-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
🐛 stop to generate crd webhooks patches and cainjetions for any CRD/API and projects without webhooks #3647
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
This file was deleted.
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -48,23 +48,15 @@ nameReference: | |
version: v1 | ||
fieldSpecs: | ||
- kind: CustomResourceDefinition | ||
version: {{ .Resource.API.CRDVersion }} | ||
version: v1 | ||
group: apiextensions.k8s.io | ||
{{- if ne .Resource.API.CRDVersion "v1" }} | ||
path: spec/conversion/webhookClientConfig/service/name | ||
{{- else }} | ||
path: spec/conversion/webhook/clientConfig/service/name | ||
{{- end }} | ||
|
||
namespace: | ||
- kind: CustomResourceDefinition | ||
version: {{ .Resource.API.CRDVersion }} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. CRD v1beta1 is now unsupported. It's being removed as the subCommand webhook lacks the necessary implementation to retrieve it. Given that the related code has been unusable since k8s 1.22, there's no rationale to maintain it and modify the subCommand to extract values from resources in the PROJECT config. |
||
version: v1 | ||
group: apiextensions.k8s.io | ||
{{- if ne .Resource.API.CRDVersion "v1" }} | ||
path: spec/conversion/webhookClientConfig/service/namespace | ||
{{- else }} | ||
path: spec/conversion/webhook/clientConfig/service/namespace | ||
{{- end }} | ||
create: false | ||
|
||
varReference: | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -49,30 +49,19 @@ func (f *EnableWebhookPatch) SetTemplateDefaults() error { | |
} | ||
|
||
const enableWebhookPatchTemplate = `# The following patch enables a conversion webhook for the CRD | ||
{{- if ne .Resource.API.CRDVersion "v1" }} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. CRD v1beat1 is no longer supported |
||
# CRD conversion requires k8s 1.13 or later. | ||
{{- end }} | ||
apiVersion: apiextensions.k8s.io/{{ .Resource.API.CRDVersion }} | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
name: {{ .Resource.Plural }}.{{ .Resource.QualifiedGroup }} | ||
spec: | ||
conversion: | ||
strategy: Webhook | ||
{{- if ne .Resource.API.CRDVersion "v1" }} | ||
webhookClientConfig: | ||
service: | ||
namespace: system | ||
name: webhook-service | ||
path: /convert | ||
{{- else }} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. |
||
webhook: | ||
clientConfig: | ||
service: | ||
namespace: system | ||
name: webhook-service | ||
path: /convert | ||
conversionReviewVersions: | ||
- {{ .Resource.API.CRDVersion }} | ||
{{- end }} | ||
- v1 | ||
` |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -19,9 +19,9 @@ package scaffolds | |
import ( | ||
"fmt" | ||
|
||
pluginutil "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util" | ||
|
||
log "github.com/sirupsen/logrus" | ||
pluginutil "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util" | ||
"sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches" | ||
|
||
"sigs.k8s.io/kubebuilder/v3/pkg/config" | ||
"sigs.k8s.io/kubebuilder/v3/pkg/machinery" | ||
|
@@ -71,6 +71,21 @@ func (s *webhookScaffolder) Scaffold() error { | |
return fmt.Errorf("error updating resource: %w", err) | ||
} | ||
|
||
if err := scaffold.Execute( | ||
&kdefault.WebhookCAInjectionPatch{}, | ||
&kdefault.ManagerWebhookPatch{}, | ||
&webhook.Kustomization{Force: s.force}, | ||
&webhook.KustomizeConfig{}, | ||
&webhook.Service{}, | ||
&certmanager.Certificate{}, | ||
&certmanager.Kustomization{}, | ||
&certmanager.KustomizeConfig{}, | ||
&patches.EnableWebhookPatch{}, | ||
&patches.EnableCAInjectionPatch{}, | ||
); err != nil { | ||
return fmt.Errorf("error scaffolding kustomize webhook manifests: %v", err) | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. We are just putting the execution here to occur before we start uncomment the pacthes and etc. We have not the scaffold to uncomment before the execution. However the only chnage here is to add the following generations that should be made ONLY when we scaffold a webhook for the API and not for each API:
|
||
|
||
kustomizeFilePath := "config/default/kustomization.yaml" | ||
err := pluginutil.UncommentCode(kustomizeFilePath, "#- ../webhook", `#`) | ||
if err != nil { | ||
|
@@ -100,17 +115,13 @@ func (s *webhookScaffolder) Scaffold() error { | |
} | ||
} | ||
|
||
if err := scaffold.Execute( | ||
&kdefault.WebhookCAInjectionPatch{}, | ||
&kdefault.ManagerWebhookPatch{}, | ||
&webhook.Kustomization{Force: s.force}, | ||
&webhook.KustomizeConfig{}, | ||
&webhook.Service{}, | ||
&certmanager.Certificate{}, | ||
&certmanager.Kustomization{}, | ||
&certmanager.KustomizeConfig{}, | ||
); err != nil { | ||
return fmt.Errorf("error scaffolding kustomize webhook manifests: %v", err) | ||
err = pluginutil.UncommentCode(crdKustomizationsFilePath, "#configurations:\n#- kustomizeconfig.yaml", `#`) | ||
if err != nil { | ||
hasWebHookUncommented, err := pluginutil.HasFragment(crdKustomizationsFilePath, "- kustomizeconfig.yaml") | ||
if !hasWebHookUncommented || err != nil { | ||
log.Errorf("Unable to find the target(s) #configurations:\n#- kustomizeconfig.yaml to uncomment in the file "+ | ||
"%s.", crdKustomizationsFilePath) | ||
} | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It will uncomment the
When webhooks are scaffold |
||
} | ||
|
||
return nil | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -33,20 +33,63 @@ import ( | |
"sigs.k8s.io/kubebuilder/v3/test/e2e/utils" | ||
) | ||
|
||
// GenerateV4 implements a go/v4(-alpha) plugin project defined by a TestContext. | ||
// GenerateV4 implements a go/v4 plugin project defined by a TestContext. | ||
func GenerateV4(kbc *utils.TestContext) { | ||
var err error | ||
initingTheProject(kbc) | ||
creatingAPI(kbc) | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. In the e2e tests, we've made the following modifications:
|
||
|
||
By("initializing a project") | ||
err = kbc.Init( | ||
"--plugins", "go/v4", | ||
"--project-version", "3", | ||
"--domain", kbc.Domain, | ||
By("scaffolding mutating and validating webhooks") | ||
err := kbc.CreateWebhook( | ||
"--group", kbc.Group, | ||
"--version", kbc.Version, | ||
"--kind", kbc.Kind, | ||
"--defaulting", | ||
"--programmatic-validation", | ||
) | ||
ExpectWithOffset(1, err).NotTo(HaveOccurred()) | ||
|
||
By("implementing the mutating and validating webhooks") | ||
err = pluginutil.ImplementWebhooks(filepath.Join( | ||
kbc.Dir, "api", kbc.Version, | ||
fmt.Sprintf("%s_webhook.go", strings.ToLower(kbc.Kind)))) | ||
ExpectWithOffset(1, err).NotTo(HaveOccurred()) | ||
|
||
ExpectWithOffset(1, pluginutil.UncommentCode( | ||
filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), | ||
"#- ../certmanager", "#")).To(Succeed()) | ||
ExpectWithOffset(1, pluginutil.UncommentCode( | ||
filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), | ||
"#- ../prometheus", "#")).To(Succeed()) | ||
ExpectWithOffset(1, pluginutil.UncommentCode( | ||
filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), | ||
"#- webhookcainjection_patch.yaml", "#")).To(Succeed()) | ||
ExpectWithOffset(1, pluginutil.UncommentCode(filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), | ||
certManagerTarget, "#")).To(Succeed()) | ||
|
||
if kbc.IsRestricted { | ||
By("uncomment kustomize files to ensure that pods are restricted") | ||
uncommentPodStandards(kbc) | ||
} | ||
} | ||
|
||
// GenerateV4WithoutWebhooks implements a go/v4 plugin with APIs and enable Prometheus and CertManager | ||
func GenerateV4WithoutWebhooks(kbc *utils.TestContext) { | ||
initingTheProject(kbc) | ||
creatingAPI(kbc) | ||
|
||
ExpectWithOffset(1, pluginutil.UncommentCode( | ||
filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), | ||
"#- ../prometheus", "#")).To(Succeed()) | ||
|
||
if kbc.IsRestricted { | ||
By("uncomment kustomize files to ensure that pods are restricted") | ||
uncommentPodStandards(kbc) | ||
} | ||
} | ||
|
||
func creatingAPI(kbc *utils.TestContext) { | ||
By("creating API definition") | ||
err = kbc.CreateAPI( | ||
err := kbc.CreateAPI( | ||
"--group", kbc.Group, | ||
"--version", kbc.Version, | ||
"--kind", kbc.Kind, | ||
|
@@ -65,34 +108,20 @@ func GenerateV4(kbc *utils.TestContext) { | |
` // +optional | ||
Count int `+"`"+`json:"count,omitempty"`+"`"+` | ||
`)).Should(Succeed()) | ||
} | ||
|
||
By("scaffolding mutating and validating webhooks") | ||
err = kbc.CreateWebhook( | ||
"--group", kbc.Group, | ||
"--version", kbc.Version, | ||
"--kind", kbc.Kind, | ||
"--defaulting", | ||
"--programmatic-validation", | ||
func initingTheProject(kbc *utils.TestContext) { | ||
By("initializing a project") | ||
err := kbc.Init( | ||
"--plugins", "go/v4", | ||
"--project-version", "3", | ||
"--domain", kbc.Domain, | ||
) | ||
ExpectWithOffset(1, err).NotTo(HaveOccurred()) | ||
} | ||
|
||
By("implementing the mutating and validating webhooks") | ||
err = pluginutil.ImplementWebhooks(filepath.Join( | ||
kbc.Dir, "api", kbc.Version, | ||
fmt.Sprintf("%s_webhook.go", strings.ToLower(kbc.Kind)))) | ||
ExpectWithOffset(1, err).NotTo(HaveOccurred()) | ||
|
||
ExpectWithOffset(1, pluginutil.UncommentCode( | ||
filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), | ||
"#- ../certmanager", "#")).To(Succeed()) | ||
ExpectWithOffset(1, pluginutil.UncommentCode( | ||
filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), | ||
"#- ../prometheus", "#")).To(Succeed()) | ||
ExpectWithOffset(1, pluginutil.UncommentCode( | ||
filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), | ||
"#- webhookcainjection_patch.yaml", "#")).To(Succeed()) | ||
ExpectWithOffset(1, pluginutil.UncommentCode(filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"), | ||
`#replacements: | ||
//nolint:lll | ||
const certManagerTarget = `#replacements: | ||
# - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs | ||
# kind: Certificate | ||
# group: cert-manager.io | ||
|
@@ -188,13 +217,7 @@ Count int `+"`"+`json:"count,omitempty"`+"`"+` | |
# options: | ||
# delimiter: '.' | ||
# index: 1 | ||
# create: true`, "#")).To(Succeed()) | ||
|
||
if kbc.IsRestricted { | ||
By("uncomment kustomize files to ensure that pods are restricted") | ||
uncommentPodStandards(kbc) | ||
} | ||
} | ||
# create: true` | ||
|
||
func uncommentPodStandards(kbc *utils.TestContext) { | ||
configManager := filepath.Join(kbc.Dir, "config", "manager", "manager.yaml") | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should only be generated with the scaffolding of a webhook. Hence, it's been moved to the webhook subcommand.