Add defaulting webhook for Workload resource

[knight42]

What type of PR is this?

/kind feature

What this PR does / why we need it:

Add basic defaulting webhook for Workload resource.

Which issue(s) this PR fixes:

Part of #171

Special notes for your reviewer:

[knight42]

/cc @ahg-g @alculquicondor

[kerthcet]

Let's add some simple validation here like PodSet.Count should be positive.

[knight42]

Could we resolve this in a follow-up PR?

[ahg-g]

I think this type of validation can be done using kubebuilder markers on the field;

// +kubebuilder:validation:Minimum=0

but I am not sure if it has the same limitations as // +kubebuilder:default=main;

[knight42]

@ahg-g Hi! Thanks for your detailed review, I think your comments have been addressed, would you please take another look?

[ahg-g]

Thanks, this looks nice!

[ahg-g]

Thanks, this looks nice!

[ahg-g]

thanks, you can squash.

[ahg-g]

I think this type of validation can be done using kubebuilder markers on the field;

// +kubebuilder:validation:Minimum=0

but I am not sure if it has the same limitations as // +kubebuilder:default=main;

[ahg-g]

last question, did you try to deploy this on a real cluster?

/lgtm
/approve
/hold

feel free to cancel the hold

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: ahg-g, knight42

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [ahg-g]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[knight42]

last question, did you try to deploy this on a real cluster?

@ahg-g Yes, and it works well.

$ make deploy IMAGE_REGISTRY=knight42
/Users/knight/github/kueue/bin/controller-gen rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
cd config/manager && /Users/knight/github/kueue/bin/kustomize edit set image controller=knight42/kueue:0.2.0-devel-9-g64b24d7
/Users/knight/github/kueue/bin/kustomize build config/default | kubectl apply -f -
namespace/kueue-system created
customresourcedefinition.apiextensions.k8s.io/clusterqueues.kueue.x-k8s.io created
customresourcedefinition.apiextensions.k8s.io/queues.kueue.x-k8s.io created
customresourcedefinition.apiextensions.k8s.io/resourceflavors.kueue.x-k8s.io created
customresourcedefinition.apiextensions.k8s.io/workloads.kueue.x-k8s.io created
serviceaccount/kueue-controller-manager created
role.rbac.authorization.k8s.io/kueue-leader-election-role created
clusterrole.rbac.authorization.k8s.io/kueue-batch-admin-role created
clusterrole.rbac.authorization.k8s.io/kueue-batch-user-role created
clusterrole.rbac.authorization.k8s.io/kueue-clusterqueue-editor-role created
clusterrole.rbac.authorization.k8s.io/kueue-clusterqueue-viewer-role created
clusterrole.rbac.authorization.k8s.io/kueue-job-editor-role created
clusterrole.rbac.authorization.k8s.io/kueue-job-viewer-role created
clusterrole.rbac.authorization.k8s.io/kueue-manager-role created
clusterrole.rbac.authorization.k8s.io/kueue-metrics-reader created
clusterrole.rbac.authorization.k8s.io/kueue-proxy-role created
clusterrole.rbac.authorization.k8s.io/kueue-queue-editor-role created
clusterrole.rbac.authorization.k8s.io/kueue-queue-viewer-role created
clusterrole.rbac.authorization.k8s.io/kueue-resourceflavor-editor-role created
clusterrole.rbac.authorization.k8s.io/kueue-resourceflavor-viewer-role created
clusterrole.rbac.authorization.k8s.io/kueue-workload-editor-role created
clusterrole.rbac.authorization.k8s.io/kueue-workload-viewer-role created
rolebinding.rbac.authorization.k8s.io/kueue-leader-election-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/kueue-manager-rolebinding created
clusterrolebinding.rbac.authorization.k8s.io/kueue-proxy-rolebinding created
configmap/kueue-manager-config created
service/kueue-controller-manager-metrics-service created
service/kueue-webhook-service created
deployment.apps/kueue-controller-manager created
certificate.cert-manager.io/kueue-serving-cert created
issuer.cert-manager.io/kueue-selfsigned-issuer created
mutatingwebhookconfiguration.admissionregistration.k8s.io/kueue-mutating-webhook-configuration created
validatingwebhookconfiguration.admissionregistration.k8s.io/kueue-validating-webhook-configuration created

$ cat <<EOF | kubectl create --validate=false -f -
apiVersion: kueue.x-k8s.io/v1alpha1
kind: Workload
metadata:
  namespace: default
  name: foo
spec:
  queueName: test
  podSets:
  - count: 1
    spec:
      containers:
      - image: nginx:alpine
        name: nginx
EOF

$ kubectl get workload foo -oyaml
apiVersion: kueue.x-k8s.io/v1alpha1
kind: Workload
metadata:
  creationTimestamp: "2022-04-20T02:45:34Z"
  generation: 1
  name: foo
  namespace: default
  resourceVersion: "1557103"
  uid: b74f5db6-ef73-4365-8e34-1d490ced82d2
spec:
  podSets:
  - count: 1
    name: main # <- The defaulting webhook has filled the default podSet name
    spec:
      containers:
      - image: nginx:alpine
        name: nginx
        resources: {}
  queueName: test
status:
  conditions:
  - lastProbeTime: "2022-04-20T02:45:34Z"
    lastTransitionTime: "2022-04-20T02:45:34Z"
    message: Queue test doesn't exist
    reason: Inadmissible
    status: "False"
    type: Admitted

[knight42]

/hold cancel

[alculquicondor]

This now requires installing cert-manager. Could you add it to the documentation? Are there alternatives?