fix(namig): update pod identity webhook to use stackit-specific naming and configuration

Author: jastBytes

charts/internal/seed-controlplane/charts/stackit-pod-identity-webhook/Chart.yaml

@@ -1,3 +1,3 @@
 apiVersion: v1
-name: pod-identity-webhook
+name: stackit-pod-identity-webhook
 version: 0.1.0

charts/internal/seed-controlplane/requirements.yaml

@@ -19,6 +19,6 @@ dependencies:
   repository: http://localhost:10191
   version: 0.1.0
   condition: stackit-alb-controller-manager.enabled
-- name: pod-identity-webhook
+- name: stackit-pod-identity-webhook
   repository: http://localhost:10191
   version: 0.1.0

charts/internal/shoot-system-components/charts/stackit-pod-identity-webhook/Chart.yaml

@@ -1,3 +1,3 @@
 apiVersion: v1
-name: pod-identity-webhook
+name: stackit-pod-identity-webhook
 version: 0.1.0

charts/internal/shoot-system-components/requirements.yaml

@@ -15,6 +15,6 @@ dependencies:
   repository: http://localhost:10191
   version: 0.1.0
   condition: stackit-blockstorage-csi-driver.enabled
-- name: pod-identity-webhook
+- name: stackit-pod-identity-webhook
   repository: http://localhost:10191
   version: 0.1.0

pkg/controller/controlplane/valuesprovider.go

@@ -58,7 +58,7 @@ import (
 const (
 	caNameControlPlane                  = "ca-" + openstack.Name + "-controlplane"
 	cloudControllerManagerServerName    = openstack.CloudControllerManagerName + "-server"
-	stackitPodIdentityWebhookServerName = stackit.STACKITPodIdentityWebhookName + "-server"
+	stackitPodIdentityWebhookServerName = stackit.PodIdentityWebhookName + "-server"
 
 	CSIStackitPrefix = "stackit-blockstorage"
 
@@ -104,8 +104,8 @@ func secretConfigsFunc(namespace string) []extensionssecretmanager.SecretConfigW
 		{
 			Config: &secretutils.CertificateSecretConfig{
 				Name:                        stackitPodIdentityWebhookServerName,
-				CommonName:                  stackit.STACKITPodIdentityWebhookName,
-				DNSNames:                    kutil.DNSNamesForService("stackit-"+stackit.STACKITPodIdentityWebhookName, namespace),
+				CommonName:                  stackit.PodIdentityWebhookName,
+				DNSNames:                    kutil.DNSNamesForService(stackit.PodIdentityWebhookName, namespace),
 				CertType:                    secretutils.ServerCert,
 				SkipPublishingCACertificate: true,
 			},
@@ -122,7 +122,7 @@ func shootAccessSecretsFunc(namespace string) []*gutil.AccessSecret {
 		gutil.NewShootAccessSecret(openstack.CSISnapshotterName, namespace),
 		gutil.NewShootAccessSecret(openstack.CSIResizerName, namespace),
 		gutil.NewShootAccessSecret(openstack.CSISnapshotControllerName, namespace),
-		gutil.NewShootAccessSecret(stackit.STACKITPodIdentityWebhookName, namespace),
+		gutil.NewShootAccessSecret(stackit.PodIdentityWebhookName, namespace),
 	}
 }
 
@@ -211,13 +211,13 @@ var (
 				},
 			},
 			{
-				Name:   stackit.STACKITPodIdentityWebhookName,
+				Name:   stackit.PodIdentityWebhookName,
 				Images: []string{imagevector.ImageNameStackitPodIdentityWebhook},
 				Objects: []*chart.Object{
-					{Type: &appsv1.Deployment{}, Name: stackit.STACKITPodIdentityWebhookName},
-					{Type: &policyv1.PodDisruptionBudget{}, Name: stackit.STACKITPodIdentityWebhookName},
-					{Type: &corev1.Service{}, Name: stackit.STACKITPodIdentityWebhookName},
-					{Type: &vpaautoscalingv1.VerticalPodAutoscaler{}, Name: stackit.STACKITPodIdentityWebhookName},
+					{Type: &appsv1.Deployment{}, Name: stackit.PodIdentityWebhookName},
+					{Type: &policyv1.PodDisruptionBudget{}, Name: stackit.PodIdentityWebhookName},
+					{Type: &corev1.Service{}, Name: stackit.PodIdentityWebhookName},
+					{Type: &vpaautoscalingv1.VerticalPodAutoscaler{}, Name: stackit.PodIdentityWebhookName},
 				},
 			},
 		},
@@ -320,9 +320,9 @@ var (
 				},
 			},
 			{
-				Name: stackit.STACKITPodIdentityWebhookName,
+				Name: stackit.PodIdentityWebhookName,
 				Objects: []*chart.Object{
-					{Type: &admissionregistrationv1.MutatingWebhookConfiguration{}, Name: stackit.STACKITPodIdentityWebhookName},
+					{Type: &admissionregistrationv1.MutatingWebhookConfiguration{}, Name: stackit.PodIdentityWebhookName},
 				},
 			},
 		},
@@ -756,7 +756,7 @@ func (vp *valuesProvider) getControlPlaneChartValues(ctx context.Context, cpConf
 		},
 		openstack.CloudControllerManagerName:        ccm,
 		openstack.STACKITCloudControllerManagerName: stackitccm,
-		stackit.STACKITPodIdentityWebhookName:       podIdentityWebhook,
+		stackit.PodIdentityWebhookName:              podIdentityWebhook,
 	})
 
 	if vp.deployALBIngressController {
@@ -1087,8 +1087,8 @@ func (vp *valuesProvider) getControlPlaneShootChartValues(ctx context.Context, c
 	}
 
 	maps.Copy(values, map[string]any{
-		openstack.CloudControllerManagerName:  map[string]any{"enabled": true},
-		stackit.STACKITPodIdentityWebhookName: podIdentityWebhook,
+		openstack.CloudControllerManagerName: map[string]any{"enabled": true},
+		stackit.PodIdentityWebhookName:       podIdentityWebhook,
 	})
 
 	return values, nil
@@ -1333,7 +1333,7 @@ func (vp *valuesProvider) getPodIdentityWebhookShootChartValues(
 	return map[string]any{
 		"webhook": map[string]any{
 			"caBundle": caBundle,
-			"url":      fmt.Sprintf("https://stackit-%s.%s:443/mutate--v1-pod", stackit.STACKITPodIdentityWebhookName, controlPlaneNamespace),
+			"url":      fmt.Sprintf("https://%s.%s:443/mutate--v1-pod", stackit.PodIdentityWebhookName, controlPlaneNamespace),
 		},
 	}, nil
 }

pkg/controller/controlplane/valuesprovider_test.go

@@ -499,7 +499,7 @@ var _ = Describe("ValuesProvider", func() {
 		stackitPodIdentityWebhookChartSeedValues := map[string]any{
 			"replicaCount": 1,
 			"webhook": map[string]any{
-				"tlsSecretName": "pod-identity-webhook-server",
+				"tlsSecretName": stackitPodIdentityWebhookServerName,
 			},
 		}
 
@@ -523,7 +523,7 @@ var _ = Describe("ValuesProvider", func() {
 			By("creating secrets managed outside of this package for whose secretsmanager.Get() will be called")
 			Expect(fakeClient.Create(context.TODO(), &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "ca-provider-openstack-controlplane", Namespace: namespace}, Data: map[string][]byte{secretutils.DataKeyCertificateBundle: []byte("fake-ca-cert")}})).To(Succeed())
 			Expect(fakeClient.Create(context.TODO(), &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "cloud-controller-manager-server", Namespace: namespace}})).To(Succeed())
-			Expect(fakeClient.Create(context.TODO(), &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: "pod-identity-webhook-server", Namespace: namespace}})).To(Succeed())
+			Expect(fakeClient.Create(context.TODO(), &corev1.Secret{ObjectMeta: metav1.ObjectMeta{Name: stackitPodIdentityWebhookServerName, Namespace: namespace}})).To(Succeed())
 
 			// This call is made for emergency Loadbalancer API access.
 			// It will return a NotFound error by default to not interfere with existing tests.
@@ -566,7 +566,7 @@ var _ = Describe("ValuesProvider", func() {
 						"replicas": 1,
 					},
 				}),
-				stackit.STACKITPodIdentityWebhookName:     stackitPodIdentityWebhookChartSeedValues,
+				stackit.PodIdentityWebhookName:            stackitPodIdentityWebhookChartSeedValues,
 				openstack.STACKITALBControllerManagerName: empty(),
 			}))
 		})
@@ -610,7 +610,7 @@ var _ = Describe("ValuesProvider", func() {
 						"replicas": 1,
 					},
 				}),
-				stackit.STACKITPodIdentityWebhookName:     stackitPodIdentityWebhookChartSeedValues,
+				stackit.PodIdentityWebhookName:            stackitPodIdentityWebhookChartSeedValues,
 				openstack.STACKITALBControllerManagerName: empty(),
 			}))
 		})
@@ -921,8 +921,8 @@ var _ = Describe("ValuesProvider", func() {
 						"rescanBlockStorageOnResize": rescanBlockStorageOnResize,
 						"userAgentHeaders":           []string{domainName, tenantName, technicalID},
 					}),
-					openstack.CSINodeName:                 enabledFalse,
-					stackit.STACKITPodIdentityWebhookName: stackitPodIdentityWebhookChartShootValues,
+					openstack.CSINodeName:          enabledFalse,
+					stackit.PodIdentityWebhookName: stackitPodIdentityWebhookChartShootValues,
 				}))
 			})
 
@@ -940,8 +940,8 @@ var _ = Describe("ValuesProvider", func() {
 						"rescanBlockStorageOnResize": rescanBlockStorageOnResize,
 						"userAgentHeaders":           []string{domainName, tenantName, technicalID},
 					}),
-					openstack.CSINodeName:                 enabledFalse,
-					stackit.STACKITPodIdentityWebhookName: stackitPodIdentityWebhookChartShootValues,
+					openstack.CSINodeName:          enabledFalse,
+					stackit.PodIdentityWebhookName: stackitPodIdentityWebhookChartShootValues,
 				}))
 			})
 		})

pkg/stackit/types.go

@@ -17,8 +17,8 @@ const (
 	DirectionEgress  = "egress"
 	DirectionIngress = "ingress"
 
-	// STACKITPodIdentityWebhookName is a constant for the name of the Pod Identity Webhook. (stackit)
-	STACKITPodIdentityWebhookName = "pod-identity-webhook"
+	// PodIdentityWebhookName is a constant for the name of the Pod Identity Webhook. (stackit)
+	PodIdentityWebhookName = "stackit-pod-identity-webhook"
 )
 
 var (