Skip to content

Commit

Permalink
Merge pull request #702 from mengqiy/webhook
Browse files Browse the repository at this point in the history
✨ fix webhook related scaffolding
  • Loading branch information
k8s-ci-robot authored May 15, 2019
2 parents d8ad6ed + ee11b10 commit 0e13ffa
Show file tree
Hide file tree
Showing 28 changed files with 150 additions and 100 deletions.
6 changes: 3 additions & 3 deletions cmd/main.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,11 @@ limitations under the License.
package main

import (
"encoding/json"
"fmt"
"log"
"os"
"os/exec"
"log"
"encoding/json"

"github.com/spf13/cobra"
"golang.org/x/tools/go/packages"
Expand Down Expand Up @@ -77,7 +77,7 @@ func findCurrentRepo() (string, error) {

// next, check if we've got a package in the current directory
pkgCfg := &packages.Config{
Mode: packages.NeedName, // name gives us path as well
Mode: packages.NeedName, // name gives us path as well
}
pkgs, err := packages.Load(pkgCfg, ".")
if err == nil && len(pkgs) > 0 {
Expand Down
3 changes: 2 additions & 1 deletion cmd/webhook.go
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,11 @@ func newWebhookCmd() *cobra.Command {
Short: "Scaffold a webhook server",
Long: `Scaffold a webhook server if there is no existing server.
Scaffolds webhook handlers based on group, version, kind and other user inputs.
This command is only available for v1 scaffolding project.
`,
Example: ` # Create webhook for CRD of group crew, version v1 and kind FirstMate.
# Set type to be mutating and operations to be create and update.
kubebuilder webhook --group crew --version v1 --kind FirstMate --type=mutating --operations=create,update
kubebuilder alpha webhook --group crew --version v1 --kind FirstMate --type=mutating --operations=create,update
`,
Run: func(cmd *cobra.Command, args []string) {
dieIfNoProject()
Expand Down
3 changes: 0 additions & 3 deletions generated_golden.sh
Original file line number Diff line number Diff line change
Expand Up @@ -64,13 +64,10 @@ scaffold_test_project() {
$kb init --project-version $version --domain testproject.org --license apache2 --owner "The Kubernetes authors"
$kb create api --group crew --version v1 --kind Captain --controller=true --resource=true --make=false
$kb create api --group crew --version v1 --kind FirstMate --controller=true --resource=true --make=false
$kb alpha webhook --group crew --version v1 --kind FirstMate --type=mutating --operations=create,update --make=false
$kb alpha webhook --group crew --version v1 --kind FirstMate --type=mutating --operations=delete --make=false
# TODO(droot): Adding a second group is a valid test case and kubebuilder is expected to report an error in this case. It
# doesn't do that currently so leaving it commented so that we can enable it later.
# $kb create api --group ship --version v1beta1 --kind Frigate --example=false --controller=true --resource=true --make=false
$kb create api --group core --version v1 --kind Namespace --example=false --controller=true --resource=false --namespaced=false --make=false
$kb alpha webhook --group core --version v1 --kind Namespace --type=mutating --operations=update --make=false
# $kb create api --group policy --version v1beta1 --kind HealthCheckPolicy --example=false --controller=true --resource=true --namespaced=false --make=false
fi
make all test # v2 doesn't test by default
Expand Down
12 changes: 6 additions & 6 deletions pkg/scaffold/project.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,21 +17,21 @@ limitations under the License.
package scaffold

import (
"bufio"
"fmt"
"os"
"os/exec"
"fmt"
"strings"
"bufio"

"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
"sigs.k8s.io/kubebuilder/pkg/scaffold/project"
"sigs.k8s.io/kubebuilder/pkg/scaffold/v1/manager"

"sigs.k8s.io/kubebuilder/cmd/util"
scaffoldv2 "sigs.k8s.io/kubebuilder/pkg/scaffold/v2"
"sigs.k8s.io/kubebuilder/pkg/scaffold/v2/certmanager"
managerv2 "sigs.k8s.io/kubebuilder/pkg/scaffold/v2/manager"
"sigs.k8s.io/kubebuilder/pkg/scaffold/v2/webhook"
"sigs.k8s.io/kubebuilder/cmd/util"
)

type ProjectScaffolder interface {
Expand All @@ -41,10 +41,10 @@ type ProjectScaffolder interface {
}

type V1Project struct {
Project project.Project
Project project.Project
Boilerplate project.Boilerplate

DepArgs []string
DepArgs []string
DefinitelyEnsure *bool
}

Expand Down Expand Up @@ -129,7 +129,7 @@ func (p *V1Project) Scaffold() error {
}

type V2Project struct {
Project project.Project
Project project.Project
Boilerplate project.Boilerplate
}

Expand Down
9 changes: 9 additions & 0 deletions pkg/scaffold/v2/certmanager/kustomize.go
Original file line number Diff line number Diff line change
Expand Up @@ -39,13 +39,22 @@ func (p *Kustomization) GetInput() (input.Input, error) {
var kustomizationTemplate = `resources:
- certificate.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
- name: CERTIFICATENAME
objref:
kind: Certificate
group: certmanager.k8s.io
version: v1alpha1
name: serving-cert # this name should match the one in certificate.yaml
- name: CERTIFICATENAMESPACE
objref:
kind: Certificate
group: certmanager.k8s.io
version: v1alpha1
name: serving-cert # this name should match the one in certificate.yaml
fieldref:
fieldpath: metadata.namespace
configurations:
- kustomizeconfig.yaml
Expand Down
2 changes: 1 addition & 1 deletion pkg/scaffold/v2/crd/enablewebhook_patch.go
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ spec:
webhookClientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: XG4=
caBundle: Cg==
service:
namespace: $(NAMESPACE)
name: webhook-service
Expand Down
2 changes: 1 addition & 1 deletion pkg/scaffold/v2/dockerfile.go
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager
# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
FROM gcr.io/distroless/base
FROM gcr.io/distroless/static:latest
WORKDIR /
COPY --from=builder /workspace/manager .
ENTRYPOINT ["/manager"]
Expand Down
16 changes: 9 additions & 7 deletions pkg/scaffold/v2/kustomize.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,9 +69,10 @@ bases:
- ../crd
- ../rbac
- ../manager
# - ../webhook
# Comment the next line if you want to disable cert-manager
# - ../certmanager
# [WEBHOOK] Uncomment all the sections with [WEBHOOK] prefix to enable webhook.
#- ../webhook
# [CERTMANAGER] Uncomment next line to enable cert-manager
#- ../certmanager
patches:
- manager_image_patch.yaml
Expand All @@ -86,9 +87,10 @@ patches:
# manager_prometheus_metrics_patch.yaml should be enabled.
#- manager_prometheus_metrics_patch.yaml
# Uncomment the following patch to enable the CA injection in the admission webhooks.
#- webhookcainjection_patch.yaml
# Uncomment the following patch to enable the webhook for the manager.
# [WEBHOOK] Uncomment all the sections with [WEBHOOK] prefix to enable webhook.
#- manager_webhook_patch.yaml
# [CAINJECTION] Uncomment next line to enable the CA injection in the admission webhooks. [CERTMANAGER] needs to be
# enabled to use ca injection
#- webhookcainjection_patch.yaml
`
4 changes: 0 additions & 4 deletions pkg/scaffold/v2/manager/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -98,9 +98,5 @@ spec:
requests:
cpu: 100m
memory: 20Mi
ports:
- containerPort: 9876
name: webhook-server
protocol: TCP
terminationGracePeriodSeconds: 10
`
15 changes: 0 additions & 15 deletions pkg/scaffold/v2/manager/kustomization.go
Original file line number Diff line number Diff line change
Expand Up @@ -41,19 +41,4 @@ func (c *Kustomization) GetInput() (input.Input, error) {

var kustomizeManagerTemplate = `resources:
- manager.yaml
# the following config is for teaching kustomize how to do var substitution
# vars:
# - name: NAMESPACE
# objref:
# kind: Service
# version: v1
# name: webhook-service
# fieldref:
# fieldpath: metadata.namespace
# - name: SERVICENAME
# objref:
# kind: Service
# version: v1
# name: webhook-service
`
4 changes: 2 additions & 2 deletions pkg/scaffold/v2/webhook/enablecainection_patch.go
Original file line number Diff line number Diff line change
Expand Up @@ -46,12 +46,12 @@ kind: MutatingWebhookConfiguration
metadata:
name: mutating-webhook-configuration
annotations:
certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME)
certmanager.k8s.io/inject-ca-from: $(CERTIFICATENAMESPACE)/$(CERTIFICATENAME)
---
apiVersion: admissionregistration.k8s.io/v1beta1
kind: ValidatingWebhookConfiguration
metadata:
name: validating-webhook-configuration
annotations:
certmanager.k8s.io/inject-ca-from: $(NAMESPACE)/$(CERTIFICATENAME)
certmanager.k8s.io/inject-ca-from: $(CERTIFICATENAMESPACE)/$(CERTIFICATENAME)
`
18 changes: 17 additions & 1 deletion pkg/scaffold/v2/webhook/kustomization.go
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,24 @@ func (c *Kustomization) GetInput() (input.Input, error) {
}

var KustomizeWebhookTemplate = `resources:
- webhookmanifests.yaml # disabled till v2 has webhook support
- webhookmanifests.yaml
- service.yaml
configurations:
- kustomizeconfig.yaml
# the following config is for teaching kustomize how to do var substitution
vars:
- name: NAMESPACE
objref:
kind: Service
version: v1
name: webhook-service
fieldref:
fieldpath: metadata.namespace
- name: SERVICENAME
objref:
kind: Service
version: v1
name: webhook-service
`
52 changes: 52 additions & 0 deletions pkg/scaffold/v2/webhook/service.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
/*
Copyright 2019 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package webhook

import (
"path/filepath"

"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
)

var _ input.File = &Service{}

// Service scaffolds the Service file in manager folder.
type Service struct {
input.Input
}

// GetInput implements input.File
func (c *Service) GetInput() (input.Input, error) {
if c.Path == "" {
c.Path = filepath.Join("config", "webhook", "service.yaml")
}
c.TemplateBody = ServiceTemplate
c.Input.IfExistsAction = input.Error
return c.Input, nil
}

var ServiceTemplate = `
apiVersion: v1
kind: Service
metadata:
name: webhook-service
namespace: system
spec:
ports:
- port: 443
targetPort: 443
`
15 changes: 3 additions & 12 deletions pkg/scaffold/v2/webhook_manager_patch.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ package v2

import (
"path/filepath"

"sigs.k8s.io/kubebuilder/pkg/scaffold/input"
)

Expand Down Expand Up @@ -50,22 +51,12 @@ spec:
name: webhook-server
protocol: TCP
volumeMounts:
- mountPath: /tmp/cert
- mountPath: /tmp/k8s-webhook-server/serving-certs
name: cert
readOnly: true
volumes:
- name: cert
secret:
defaultMode: 420
secretName: webhook-server-secret
---
apiVersion: v1
kind: Service
metadata:
name: webhook-service
namespace: system
spec:
ports:
- port: 443
targetPort: 443
secretName: webhook-server-cert
`
2 changes: 1 addition & 1 deletion testdata/project-v2/Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o manager

# Use distroless as minimal base image to package the manager binary
# Refer to https://github.com/GoogleContainerTools/distroless for more details
FROM gcr.io/distroless/base
FROM gcr.io/distroless/static:latest
WORKDIR /
COPY --from=builder /workspace/manager .
ENTRYPOINT ["/manager"]
9 changes: 9 additions & 0 deletions testdata/project-v2/config/certmanager/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -1,13 +1,22 @@
resources:
- certificate.yaml

# the following config is for teaching kustomize how to do var substitution
vars:
- name: CERTIFICATENAME
objref:
kind: Certificate
group: certmanager.k8s.io
version: v1alpha1
name: serving-cert # this name should match the one in certificate.yaml
- name: CERTIFICATENAMESPACE
objref:
kind: Certificate
group: certmanager.k8s.io
version: v1alpha1
name: serving-cert # this name should match the one in certificate.yaml
fieldref:
fieldpath: metadata.namespace

configurations:
- kustomizeconfig.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
Expand Down
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ spec:
webhookClientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: XG4=
caBundle: Cg==
service:
namespace: $(NAMESPACE)
name: webhook-service
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ spec:
webhookClientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: XG4=
caBundle: Cg==
service:
namespace: $(NAMESPACE)
name: webhook-service
Expand Down
Loading

0 comments on commit 0e13ffa

Please sign in to comment.