Update comments with my current understanding of how OLM configures t…

…he webhook Signed-off-by: Richard Wall <richard.wall@venafi.com>
cert-manager · Feb 7, 2024 · 2b98c7e · 2b98c7e
1 parent 0ef430c
commit 2b98c7e
Showing 1 changed file with 6 additions and 6 deletions.
diff --git a/hack/fixup-csv b/hack/fixup-csv
@@ -132,12 +132,12 @@ def main():
         webhook["generateName"] = prefixes[webhook["type"]] + "." + "webhooks.cert-manager.io"
 
     # Remove all default the --dynamic-serving- flags of the webhook deployment,
-    # because that isn't used in the OLM package.
-    # Instead OLM creates the key and cert which is mounted into the webhook Pod.
-    # Workaround for OLM configuring all the webhook DNS names with a `-service` suffix.
-    # See:
-    # https://github.com/operator-framework/operator-lifecycle-manager/blob/15790a8a2f07fe65a3dbf5a45a54d35e20f2cce9/pkg/controller/install/webhook.go#L254
-    # https://github.com/operator-framework/api/blob/b51286920978aa99422358a3db74392437eaadf0/pkg/operators/v1alpha1/clusterserviceversion_types.go#L207
+    # because the dynamic serving certificate feature is not used in the OLM package.
+    #
+    # Instead OLM creates the key and cert which is mounted into the webhook Pod,
+    # and it creates an additional Service with a `cert-manager-webhook-service` suffix,
+    # which is referenced in the validating and mutating webhook
+    # configurations, which OLM also creates.
     for deployment in doc["spec"]["install"]["spec"]["deployments"]:
         # [0]["spec"]["template"]["spec"]["containers"][0]["image"]
         if deployment["name"] != "cert-manager-webhook":