metrics: Maintain legacy TLS profile in HyperShift

To be fixed after the hosted control plane components propagate the
TLS profile to the CVO. To be done. In the meantime, maintain the
previous logic.

Author: DavidHurta

pkg/cvo/metrics.go

@@ -351,6 +351,8 @@ type MetricsOptions struct {
 
 	DisableAuthentication bool
 	DisableAuthorization  bool
+
+	RespectCentralTLSProfile bool
 }
 
 // RunMetrics launches an HTTPS server bound to listenAddress serving
@@ -491,12 +493,14 @@ func RunMetrics(runContext context.Context, shutdownContext context.Context, res
 				return nil, err
 			}
 
-			profile, err := getAPIServerTLSProfile(apiServerLister, lastValidProfile)
-			if err != nil {
-				return nil, fmt.Errorf("failed to get TLS profile for metrics server: %w", err)
+			if options.RespectCentralTLSProfile {
+				profile, err := getAPIServerTLSProfile(apiServerLister, lastValidProfile)
+				if err != nil {
+					return nil, fmt.Errorf("failed to get TLS profile for metrics server: %w", err)
+				}
+				lastValidProfile = profile
+				profile.apply(config)
 			}
-			lastValidProfile = profile
-			profile.apply(config)
 
 			return config, nil
 		},

pkg/start/start.go

@@ -162,6 +162,9 @@ func (o *Options) ValidateAndComplete() error {
 	o.MetricsOptions.DisableAuthorization = o.HyperShift
 	o.MetricsOptions.DisableAuthentication = o.HyperShift
 
+	// Continue functioning the same way in HyperShift, as the CVO is in the management cluster
+	o.MetricsOptions.RespectCentralTLSProfile = !o.HyperShift
+
 	if err := validateCapabilities(o.AlwaysEnableCapabilities); err != nil {
 		return fmt.Errorf("--always-enable-capabilities: %w", err)
 	}