feat: Allow to change port for Webhooks and add hostnetwork

Signed-off-by: Mathieu Cantin <103442330+mcantinqc@users.noreply.github.com>

keda/Chart.yaml

@@ -8,7 +8,7 @@ kubeVersion: ">=v1.24.0-0"
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 2.10.2
+version: 2.10.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.

keda/templates/webhooks/deployment.yaml

@@ -26,7 +26,7 @@ spec:
         app: {{ .Values.webhooks.name }}
         name: {{ .Values.webhooks.name }}
         app.kubernetes.io/name: {{ .Values.webhooks.name }}
-        {{- include "keda.labels" . | indent 8 }}       
+        {{- include "keda.labels" . | indent 8 }}
         {{- if .Values.podLabels.webhooks }}
         {{- toYaml .Values.podLabels.webhooks | nindent 8 }}
         {{- end }}
@@ -69,6 +69,8 @@ spec:
           - "--zap-encoder={{ .Values.logging.webhooks.format }}"
           - "--zap-time-encoding={{ .Values.logging.webhooks.timeEncoding }}"
           - "--cert-dir={{ .Values.certificates.mountPath }}"
+          - "--health-probe-bind-address=:{{ .Values.webhooks.healthProbePort }}"
+          - "--port={{ .Values.webhooks.port }}"
           {{- if .Values.prometheus.webhooks.enabled }}
           - --metrics-bind-address=:{{ .Values.prometheus.webhooks.port }}
           {{- end }}
@@ -79,15 +81,15 @@ spec:
           livenessProbe:
             httpGet:
               path: /healthz
-              port: 8081
+              port: {{ .Values.webhooks.healthProbePort }}
             initialDelaySeconds: 25
           readinessProbe:
             httpGet:
               path: /readyz
-              port: 8081
+              port: {{ .Values.webhooks.healthProbePort }}
             initialDelaySeconds: 20
           ports:
-          - containerPort: 9443
+          - containerPort: {{ .Values.webhooks.port }}
             name: http
             protocol: TCP
           {{- if .Values.prometheus.webhooks.enabled }}
@@ -130,6 +132,7 @@ spec:
       {{- if .Values.volumes.webhooks.extraVolumes }}
       {{- toYaml .Values.volumes.webhooks.extraVolumes | nindent 8 }}
       {{- end }}
+      hostNetwork: {{ .Values.metricsServer.useHostNetwork }}
       nodeSelector:
         kubernetes.io/os: linux
       {{- with .Values.nodeSelector }}

keda/templates/webhooks/validatingconfiguration.yaml

@@ -26,6 +26,7 @@ webhooks:
       name: {{ .Values.webhooks.name }}
       namespace: {{ .Release.Namespace }}
       path: /validate-keda-sh-v1alpha1-scaledobject
+      port: {{ .Values.webhooks.port }}
   failurePolicy: {{ .Values.webhooks.failurePolicy }}
   matchPolicy: Equivalent
   name: vscaledobject.kb.io

keda/values.yaml

@@ -80,6 +80,12 @@ metricsServer:
 webhooks:
   # -- Enable admission webhooks (this feature option will be removed in v2.12)
   enabled: true
+  # -- Port number to use for KEDA admission webhooks
+  port: 9443
+  # -- Port number to use for KEDA admission webhooks health probe
+  healthProbePort: 8081
+  # -- Enable webhook to use host network, this is required on EKS with custom CNI
+  useHostNetwork: false
   # -- Name of the KEDA admission webhooks
   name: keda-admission-webhooks
   # -- Capability to configure the number of replicas for KEDA admission webhooks
@@ -224,8 +230,8 @@ podIdentity:
     # This will be set as a annotation on the KEDA service account.
     enabled: false
     # -- GCP IAM Service Account Email which you would like to use for workload identity.
-    gcpIAMServiceAccount: ""      
-  
+    gcpIAMServiceAccount: ""
+
 # -- Set this if you are using an external scaler and want to communicate
 # over TLS (recommended). This variable holds the name of the secret that
 # will be mounted to the /grpccerts path on the Pod