Add support for running local operator with webhooks

Makefile

@@ -371,3 +371,17 @@ tidy: ## Run go mod tidy on every mod file in the repo
 operator-lint: gowork ## Runs operator-lint
 	GOBIN=$(LOCALBIN) go install github.com/gibizer/[email protected]
 	go vet -vettool=$(LOCALBIN)/operator-lint ./... ./api/...
+
+# Used for webhook testing
+# The configure_local_webhooks.sh script below will remove any OLM webhooks
+# for the operator and also scale its deployment replicas down to 0 so that
+# the operator can run locally.
+# Make sure to cleanup the webhook configuration for local testing by running
+# ./hack/clean_local_webhook.sh before deplying with OLM again.
+SKIP_CERT ?=false
+.PHONY: run-with-webhook
+run-with-webhook: export METRICS_PORT?=8080
+run-with-webhook: export HEALTH_PORT?=8081
+run-with-webhook: manifests generate fmt vet ## Run a controller from your host.
+	/bin/bash hack/configure_local_webhook.sh
+	OPERATOR_TEMPLATES=./templates go run ./main.go -metrics-bind-address ":$(METRICS_PORT)" -health-probe-bind-address ":$(HEALTH_PORT)"

hack/clean_local_webhook.sh

@@ -0,0 +1,6 @@
+#!/bin/bash
+set -ex
+
+oc delete validatingwebhookconfiguration/vopenstackbaremetalset.kb.io --ignore-not-found
+oc delete validatingwebhookconfiguration/vopenstackprovisionserver.kb.io --ignore-not-found
+oc delete mutatingwebhookconfiguration/mopenstackprovisionserver.kb.io --ignore-not-found

hack/configure_local_webhook.sh

@@ -0,0 +1,126 @@
+#!/bin/bash
+set -ex
+
+TMPDIR=${TMPDIR:-"/tmp/k8s-webhook-server/serving-certs"}
+SKIP_CERT=${SKIP_CERT:-false}
+CRC_IP=${CRC_IP:-$(/sbin/ip -o -4 addr list crc | awk '{print $4}' | cut -d/ -f1)}
+FIREWALL_ZONE=${FIREWALL_ZONE:-"libvirt"}
+
+#Open 9443
+sudo firewall-cmd --zone=${FIREWALL_ZONE} --add-port=9443/tcp
+sudo firewall-cmd --runtime-to-permanent
+
+# Generate the certs and the ca bundle
+if [ "$SKIP_CERT" = false ] ; then
+    mkdir -p ${TMPDIR}
+    rm -rf ${TMPDIR}/* || true
+
+    openssl req -newkey rsa:2048 -days 3650 -nodes -x509 \
+    -subj "/CN=${HOSTNAME}" \
+    -addext "subjectAltName = IP:${CRC_IP}" \
+    -keyout ${TMPDIR}/tls.key \
+    -out ${TMPDIR}/tls.crt
+
+    cat ${TMPDIR}/tls.crt ${TMPDIR}/tls.key | base64 -w 0 > ${TMPDIR}/bundle.pem
+
+fi
+
+CA_BUNDLE=`cat ${TMPDIR}/bundle.pem`
+
+# Patch the webhook(s)
+cat >> ${TMPDIR}/patch_webhook_configurations.yaml <<EOF_CAT
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: vopenstackprovisionserver.kb.io
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    caBundle: ${CA_BUNDLE}
+    url: https://${CRC_IP}:9443/validate-baremetal-openstack-org-v1beta1-openstackprovisionserver
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: vopenstackprovisionserver.kb.io
+  objectSelector: {}
+  rules:
+  - apiGroups:
+    - baremetal.openstack.org
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackprovisionservers
+    scope: '*'
+  sideEffects: None
+  timeoutSeconds: 10
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mopenstackprovisionserver.kb.io
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    caBundle: ${CA_BUNDLE}
+    url: https://${CRC_IP}:9443/mutate-baremetal-openstack-org-v1beta1-openstackprovisionserver
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: mopenstackprovisionserver.kb.io
+  objectSelector: {}
+  rules:
+  - apiGroups:
+    - baremetal.openstack.org
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackprovisionservers
+    scope: '*'
+  sideEffects: None
+  timeoutSeconds: 10
+---
+apiVersion: admissionregistration.k8s.io/v1
+kind: ValidatingWebhookConfiguration
+metadata:
+  name: vopenstackbaremetalset.kb.io
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    caBundle: ${CA_BUNDLE}
+    url: https://${CRC_IP}:9443/validate-baremetal-openstack-org-v1beta1-openstackbaremetalset
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: vopenstackbaremetalset.kb.io
+  objectSelector: {}
+  rules:
+  - apiGroups:
+    - baremetal.openstack.org
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    - DELETE
+    resources:
+    - openstackbaremetalsets
+    scope: '*'
+  sideEffects: None
+  timeoutSeconds: 10
+EOF_CAT
+
+oc apply -n openstack -f ${TMPDIR}/patch_webhook_configurations.yaml
+
+# Scale-down operator deployment replicas to zero and remove OLM webhooks
+CSV_NAME="$(oc get csv -n openstack-operators -l operators.coreos.com/openstack-baremetal-operator.openstack-operators -o name)"
+
+if [ -n "${CSV_NAME}" ]; then
+    oc patch "${CSV_NAME}" -n openstack-operators --type=json -p="[{'op': 'replace', 'path': '/spec/install/spec/deployments/0/spec/replicas', 'value': 0}]"
+    oc patch "${CSV_NAME}" -n openstack-operators --type=json -p="[{'op': 'replace', 'path': '/spec/webhookdefinitions', 'value': []}]"
+fi