forsaken628 · forsaken628 · Jun 10, 2024 · Jun 10, 2024 · Jun 15, 2024 · Jun 15, 2024
diff --git a/cmd/katib-controller/v1beta1/main.go b/cmd/katib-controller/v1beta1/main.go
@@ -37,7 +37,6 @@ import (
 
 	configv1beta1 "github.com/kubeflow/katib/pkg/apis/config/v1beta1"
 	apis "github.com/kubeflow/katib/pkg/apis/controller"
-	cert "github.com/kubeflow/katib/pkg/certgenerator/v1beta1"
 	"github.com/kubeflow/katib/pkg/controller.v1beta1"
 	"github.com/kubeflow/katib/pkg/controller.v1beta1/consts"
 	"github.com/kubeflow/katib/pkg/util/v1beta1/katibconfig"
@@ -131,20 +130,17 @@ func main() {
 		CertDir: consts.CertDir,
 	})
 
-	ctx := signals.SetupSignalHandler()
-	certsReady := make(chan struct{})
-	defer close(certsReady)
-
-	// The setupControllers will register controllers to the manager
-	// after generated certs for the admission webhooks.
-	go setupControllers(mgr, certsReady, hookServer)
-
-	if initConfig.CertGeneratorConfig.Enable {
-		if err = cert.AddToManager(mgr, initConfig.CertGeneratorConfig, certsReady); err != nil {
-			log.Error(err, "Failed to set up cert-generator")
-		}
-	} else {
-		certsReady <- struct{}{}
+	// Setup all Controllers
+	log.Info("Setting up controller.")
+	if err := controller.AddToManager(mgr); err != nil {
+		log.Error(err, "Unable to register controllers to the manager")
+		os.Exit(1)
+	}
+
+	log.Info("Setting up webhooks.")
+	if err := webhookv1beta1.AddToManager(mgr, hookServer, initConfig.CertGeneratorConfig); err != nil {
+		log.Error(err, "Unable to register webhooks to the manager")
+		os.Exit(1)
 	}
 
 	log.Info("Setting up health checker.")
@@ -159,27 +155,9 @@ func main() {
 
 	// Start the Cmd
 	log.Info("Starting the manager.")
+	ctx := signals.SetupSignalHandler()
 	if err = mgr.Start(ctx); err != nil {
 		log.Error(err, "Unable to run the manager")
 		os.Exit(1)
 	}
 }
-
-func setupControllers(mgr manager.Manager, certsReady chan struct{}, hookServer webhook.Server) {
-	// The certsReady blocks to register controllers until generated certs.
-	<-certsReady
-	log.Info("Certs ready")
-
-	// Setup all Controllers
-	log.Info("Setting up controller.")
-	if err := controller.AddToManager(mgr); err != nil {
-		log.Error(err, "Unable to register controllers to the manager")
-		os.Exit(1)
-	}
-
-	log.Info("Setting up webhooks.")
-	if err := webhookv1beta1.AddToManager(mgr, hookServer); err != nil {
-		log.Error(err, "Unable to register webhooks to the manager")
-		os.Exit(1)
-	}
-}
diff --git a/pkg/certgenerator/v1beta1/generator.go b/pkg/certgenerator/v1beta1/generator.go
@@ -18,6 +18,7 @@ package certgenerator
 
 import (
 	"fmt"
+	"net/http"
 
 	cert "github.com/open-policy-agent/cert-controller/pkg/rotator"
 	"k8s.io/apimachinery/pkg/types"
@@ -35,6 +36,17 @@ const Webhook = "katib.kubeflow.org"
 
 // AddToManager adds the cert-generator to the manager.
 func AddToManager(mgr manager.Manager, cfg configv1beta1.CertGeneratorConfig, certsReady chan struct{}) error {
+	err := mgr.AddReadyzCheck("cert", func(_ *http.Request) error {
+		select {
+		case <-certsReady:
+			return nil
+		default:
+			return fmt.Errorf("cert not ready")
+		}
+	})
+	if err != nil {
+		return err
+	}
 	return cert.AddRotator(mgr, &cert.CertRotator{
 		SecretKey: types.NamespacedName{
 			Namespace: consts.DefaultKatibNamespace,

diff --git a/pkg/webhook/v1beta1/webhook.go b/pkg/webhook/v1beta1/webhook.go
@@ -17,19 +17,31 @@ limitations under the License.
 package webhook
 
 import (
+	"context"
 	"fmt"
 
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
+	configv1beta1 "github.com/kubeflow/katib/pkg/apis/config/v1beta1"
+	cert "github.com/kubeflow/katib/pkg/certgenerator/v1beta1"
 	"github.com/kubeflow/katib/pkg/webhook/v1beta1/experiment"
 	"github.com/kubeflow/katib/pkg/webhook/v1beta1/pod"
 )
 
-func AddToManager(mgr manager.Manager, hookServer webhook.Server) error {
-	if err := mgr.Add(hookServer); err != nil {
-		return fmt.Errorf("Add webhook server to the manager failed: %v", err)
+func AddToManager(mgr manager.Manager, hookServer webhook.Server, certsCfg configv1beta1.CertGeneratorConfig) error {
+	log := mgr.GetLogger()
+
+	certsReady := make(chan struct{})
+	if certsCfg.Enable {
+		err := cert.AddToManager(mgr, certsCfg, certsReady)
+		if err != nil {
+			log.Error(err, "Failed to set up cert-generator")
+			return err
+		}
+	} else {
+		close(certsReady)
 	}
 
 	decoder := admission.NewDecoder(mgr.GetScheme())
@@ -40,5 +52,17 @@ func AddToManager(mgr manager.Manager, hookServer webhook.Server) error {
 	hookServer.Register("/validate-experiment", &webhook.Admission{Handler: experimentValidator})
 	hookServer.Register("/mutate-experiment", &webhook.Admission{Handler: experimentDefaulter})
 	hookServer.Register("/mutate-pod", &webhook.Admission{Handler: sidecarInjector})
+
+	err := mgr.Add(manager.RunnableFunc(func(ctx context.Context) error {
+		select {
+		case <-ctx.Done():
+			return ctx.Err()
+		case <-certsReady:
+			return hookServer.Start(ctx)
+		}
+	}))
+	if err != nil {
+		return fmt.Errorf("add webhook server to the manager failed: %v", err)
+	}
 	return nil
 }
diff --git a/test/e2e/v1beta1/scripts/gh-actions/setup-katib.sh b/test/e2e/v1beta1/scripts/gh-actions/setup-katib.sh
@@ -67,6 +67,8 @@ cd ../../../../../ && WITH_DATABASE_TYPE=$WITH_DATABASE_TYPE make deploy && cd -
 # Wait until all Katib pods is running.
 TIMEOUT=120s
 
+kubectl get pods -n kubeflow
+
 kubectl wait --for=condition=ContainersReady=True --timeout=${TIMEOUT} -l "katib.kubeflow.org/component in ($WITH_DATABASE_TYPE,controller,db-manager,ui)" -n kubeflow pod ||
   (kubectl get pods -n kubeflow && kubectl describe pods -n kubeflow && exit 1)