refactor(config): eliminate conditional webhook logic for STACKIT pod identity

jastBytes · jastBytes · commit 89bae65e14be · 2026-03-23T11:49:57.000+01:00
Key changes:
- Removed redundant `isShoot` method and related conditional logic
diff --git a/charts/internal/shoot-system-components/charts/stackit-pod-identity-webhook/values.yaml b/charts/internal/shoot-system-components/charts/stackit-pod-identity-webhook/values.yaml
@@ -1,4 +1,3 @@
-enabled: true
 webhook:
   caBundle: "" # will be set by valuesprovider
   # failurePolicy for the webhook (Ignore or Fail).
diff --git a/pkg/controller/controlplane/valuesprovider.go b/pkg/controller/controlplane/valuesprovider.go
@@ -29,7 +29,6 @@ import (
 	secretsmanager "github.com/gardener/gardener/pkg/utils/secrets/manager"
 	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	appsv1 "k8s.io/api/apps/v1"
-	v1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	policyv1 "k8s.io/api/policy/v1"
@@ -368,12 +367,6 @@ type valuesProvider struct {
 	customLabelDomain          string
 }
 
-// isShoot returns if the cluster is a shoot or a seed by checking if the gardenlet is present in cluster
-func (vp *valuesProvider) isShoot(ctx context.Context, cluster *extensionscontroller.Cluster) bool {
-	err := vp.client.Get(ctx, k8sclient.ObjectKey{Name: "gardenlet", Namespace: "garden"}, &v1.Deployment{})
-	return errors.IsNotFound(err)
-}
-
 // GetConfigChartValues returns the values for the config chart applied by the generic actuator.
 func (vp *valuesProvider) GetConfigChartValues(
 	ctx context.Context,
@@ -1083,8 +1076,7 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, c
 		return nil, err
 	}
 
-	isShoot := vp.isShoot(ctx, cluster)
-	podIdentityWebhook, err := vp.getSTACKITPodIdentityWebhookShootChartValues(isShoot, secretsReader)
+	podIdentityWebhook, err := vp.getSTACKITPodIdentityWebhookShootChartValues(secretsReader)
 	if err != nil {
 		return nil, err
 	}
@@ -1319,7 +1311,6 @@ func getSTACKITPodIdentityWebhookChartValues(
 }
 
 func (vp *valuesProvider) getSTACKITPodIdentityWebhookShootChartValues(
-	isShoot bool,
 	secretsReader secretsmanager.Reader,
 ) (map[string]any, error) {
 	caSecret, found := secretsReader.Get(caNameControlPlane)
@@ -1328,7 +1319,6 @@ func (vp *valuesProvider) getSTACKITPodIdentityWebhookShootChartValues(
 	}
 
 	return map[string]any{
-		"enabled": isShoot,
 		"webhook": map[string]any{
 			"caBundle": gardenerutils.EncodeBase64(caSecret.Data[secretutils.DataKeyCertificateBundle]),
 		},
diff --git a/pkg/controller/controlplane/valuesprovider_test.go b/pkg/controller/controlplane/valuesprovider_test.go
@@ -893,7 +893,6 @@ var _ = Describe("ValuesProvider", func() {
 
 	Describe("#GetControlPlaneShootChartValues", func() {
 		stackitPodIdentityWebhookChartShootValues := map[string]any{
-			"enabled": true,
 			"webhook": map[string]any{
 				"caBundle": "",
 			},
@@ -910,7 +909,6 @@ var _ = Describe("ValuesProvider", func() {
 				// Refactoring led to retrieving it three times at a lower level
 				// This is the vp.getCredentials() call
 				c.EXPECT().Get(ctx, cpSecretKey, &corev1.Secret{}).DoAndReturn(clientGet(cpSecret)).Times(2)
-				c.EXPECT().Get(ctx, client.ObjectKey{Name: "gardenlet", Namespace: "garden"}, &appsv1.Deployment{}).Return(errors.NewNotFound(schema.GroupResource{Group: "apps", Resource: "deployments"}, "gardenlet"))
 
 				expectCSICleanupinControlPlane(ctx, c, openstack.CSIControllerName)
 
@@ -929,7 +927,6 @@ var _ = Describe("ValuesProvider", func() {
 
 			It("should return correct shoot control plane chart if CSI STACKIT is enabled", func() {
 				c.EXPECT().Get(ctx, cpSecretKey, &corev1.Secret{}).DoAndReturn(clientGet(cpSecret)).Times(2)
-				c.EXPECT().Get(ctx, client.ObjectKey{Name: "gardenlet", Namespace: "garden"}, &appsv1.Deployment{}).Return(errors.NewNotFound(schema.GroupResource{Group: "apps", Resource: "deployments"}, "gardenlet"))
 
 				expectCSICleanupinControlPlane(ctx, c, openstack.CSIControllerName)
 

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,3 @@`
`1`		`-enabled: true`
`2`	`1`	`webhook:`
`3`	`2`	`caBundle: "" # will be set by valuesprovider`
`4`	`3`	`# failurePolicy for the webhook (Ignore or Fail).`