Unconditionally sync CA cert for Controller webhooks

Webhooks are used by other features besided AntreaPolicy. At the moment, if someone tries to disable AnteraPolicy and enable Egress for example, the webhooks would not be using the correct CA cert and the Egress API would not be usable. Given that we unconditionally create these webhooks in the Antrea deployment manifest, it makes sense to unconditionally sync the CA cert for them. Signed-off-by: Antonin Bas <abas@vmware.com>
antrea-io · Mar 8, 2022 · 033458e · 033458e
1 parent 431291f
commit 033458e
Showing 1 changed file with 9 additions and 10 deletions.
diff --git a/pkg/apiserver/certificate/cacert_controller.go b/pkg/apiserver/certificate/cacert_controller.go
@@ -118,17 +118,16 @@ func (c *CACertController) syncCACert() error {
 		return err
 	}
 
-	if features.DefaultFeatureGate.Enabled(features.AntreaPolicy) {
-		if err := c.syncMutatingWebhooks(caCert); err != nil {
-			return err
-		}
-		if err := c.syncValidatingWebhooks(caCert); err != nil {
-			return err
-		}
-		if err := c.syncConversionWebhooks(caCert); err != nil {
-			return err
-		}
+	if err := c.syncMutatingWebhooks(caCert); err != nil {
+		return err
+	}
+	if err := c.syncValidatingWebhooks(caCert); err != nil {
+		return err
 	}
+	if err := c.syncConversionWebhooks(caCert); err != nil {
+		return err
+	}
+
 	return nil
 }