Merge branch 'vmWebhookUpdate' of github.com:rajivnathan/member-opera…

…tor into vmWebhookUpdate
codeready-toolchain · Nov 25, 2024 · 5de5ce5 · 5de5ce5
2 parents b6814f8 + 5bf6481
commit 5de5ce5
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/cmd/webhook/main.go b/cmd/webhook/main.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"crypto/tls"
 	"flag"
+	"fmt"
 	"net/http"
 	"os"
 	"os/signal"
@@ -124,14 +125,22 @@ func main() {
 		TLSConfig: &tls.Config{
 			MinVersion: tls.VersionTLS12,
 			NextProtos: []string{"http/1.1"}, // disable HTTP/2 for now
+
+			GetCertificate: func(_ *tls.ClientHelloInfo) (*tls.Certificate, error) {
+				cert, err := tls.LoadX509KeyPair("/etc/webhook/certs/"+cert.ServerCert, "/etc/webhook/certs/"+cert.ServerKey)
+				if err != nil {
+					return nil, fmt.Errorf("could not load TLS certs: %w", err)
+				}
+				return &cert, err
+			},
 		},
 	}
 
 	setupLog.Info("Webhook server configured.")
 
 	go func() {
 		setupLog.Info("Listening...")
-		if err := webhookServer.ListenAndServeTLS("/etc/webhook/certs/"+cert.ServerCert, "/etc/webhook/certs/"+cert.ServerKey); err != nil {
+		if err := webhookServer.ListenAndServeTLS("", ""); err != nil {
 			setupLog.Error(err, "Listening and serving TLS failed")
 			os.Exit(1)
 		}