.
+                            format: int32
+                            maximum: 65535
+                            type: integer
+                        type: object
+                      workWebhookConfiguration:
+                        description: WorkWebhookConfiguration represents the customized
+                          webhook-server configuration of work.
+                        properties:
+                          healthProbeBindAddress:
+                            default: :8000
+                            description: |-
+                              HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000".
+                              Healthchecks may be disabled by setting a value of "0" or "".
+                            type: string
+                          hostNetwork:
+                            description: |-
+                              HostNetwork enables running webhook pods with hostNetwork: true
+                              This may be required in some installations, such as EKS with Calico CNI,
+                              to allow the API Server to communicate with the webhook pods.
+                            type: boolean
+                          metricsBindAddress:
+                            default: :8080
+                            description: |-
+                              MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080"
+                              Metrics may be disabled by setting a value of "0" or "".
+                            type: string
+                          port:
+                            default: 9443
+                            description: Port represents the port of a webhook-server.
+                              The default value of Port is 9443.
+                            format: int32
+                            maximum: 65535
+                            type: integer
+                        type: object
+                    type: object
                   hosted:
                     description: Hosted includes configurations we need for clustermanager
                       in the Hosted mode.

deploy/cluster-manager/config/crds/0000_01_operator.open-cluster-management.io_clustermanagers.crd.yaml

@@ -91,6 +91,71 @@ spec:
                   DeployOption contains the options of deploying a cluster-manager
                   Default mode is used if DeployOption is not set.
                 properties:
+                  default:
+                    description: Default includes configurations for clustermanager
+                      in the Default mode
+                    properties:
+                      registrationWebhookConfiguration:
+                        description: RegistrationWebhookConfiguration represents the
+                          customized webhook-server configuration of registration.
+                        properties:
+                          healthProbeBindAddress:
+                            default: :8000
+                            description: |-
+                              HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000".
+                              Healthchecks may be disabled by setting a value of "0" or "".
+                            type: string
+                          hostNetwork:
+                            description: |-
+                              HostNetwork enables running webhook pods with hostNetwork: true
+                              This may be required in some installations, such as EKS with Calico CNI,
+                              to allow the API Server to communicate with the webhook pods.
+                            type: boolean
+                          metricsBindAddress:
+                            default: :8080
+                            description: |-
+                              MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080"
+                              Metrics may be disabled by setting a value of "0" or "".
+                            type: string
+                          port:
+                            default: 9443
+                            description: Port represents the port of a webhook-server.
+                              The default value of Port is 9443.
+                            format: int32
+                            maximum: 65535
+                            type: integer
+                        type: object
+                      workWebhookConfiguration:
+                        description: WorkWebhookConfiguration represents the customized
+                          webhook-server configuration of work.
+                        properties:
+                          healthProbeBindAddress:
+                            default: :8000
+                            description: |-
+                              HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000".
+                              Healthchecks may be disabled by setting a value of "0" or "".
+                            type: string
+                          hostNetwork:
+                            description: |-
+                              HostNetwork enables running webhook pods with hostNetwork: true
+                              This may be required in some installations, such as EKS with Calico CNI,
+                              to allow the API Server to communicate with the webhook pods.
+                            type: boolean
+                          metricsBindAddress:
+                            default: :8080
+                            description: |-
+                              MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080"
+                              Metrics may be disabled by setting a value of "0" or "".
+                            type: string
+                          port:
+                            default: 9443
+                            description: Port represents the port of a webhook-server.
+                              The default value of Port is 9443.
+                            format: int32
+                            maximum: 65535
+                            type: integer
+                        type: object
+                    type: object
                   hosted:
                     description: Hosted includes configurations we need for clustermanager
                       in the Hosted mode.

deploy/cluster-manager/olm-catalog/latest/manifests/cluster-manager.clusterserviceversion.yaml

@@ -59,7 +59,7 @@ metadata:
     categories: Integration & Delivery,OpenShift Optional
     certified: "false"
     containerImage: quay.io/open-cluster-management/registration-operator:latest
-    createdAt: "2025-05-29T02:56:45Z"
+    createdAt: "2025-06-12T23:20:27Z"
     description: Manages the installation and upgrade of the ClusterManager.
     operators.operatorframework.io/builder: operator-sdk-v1.32.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3

deploy/cluster-manager/olm-catalog/latest/manifests/operator.open-cluster-management.io_clustermanagers.yaml

@@ -91,6 +91,71 @@ spec:
                   DeployOption contains the options of deploying a cluster-manager
                   Default mode is used if DeployOption is not set.
                 properties:
+                  default:
+                    description: Default includes configurations for clustermanager
+                      in the Default mode
+                    properties:
+                      registrationWebhookConfiguration:
+                        description: RegistrationWebhookConfiguration represents the
+                          customized webhook-server configuration of registration.
+                        properties:
+                          healthProbeBindAddress:
+                            default: :8000
+                            description: |-
+                              HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000".
+                              Healthchecks may be disabled by setting a value of "0" or "".
+                            type: string
+                          hostNetwork:
+                            description: |-
+                              HostNetwork enables running webhook pods with hostNetwork: true
+                              This may be required in some installations, such as EKS with Calico CNI,
+                              to allow the API Server to communicate with the webhook pods.
+                            type: boolean
+                          metricsBindAddress:
+                            default: :8080
+                            description: |-
+                              MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080"
+                              Metrics may be disabled by setting a value of "0" or "".
+                            type: string
+                          port:
+                            default: 9443
+                            description: Port represents the port of a webhook-server.
+                              The default value of Port is 9443.
+                            format: int32
+                            maximum: 65535
+                            type: integer
+                        type: object
+                      workWebhookConfiguration:
+                        description: WorkWebhookConfiguration represents the customized
+                          webhook-server configuration of work.
+                        properties:
+                          healthProbeBindAddress:
+                            default: :8000
+                            description: |-
+                              HealthProbeBindAddress represents the healthcheck address of a webhook-server. The default value is ":8000".
+                              Healthchecks may be disabled by setting a value of "0" or "".
+                            type: string
+                          hostNetwork:
+                            description: |-
+                              HostNetwork enables running webhook pods with hostNetwork: true
+                              This may be required in some installations, such as EKS with Calico CNI,
+                              to allow the API Server to communicate with the webhook pods.
+                            type: boolean
+                          metricsBindAddress:
+                            default: :8080
+                            description: |-
+                              MetricsBindAddress represents the metrics address of a webhook-server. The default value is ":8080"
+                              Metrics may be disabled by setting a value of "0" or "".
+                            type: string
+                          port:
+                            default: 9443
+                            description: Port represents the port of a webhook-server.
+                              The default value of Port is 9443.
+                            format: int32
+                            maximum: 65535
+                            type: integer
+                        type: object
+                    type: object
                   hosted:
                     description: Hosted includes configurations we need for clustermanager
                       in the Hosted mode.

deploy/klusterlet/olm-catalog/latest/manifests/klusterlet.clusterserviceversion.yaml

@@ -31,7 +31,7 @@ metadata:
     categories: Integration & Delivery,OpenShift Optional
     certified: "false"
     containerImage: quay.io/open-cluster-management/registration-operator:latest
-    createdAt: "2025-05-29T02:56:45Z"
+    createdAt: "2025-06-12T23:20:27Z"
     description: Manages the installation and upgrade of the Klusterlet.
     operators.operatorframework.io/builder: operator-sdk-v1.32.0
     operators.operatorframework.io/project_layout: go.kubebuilder.io/v3

go.mod

@@ -2,6 +2,8 @@ module open-cluster-management.io/ocm
 
 go 1.23.6
 
+replace open-cluster-management.io/api => github.com/bhperry/ocm-api v0.0.0-20250612225613-ffa7865df0a9
+
 require (
 	github.com/aws/aws-sdk-go-v2 v1.36.3
 	github.com/aws/aws-sdk-go-v2/config v1.29.14

go.sum

@@ -58,6 +58,8 @@ github.com/aws/smithy-go v1.22.2 h1:6D9hW43xKFrRx/tXXfAlIZc4JI+yQe6snnWcQyxSyLQ=
 github.com/aws/smithy-go v1.22.2/go.mod h1:irrKGvNn1InZwb2d7fkIRNucdfwR8R+Ts3wxYa/cJHg=
 github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=
 github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=
+github.com/bhperry/ocm-api v0.0.0-20250612225613-ffa7865df0a9 h1:Cs8jDa7M7sGmQA3OmGYsnn+yD/aytxyhYym6qtZHsVs=
+github.com/bhperry/ocm-api v0.0.0-20250612225613-ffa7865df0a9/go.mod h1:/OeqXycNBZQoe3WG6ghuWsMgsKGuMZrK8ZpsU6gWL0Y=
 github.com/blang/semver/v4 v4.0.0 h1:1PFHFE6yCCTv8C1TeyNNarDzntLi7wMI5i/pzqYIsAM=
 github.com/blang/semver/v4 v4.0.0/go.mod h1:IbckMUScFkM3pff0VJDNKRiT6TG/YpiHIM2yvyW5YoQ=
 github.com/bwmarrin/snowflake v0.3.0 h1:xm67bEhkKh6ij1790JB83OujPR5CzNe8QuQqAgISZN0=
@@ -491,8 +493,6 @@ k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 h1:M3sRQVHv7vB20Xc2ybTt7ODCeFj6J
 k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
 open-cluster-management.io/addon-framework v0.12.1-0.20250407131028-9d436ffc2da7 h1:oLu9ag44Msf56Hb19b/b+UTNq0J2l9rhlBQ1gh7izCU=
 open-cluster-management.io/addon-framework v0.12.1-0.20250407131028-9d436ffc2da7/go.mod h1:7AEw1Sq9UEWpQGTU8zV1XPNkFRBYPbyBh8tfhISV++s=
-open-cluster-management.io/api v0.16.2-0.20250530014337-5880b0cf7dab h1:OGuw8WQOnvyPIwoDhWr+6bDgn8EwcR0SdNdL36WkBwE=
-open-cluster-management.io/api v0.16.2-0.20250530014337-5880b0cf7dab/go.mod h1:/OeqXycNBZQoe3WG6ghuWsMgsKGuMZrK8ZpsU6gWL0Y=
 open-cluster-management.io/sdk-go v0.16.1-0.20250530024739-3724a1e691fe h1:Y0FNpLz9msY7iz59lQxV+p2pY9aid0nzQ3IOMYxjHiU=
 open-cluster-management.io/sdk-go v0.16.1-0.20250530024739-3724a1e691fe/go.mod h1:n89YVVoi5zm3KVpOyVMmTdD4rGOVSsykUtu7Ol3do3M=
 sigs.k8s.io/about-api v0.0.0-20250131010323-518069c31c03 h1:1ShFiMjGQOR/8jTBkmZrk1gORxnvMwm1nOy2/DbHg4U=

manifests/cluster-manager/hub/cluster-manager-registration-webhook-service.yaml

@@ -14,5 +14,5 @@ spec:
     app: {{ .ClusterManagerName }}-registration-webhook
   ports:
   - name: webhook
-    port: 9443
-    targetPort: 9443
+    port: {{ .RegistrationWebhook.Port }}
+    targetPort: {{ .RegistrationWebhook.Port }}

manifests/cluster-manager/hub/cluster-manager-work-webhook-service.yaml

@@ -14,5 +14,5 @@ spec:
     app: {{ .ClusterManagerName }}-work-webhook
   ports:
   - name: webhook
-    port: 9443
-    targetPort: 9443
+    port: {{ .WorkWebhook.Port }}
+    targetPort: {{ .WorkWebhook.Port }}

manifests/cluster-manager/hub/cluster-manager-work-webhook-validatingconfiguration.yaml

@@ -17,8 +17,8 @@ webhooks:
       namespace: {{ .ClusterManagerNamespace }}
       name: cluster-manager-work-webhook
       path: /validate-work-open-cluster-management-io-v1-manifestwork
-      port: {{.RegistrationWebhook.Port}}
-    caBundle: {{ .RegistrationAPIServiceCABundle }}
+      port: {{.WorkWebhook.Port}}
+    caBundle: {{ .WorkAPIServiceCABundle }}
   rules:
   - operations:
     - CREATE