fix: add webhook readiness check to hub-agent

[ytimocin]

Description of your changes

This pull request introduces a readiness check for the webhook component in the hub agent, ensuring that the pod is not marked as ready until the webhook configurations have been successfully created in the API server. This improves the reliability of the deployment by preventing premature readiness signaling. Additional unit tests are added to verify the new readiness logic, and the e2e setup script is updated to wait for the deployment to become ready.

Webhook readiness improvements:

• Modified SetupWebhook in cmd/hubagent/main.go to return the webhook Config object and register a readiness check using its ReadinessChecker method, ensuring the pod only becomes ready after webhook configuration is complete. [1] [2]
• Added an atomic ready flag to the Config struct in pkg/webhook/webhook.go, set to true after successful webhook configuration, and implemented the ReadinessChecker method to expose this as a health check. [1] [2]

Testing enhancements:

• Added unit tests in pkg/webhook/webhook_test.go to verify the readiness checker logic, including concurrent access scenarios.

Deployment reliability:

• Updated test/e2e/setup.sh to explicitly wait for the hub-agent deployment (including the webhook) to become ready before proceeding.

Test code refactoring:

• Changed test case maps in pkg/webhook/webhook_test.go to use pointers, improving test code consistency. [1] [2] [3]

Fixes #404

I have:

• Run make reviewable to ensure this PR is ready for review.

How has this code been tested

By running e2e tests with and w/o the changes.

Special notes for your reviewer

N/A

[codecov]

Codecov Report

❌ Patch coverage is 71.42857% with 2 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
pkg/webhook/webhook.go	71.42%	2 Missing ⚠️

📢 Thoughts on this report? Let us know!

[weng271190436]

you can do this with the helm install options --wait and --timeout so that you don't need a separate command?

[weng271190436]

I think this does not solve the issue: #404

You are observing

Internal error occurred: failed calling webhook "fleet.membercluster.validating":
failed to call webhook: Post "[https://fleetwebhook.fleet-system.svc:9443/validate-cluster.kubernetes-fleet.io-v1beta1-membercluster?timeout=5s](vscode-file://vscode-app/Applications/Visual%20Studio%20Code.app/Contents/Resources/app/out/vs/code/electron-browser/workbench/workbench.html)":
dial tcp 10.96.27.105:9443: connect: connection refused

this means that the webhook was registered and k8s api server knows about it. Otherwise the api server won't know that there is a webhook "fleet.membercluster.validating" to call

I searched a bit and it seems that the webhook server's started checker (which is a built-in health checker) is one way to do it

https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/webhook#DefaultServer.StartedChecker

wh := mgr.GetWebhookServer()
wh.StartedChecker()