Set minimum TLS version in webhooks

[sozercan]

Signed-off-by: Sertac Ozercan sozercan@gmail.com
What this PR does / why we need it:

• Upgrades CR to v0.9.2
• Introduces tls-min-version flag to set min TLS version (defaulting to 1.2)

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):
Fixes #1424

Special notes for your reviewer:

[sozercan]

@shomron I am getting error

cannot use selector (variable of type internal.Selector) as internal.Selector value in assignmentcompilerIncompatibleAssign

any ideas?

[shomron]

Yes, the types come from different packages (upstream cache and forked cache) - and can't just be assigned to each other. This resolves it:

selectorsByGVK[gvk] = internal.Selector{
	Label: selector.Label,
	Field: selector.Field,
}

I'll go through the PR to see if there's anything else.

[shomron]

Opened sozercan#73 with fixes to the rebase.

[sozercan]

thanks @shomron!

[maxsmythe]

LGTM

[ritazh]

@shomron when you get a chance, can you please help take a look at these failures: https://github.com/open-policy-agent/gatekeeper/pull/1426/checks?check_run_id=3550979914

[sozercan]

Looks like #1538 updated the constraint framework vendor without go.mod change. I updated frameworks to 2924b2c86f76 for now so it doesn't keep generating diffs.

@willbeason

[sozercan]

https://github.com/open-policy-agent/gatekeeper/blob/master/pkg/controller/config/config_controller_test.go#L95 TestReconcile is failing but not sure why @shomron any thoughts?

[sozercan]

@maxsmythe still LGTY?

[codecov-commenter]

Codecov Report

Merging #1426 (7e89a28) into master (14de7cf) will increase coverage by 0.04%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master    #1426      +/-   ##
==========================================
+ Coverage   52.77%   52.82%   +0.04%     
==========================================
  Files          89       89              
  Lines        7843     7849       +6     
==========================================
+ Hits         4139     4146       +7     
- Misses       3356     3357       +1     
+ Partials      348      346       -2     

Flag	Coverage Δ
unittests	52.82% <0.00%> (+0.04%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
pkg/metrics/client_metrics.go	0.00% <0.00%> (ø)
pkg/webhook/common.go	66.00% <ø> (ø)
pkg/webhook/mutation.go	19.11% <0.00%> (-0.29%)	⬇️
pkg/webhook/namespacelabel.go	66.66% <0.00%> (-3.34%)	⬇️
pkg/webhook/policy.go	29.26% <0.00%> (-0.17%)	⬇️
pkg/controller/mutators/core/controller_core.go	55.44% <0.00%> (+1.55%)	⬆️
pkg/watch/replay.go	81.25% <0.00%> (+2.27%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a968ce3...7e89a28. Read the comment docs.

[maxsmythe]

One comment about metrics

WRT the informer, are we also upgrading our fork as part of this PR?

[maxsmythe]

Why are we adding context here? Looking at the definition of clientmetrics.RequestLatency, it doesn't appear to expect a context.

[sozercan]

Looks like this is part of k8s v1.21 changes:
https://github.com/kubernetes/client-go/blob/release-1.21/tools/metrics/metrics.go#L117
https://github.com/kubernetes-sigs/controller-runtime/blob/v0.9.2/pkg/metrics/client_go_adapter.go#L166

[maxsmythe]

ah, might have been looking at an older version of the code. LGTM

[ritazh]

WRT the informer, are we also upgrading our fork as part of this PR?

Yes, @shomron's commit d390a0a updates the fork from 0.8.2 to 0.9.2

[maxsmythe]

LGTM