Update SGX and FPGA webhook flags

SGX Admission webhook was quickly forked from FPGA's
implementation. After a bit of thinking, it turns out
leader election and metrics are not necessary for a
(idempotent) webhook-only functionality.

For FPGA Admission webhook, the metrics isn't correctly
set up so it's better to disable the functionality. Leader
election is kept but the flag name is renamed to align with
"kubebuilder v3 functionality" similar to how we changed it
to the operator as well.

Signed-off-by: Mikko Ylinen <mikko.ylinen@intel.com>

cmd/fpga_admissionwebhook/main.go

@@ -43,12 +43,10 @@ func init() {
 
 func main() {
 	var (
-		metricsAddr          string
 		enableLeaderElection bool
 	)
 
-	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
-	flag.BoolVar(&enableLeaderElection, "enable-leader-election", false,
+	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
 	flag.Parse()
@@ -62,7 +60,7 @@ func main() {
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:             scheme,
-		MetricsBindAddress: metricsAddr,
+		MetricsBindAddress: "0",
 		Logger:             ctrl.Log.WithName("FpgaAdmissionWebhook"),
 		WebhookServer:      webHook,
 		LeaderElection:     enableLeaderElection,

cmd/operator/README.md

@@ -164,7 +164,7 @@ No upgrade is done for:
 ## Known issues
 
 When the operator is run with leader election enabled, that is with the option
-`--enable-leader-election`, make sure the cluster is not overloaded with excessive
+`--leader-elect`, make sure the cluster is not overloaded with excessive
 number of pods. Otherwise a heart beat used by the leader election code may trigger
 a timeout and crash. We are going to use different clients for the controller and
 leader election code to alleviate the issue. See more details in

cmd/sgx_admissionwebhook/main.go

@@ -15,7 +15,6 @@
 package main
 
 import (
-	"flag"
 	"os"
 
 	sgxwebhook "github.com/intel/intel-device-plugins-for-kubernetes/pkg/webhooks/sgx"
@@ -36,17 +35,6 @@ func init() {
 }
 
 func main() {
-	var (
-		metricsAddr          string
-		enableLeaderElection bool
-	)
-
-	flag.StringVar(&metricsAddr, "metrics-addr", ":8080", "The address the metric endpoint binds to.")
-	flag.BoolVar(&enableLeaderElection, "enable-leader-election", false,
-		"Enable leader election for controller manager. "+
-			"Enabling this will ensure there is only one active controller manager.")
-	flag.Parse()
-
 	ctrl.SetLogger(klogr.New())
 
 	webHook := &webhook.Server{
@@ -56,11 +44,9 @@ func main() {
 
 	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{
 		Scheme:             scheme,
-		MetricsBindAddress: metricsAddr,
+		MetricsBindAddress: "0",
 		Logger:             ctrl.Log.WithName("SgxAdmissionWebhook"),
 		WebhookServer:      webHook,
-		LeaderElection:     enableLeaderElection,
-		LeaderElectionID:   "a9b71ad3.intel.com",
 	})
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")

deployments/fpga_admissionwebhook/rbac/kustomization.yaml

@@ -1,3 +1,5 @@
 resources:
 - role.yaml
 - role_binding.yaml
+- leader_election_role.yaml
+- leader_election_role_binding.yaml

deployments/fpga_admissionwebhook/rbac/leader_election_role.yaml

@@ -0,0 +1,32 @@
+# permissions to do leader election.
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: leader-election-role
+rules:
+- apiGroups:
+  - ""
+  resources:
+  - configmaps
+  verbs:
+  - get
+  - list
+  - watch
+  - create
+  - update
+  - patch
+  - delete
+- apiGroups:
+  - ""
+  resources:
+  - configmaps/status
+  verbs:
+  - get
+  - update
+  - patch
+- apiGroups:
+  - ""
+  resources:
+  - events
+  verbs:
+  - create

deployments/fpga_admissionwebhook/rbac/leader_election_role_binding.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: leader-election-rolebinding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: leader-election-role
+subjects:
+- kind: ServiceAccount
+  name: default
+  namespace: system