feat: Allow to change port for Webhooks and add hostnetwork (#470)

Signed-off-by: Mathieu Cantin <103442330+mcantinqc@users.noreply.github.com>

keda/templates/webhooks/deployment.yaml

@@ -26,7 +26,7 @@ spec:
         app: {{ .Values.webhooks.name }}
         name: {{ .Values.webhooks.name }}
         app.kubernetes.io/name: {{ .Values.webhooks.name }}
-        {{- include "keda.labels" . | indent 8 }}       
+        {{- include "keda.labels" . | indent 8 }}
         {{- if .Values.podLabels.webhooks }}
         {{- toYaml .Values.podLabels.webhooks | nindent 8 }}
         {{- end }}
@@ -69,6 +69,10 @@ spec:
           - "--zap-encoder={{ .Values.logging.webhooks.format }}"
           - "--zap-time-encoding={{ .Values.logging.webhooks.timeEncoding }}"
           - "--cert-dir={{ .Values.certificates.mountPath }}"
+          - "--health-probe-bind-address=:{{ .Values.webhooks.healthProbePort }}"
+          {{- if .Values.webhooks.port }}
+          - "--port={{ .Values.webhooks.port }}"
+          {{- end }}
           {{- if .Values.prometheus.webhooks.enabled }}
           - --metrics-bind-address=:{{ .Values.prometheus.webhooks.port }}
           {{- end }}
@@ -79,15 +83,15 @@ spec:
           livenessProbe:
             httpGet:
               path: /healthz
-              port: 8081
+              port: {{ .Values.webhooks.healthProbePort }}
             initialDelaySeconds: 25
           readinessProbe:
             httpGet:
               path: /readyz
-              port: 8081
+              port: {{ .Values.webhooks.healthProbePort }}
             initialDelaySeconds: 20
           ports:
-          - containerPort: 9443
+          - containerPort: {{ .Values.webhooks.port | default 9443 }}
             name: http
             protocol: TCP
           {{- if .Values.prometheus.webhooks.enabled }}
@@ -130,6 +134,7 @@ spec:
       {{- if .Values.volumes.webhooks.extraVolumes }}
       {{- toYaml .Values.volumes.webhooks.extraVolumes | nindent 8 }}
       {{- end }}
+      hostNetwork: {{ .Values.metricsServer.useHostNetwork }}
       nodeSelector:
         kubernetes.io/os: linux
       {{- with .Values.nodeSelector }}

keda/templates/webhooks/service.yaml

@@ -18,7 +18,7 @@ spec:
   - name: http
     port: 443
     protocol: TCP
-    targetPort: 9443
+    targetPort: {{ .Values.webhooks.port | default 9443 }}
   {{- if .Values.prometheus.webhooks.enabled }}
   - name: {{ .Values.prometheus.webhooks.serviceMonitor.port }}
     port: {{ .Values.prometheus.webhooks.port }}

keda/values.yaml

@@ -80,6 +80,12 @@ metricsServer:
 webhooks:
   # -- Enable admission webhooks (this feature option will be removed in v2.12)
   enabled: true
+  # -- Port number to use for KEDA admission webhooks. Default is 9443.
+  port: ""
+  # -- Port number to use for KEDA admission webhooks health probe
+  healthProbePort: 8081
+  # -- Enable webhook to use host network, this is required on EKS with custom CNI
+  useHostNetwork: false
   # -- Name of the KEDA admission webhooks
   name: keda-admission-webhooks
   # -- Capability to configure the number of replicas for KEDA admission webhooks
@@ -224,8 +230,8 @@ podIdentity:
     # This will be set as a annotation on the KEDA service account.
     enabled: false
     # -- GCP IAM Service Account Email which you would like to use for workload identity.
-    gcpIAMServiceAccount: ""      
-  
+    gcpIAMServiceAccount: ""
+
 # -- Set this if you are using an external scaler and want to communicate
 # over TLS (recommended). This variable holds the name of the secret that
 # will be mounted to the /grpccerts path on the Pod