Optimize webhook.Server start procedure when tls.Config.GetCertificate is configured via Server.TLSOpts

[itomsawyer]

It's related to the issue #1936 .
If Server.TLSOpts is set to change the tls.Config.GetCertificate , webhook.Server.CertDir seems to be redundant.

For now , no matter if we config webhook.Server.CertDir or not , webhook.Server.Start will always try to create a certwatcher which load tls certificates from disk files. It's convenient for most users to setup a WebhookServer with certificates are able to be auto rotated. But for some user explicitly override the configuration of tls.Config.GetCertificate , it can be confused.

It's not uncommon for users that set tls.Config.GetCertificate is intend to replace the certwatcher with other implements of managing certificates rotation. (For example , Integration with spire) . The problem is that the certwatcher cannot be replaced in the first start of webhook.Server

controller-runtime/pkg/webhook/server.go

Line 161 in 1c83ff6

certWatcher, err := certwatcher.New(certPath, keyPath)

That is to say, user with tls.Config.GetCertificate given will still prepare a paire of tls certificate files to make the webhook.Server start successfully.

I'm prefer to make a pr to change the start procedure of webhook.Server to make certwatcher a must only when the user is not use his/her custom implement.

Thx , any suggestions is welcomed.

[itomsawyer]

@vincepri Good job.