feat: enable v2alpha1 API with conversion webhook

api/accurate/v1/subnamespace_conversion.go

@@ -21,7 +21,7 @@ func (src *SubNamespace) ConvertTo(dstRaw conversion.Hub) error {
 
 	logger := getConversionLogger(src).WithValues(
 		"source", SchemeGroupVersion.Version,
-		"destination", SchemeGroupVersion.Version,
+		"destination", accuratev2alpha1.SchemeGroupVersion.Version,
 	)
 	logger.V(5).Info("converting")
 
@@ -57,7 +57,7 @@ func (dst *SubNamespace) ConvertFrom(srcRaw conversion.Hub) error {
 	src := srcRaw.(*accuratev2alpha1.SubNamespace)
 
 	logger := getConversionLogger(src).WithValues(
-		"source", SchemeGroupVersion.Version,
+		"source", accuratev2alpha1.SchemeGroupVersion.Version,
 		"destination", SchemeGroupVersion.Version,
 	)
 	logger.V(5).Info("converting")

api/accurate/v2alpha1/subnamespace_types.go

@@ -31,8 +31,6 @@ type SubNamespaceSpec struct {
 	Annotations map[string]string `json:"annotations,omitempty"`
 }
 
-// Keeping this version un-served for now
-//+kubebuilder:unservedversion
 //+kubebuilder:object:root=true
 //+kubebuilder:subresource:status
 //+genclient

cmd/accurate-controller/sub/run.go

@@ -9,6 +9,7 @@ import (
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
 	accuratev1 "github.com/cybozu-go/accurate/api/accurate/v1"
+	accuratev2alpha1 "github.com/cybozu-go/accurate/api/accurate/v2alpha1"
 	"github.com/cybozu-go/accurate/controllers"
 	"github.com/cybozu-go/accurate/hooks"
 	"github.com/cybozu-go/accurate/pkg/config"
@@ -35,7 +36,10 @@ func subMain(ns, addr string, port int) error {
 		return fmt.Errorf("unable to add client-go objects: %w", err)
 	}
 	if err := accuratev1.AddToScheme(scheme); err != nil {
-		return fmt.Errorf("unable to add Accurate objects: %w", err)
+		return fmt.Errorf("unable to add Accurate v1 objects: %w", err)
+	}
+	if err := accuratev2alpha1.AddToScheme(scheme); err != nil {
+		return fmt.Errorf("unable to add Accurate v2alpha1 objects: %w", err)
 	}
 
 	cfgData, err := os.ReadFile(options.configFile)

cmd/kubectl-accurate/sub/util.go

@@ -2,6 +2,7 @@ package sub
 
 import (
 	accuratev1 "github.com/cybozu-go/accurate/api/accurate/v1"
+	accuratev2alpha1 "github.com/cybozu-go/accurate/api/accurate/v2alpha1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/cli-runtime/pkg/genericclioptions"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
@@ -21,6 +22,9 @@ func makeClient(config *genericclioptions.ConfigFlags) (client.Client, error) {
 	if err := accuratev1.AddToScheme(scheme); err != nil {
 		return nil, err
 	}
+	if err := accuratev2alpha1.AddToScheme(scheme); err != nil {
+		return nil, err
+	}
 
 	return client.New(cfg, client.Options{Scheme: scheme})
 }

config/crd/kustomization.yaml

@@ -6,4 +6,10 @@ resources:
 #+kubebuilder:scaffold:crdkustomizeresource
 
 patchesStrategicMerge:
+- patches/cainjection_in_subnamespaces.yaml
 - patches/fix-crd.yaml
+- patches/webhook_in_subnamespaces.yaml
+
+# the following config is for teaching kustomize how to do kustomization for CRDs.
+configurations:
+- kustomizeconfig.yaml

config/crd/kustomizeconfig.yaml

@@ -0,0 +1,19 @@
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+  - kind: Service
+    version: v1
+    fieldSpecs:
+      - kind: CustomResourceDefinition
+        version: v1
+        group: apiextensions.k8s.io
+        path: spec/conversion/webhook/clientConfig/service/name
+
+namespace:
+  - kind: CustomResourceDefinition
+    version: v1
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhook/clientConfig/service/namespace
+    create: false
+
+varReference:
+  - path: metadata/annotations

config/crd/patches/cainjection_in_subnamespaces.yaml

@@ -0,0 +1,7 @@
+# The following patch adds a directive for certmanager to inject CA into the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+  name: subnamespaces.accurate.cybozu.com

config/crd/patches/webhook_in_subnamespaces.yaml

@@ -0,0 +1,16 @@
+# The following patch enables a conversion webhook for the CRD
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: subnamespaces.accurate.cybozu.com
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      clientConfig:
+        service:
+          name: webhook-service
+          namespace: system
+          path: /convert
+      conversionReviewVersions:
+        - v1

config/kustomize-to-helm/overlays/crds/crd_conversion_patch.yaml

@@ -0,0 +1,13 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    cert-manager.io/inject-ca-from: '{{ .Release.Namespace }}/{{ template "accurate.fullname" . }}-serving-cert'
+  name: subnamespaces.accurate.cybozu.com
+spec:
+  conversion:
+    webhook:
+      clientConfig:
+        service:
+          name: '{{ template "accurate.fullname" . }}-webhook-service'
+          namespace: '{{ .Release.Namespace }}'

config/kustomize-to-helm/overlays/crds/kustomization.yaml

@@ -1,8 +1,8 @@
 resources:
   - ../../../crd
 
-commonLabels:
-  app.kubernetes.io/name: accurate
+patchesStrategicMerge:
+  - crd_conversion_patch.yaml
 
 components:
   - ../../components/common-labels

controllers/suite_test.go

@@ -19,6 +19,7 @@ import (
 	"sigs.k8s.io/controller-runtime/pkg/log/zap"
 
 	accuratev1 "github.com/cybozu-go/accurate/api/accurate/v1"
+	accuratev2alpha1 "github.com/cybozu-go/accurate/api/accurate/v2alpha1"
 	"github.com/cybozu-go/accurate/pkg/config"
 	"github.com/cybozu-go/accurate/pkg/constants"
 	"github.com/cybozu-go/accurate/pkg/feature"
@@ -70,6 +71,8 @@ var _ = BeforeSuite(func() {
 	Expect(err).NotTo(HaveOccurred())
 	err = accuratev1.AddToScheme(scheme)
 	Expect(err).NotTo(HaveOccurred())
+	err = accuratev2alpha1.AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
 
 	//+kubebuilder:scaffold:scheme
 

hooks/subnamespace.go

@@ -8,14 +8,17 @@ import (
 	"regexp"
 
 	accuratev1 "github.com/cybozu-go/accurate/api/accurate/v1"
+	accuratev2alpha1 "github.com/cybozu-go/accurate/api/accurate/v2alpha1"
 	"github.com/cybozu-go/accurate/pkg/config"
 	"github.com/cybozu-go/accurate/pkg/constants"
 	admissionv1 "k8s.io/api/admission/v1"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	v1annotationvalidation "k8s.io/apimachinery/pkg/api/validation"
 	v1labelvalidation "k8s.io/apimachinery/pkg/apis/meta/v1/validation"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/util/validation/field"
+	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/manager"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
@@ -137,6 +140,15 @@ func (v *subNamespaceValidator) notMatchingNamingPolicy(ctx context.Context, ns,
 
 // SetupSubNamespaceWebhook registers the webhooks for SubNamespace
 func SetupSubNamespaceWebhook(mgr manager.Manager, dec *admission.Decoder, namingPolicyRegexps []config.NamingPolicyRegexp) error {
+	for _, s := range []runtime.Object{&accuratev1.SubNamespace{}, &accuratev2alpha1.SubNamespace{}} {
+		err := ctrl.NewWebhookManagedBy(mgr).
+			For(s).
+			Complete()
+		if err != nil {
+			return err
+		}
+	}
+
 	serv := mgr.GetWebhookServer()
 
 	m := &subNamespaceMutator{

hooks/suite_test.go

@@ -15,6 +15,7 @@ import (
 	admissionv1beta1 "k8s.io/api/admission/v1beta1"
 	//+kubebuilder:scaffold:imports
 	accuratev1 "github.com/cybozu-go/accurate/api/accurate/v1"
+	accuratev2alpha1 "github.com/cybozu-go/accurate/api/accurate/v2alpha1"
 	"github.com/cybozu-go/accurate/pkg/config"
 	"github.com/cybozu-go/accurate/pkg/indexing"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -64,6 +65,8 @@ var _ = BeforeSuite(func() {
 	scheme := runtime.NewScheme()
 	err = accuratev1.AddToScheme(scheme)
 	Expect(err).NotTo(HaveOccurred())
+	err = accuratev2alpha1.AddToScheme(scheme)
+	Expect(err).NotTo(HaveOccurred())
 	err = clientgoscheme.AddToScheme(scheme)
 	Expect(err).NotTo(HaveOccurred())