From 31cacf5ed9a24af1f8435330b6efb79ee2b2a4d4 Mon Sep 17 00:00:00 2001 From: peefy Date: Thu, 31 Aug 2023 14:43:58 +0800 Subject: [PATCH] refactor: remove the controller code and use the webhook code in the runtime manager. --- Dockerfile | 24 +- Makefile | 26 +- README.md | 69 ++++- config/all.yaml | 247 ++++-------------- config/certmanager/certificate.yaml | 26 -- config/certmanager/kustomization.yaml | 5 - config/certmanager/kustomizeconfig.yaml | 16 -- config/crds/krm.kcl.dev_kclruns.yaml | 54 ---- config/default/kustomization.yaml | 71 +---- config/default/manager_auth_proxy_patch.yaml | 25 -- config/default/manager_webhook_patch.yaml | 23 -- config/default/webhookcainjection_patch.yaml | 15 -- config/manager/kustomization.yaml | 2 - config/manager/manager.yaml | 39 --- config/prometheus/kustomization.yaml | 2 - config/prometheus/monitor.yaml | 26 -- .../rbac/auth_proxy_client_clusterrole.yaml | 16 -- config/rbac/auth_proxy_role.yaml | 24 -- config/rbac/auth_proxy_role_binding.yaml | 19 -- config/rbac/auth_proxy_service.yaml | 21 -- config/rbac/kustomization.yaml | 9 - config/rbac/leader_election_role.yaml | 37 --- config/rbac/leader_election_role_binding.yaml | 12 - .../samples/krm.kcl.dev_v1alpha1_kclrun.yaml | 12 - config/samples/kustomization.yaml | 4 - config/webhook/kustomization.yaml | 11 +- config/webhook/kustomizeconfig.yaml | 25 -- config/webhook/manifests.yaml | 10 +- config/webhook/service.yaml | 15 -- config/webhook/webhook-certs.yaml | 8 + config/webhook/webhook-registration.yaml | 22 ++ config/webhook/webhook.yaml | 46 ++++ controllers/kclrun_controller.go | 62 ----- controllers/suite_test.go | 80 ------ go.mod | 47 ++-- go.sum | 83 +++--- hack/testlocal/kcl-run.yaml | 9 - hack/testlocal/pod.yaml | 10 - main.go | 103 ++++++-- pkg/webhook/handler/mutation.go | 83 ++++++ pkg/webhook/handler/validation.go | 58 ---- 41 files changed, 449 insertions(+), 1047 deletions(-) delete mode 100644 config/certmanager/certificate.yaml delete mode 100644 config/certmanager/kustomization.yaml delete mode 100644 config/certmanager/kustomizeconfig.yaml delete mode 100644 config/crds/krm.kcl.dev_kclruns.yaml delete mode 100644 config/default/manager_auth_proxy_patch.yaml delete mode 100644 config/default/manager_webhook_patch.yaml delete mode 100644 config/default/webhookcainjection_patch.yaml delete mode 100644 config/manager/kustomization.yaml delete mode 100644 config/manager/manager.yaml delete mode 100644 config/prometheus/kustomization.yaml delete mode 100644 config/prometheus/monitor.yaml delete mode 100644 config/rbac/auth_proxy_client_clusterrole.yaml delete mode 100644 config/rbac/auth_proxy_role.yaml delete mode 100644 config/rbac/auth_proxy_role_binding.yaml delete mode 100644 config/rbac/auth_proxy_service.yaml delete mode 100644 config/rbac/leader_election_role.yaml delete mode 100644 config/rbac/leader_election_role_binding.yaml delete mode 100644 config/samples/krm.kcl.dev_v1alpha1_kclrun.yaml delete mode 100644 config/samples/kustomization.yaml delete mode 100644 config/webhook/kustomizeconfig.yaml delete mode 100644 config/webhook/service.yaml create mode 100644 config/webhook/webhook-certs.yaml create mode 100644 config/webhook/webhook-registration.yaml create mode 100644 config/webhook/webhook.yaml delete mode 100644 controllers/kclrun_controller.go delete mode 100644 controllers/suite_test.go delete mode 100644 hack/testlocal/kcl-run.yaml delete mode 100644 hack/testlocal/pod.yaml create mode 100644 pkg/webhook/handler/mutation.go delete mode 100644 pkg/webhook/handler/validation.go diff --git a/Dockerfile b/Dockerfile index 4fd0a0b..46f5469 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,12 +1,20 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal +FROM golang:1.19 as builder -ENV TZ="Europe/Zurich" \ - LANG="en_US.UTF-8" \ - WEBHOOK=/usr/local/bin/webhook \ - UIDGID=1001:1001 +ENV GO111MODULE=on \ + GOPROXY=https://goproxy.cn,direct -COPY bin/webhook ${WEBHOOK} +WORKDIR / -USER ${UIDGID} +COPY . . -CMD ["${WEBHOOK}"] +RUN GOOS=linux GOARCH=amd64 go build -o manager + +FROM kcllang/kcl + +WORKDIR / +COPY --from=builder /manager . + +ENV KCL_GO_DISABLE_ARTIFACT=on +ENV LANG="en_US.UTF-8" + +ENTRYPOINT ["/manager"] diff --git a/Makefile b/Makefile index 847a589..15dbd29 100644 --- a/Makefile +++ b/Makefile @@ -47,9 +47,9 @@ ifeq ($(USE_IMAGE_DIGESTS), true) endif # Image URL to use all building/pushing image targets -IMG ?= controller:latest +IMG ?= kcllang/webhookserver # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.26.0 +ENVTEST_K8S_VERSION = 1.28.0 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) ifeq (,$(shell go env GOBIN)) @@ -134,15 +134,19 @@ test: manifests generate fmt vet envtest ## Run tests. .PHONY: build build: ## Build binaries. - make webhook + make manager + +.PHONY: build +build-linux: ## Build binaries. + make manager-linux -.PHONY: webhook -webhook: manifests generate fmt vet ## Build webhook binary - go build -o bin/webhook main.go +.PHONY: manager +manager: manifests generate fmt vet ## Build manager binary + go build -o bin/manager main.go -.PHONY: webhook-linux -webhook-linux: generate fmt vet - CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o build/bin/webhook main.go +.PHONY: manager-linux +manager-linux: generate fmt vet + CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o build/bin/manager main.go .PHONY: run run: manifests generate fmt vet ## Run a controller from your host. @@ -152,11 +156,11 @@ run: manifests generate fmt vet ## Run a controller from your host. # (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it. # More info: https://docs.docker.com/develop/develop-images/build_enhancements/ .PHONY: docker-build -docker-build: webhook-linux ## Build docker image with the webhook. +docker-build: ## Build docker image with the manager. docker build -t $(IMG) . .PHONY: docker-push -docker-push: ## Push docker image with the webhook. +docker-push: ## Push docker image with the manager. docker push ${IMG} # PLATFORMS defines the target platforms for the manager image be build to provide support to multiple diff --git a/README.md b/README.md index 0602797..3be799d 100644 --- a/README.md +++ b/README.md @@ -15,26 +15,74 @@ KCL Operator provides cluster integration, allowing you to use Access Webhook to ![architecture](./images/arch.png) -## CR Example +## Developing + ++ Install Go 1.20+ ++ Install Kubectl and Kustomize ++ Install [Operator SDK](https://sdk.operatorframework.io/) ++ Prepare a Kubernetes Cluster e.g., K3d + +Run `make help` to get the help. + +## Quick Start + +1. Deploy the KCL Operator. + +```shell +make deploy +``` + +Use the following command to watch and wait the pod status is Running. + +```shell +kubectl get po +``` -```yaml +2. Deploy the KCL source + +```shell +kubectl apply -f- << EOF apiVersion: krm.kcl.dev/v1alpha1 kind: KCLRun metadata: name: set-annotation spec: - params: - annotations: - config.kubernetes.io/local-config: "true" - source: oci://ghcr.io/kcl-lang/set-annotation + source: | + items = [item | { + metadata.annotations: { + "managed-by" = "kcl-operator" + } + } for item in option("items")] +EOF ``` -## Developing +3. Validate the mutation result by creating a nginx Pod YAML. -+ Install Go 1.20+ -+ Install [Operator SDK](https://sdk.operatorframework.io/) +```shell +kubectl apply -f- << EOF +apiVersion: v1 +kind: Pod +metadata: + name: nginx + annotations: + app: nginx +spec: + containers: + - name: nginx + image: nginx:1.14.2 + ports: + - containerPort: 80 +EOF +kubectl get po nginx -o yaml | grep kcl-operator +``` -Run `make help` to get the help. +The output is + +```shell + managed-by: kcl-operator +``` + +We can find the annotation `managed-by=kcl-operator` is added on the pod. ## Guides for Developing KCL @@ -57,4 +105,3 @@ See [here](https://kcl-lang.io/docs/reference/lang/tour) to study more features ## Examples See [here](https://github.com/kcl-lang/krm-kcl/tree/main/examples) for more examples. - diff --git a/config/all.yaml b/config/all.yaml index a6b6dda..079bf59 100644 --- a/config/all.yaml +++ b/config/all.yaml @@ -1,10 +1,3 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: kcl-operator-system ---- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: @@ -70,52 +63,14 @@ metadata: app.kubernetes.io/managed-by: kustomize app.kubernetes.io/name: serviceaccount app.kubernetes.io/part-of: kcl-operator - name: kcl-operator-controller-manager - namespace: kcl-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: kcl-operator-leader-election-role - namespace: kcl-operator-system -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch + name: controller-manager + namespace: default --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null - name: kcl-operator-manager-role + name: manager-role rules: - apiGroups: - krm.kcl.dev @@ -145,190 +100,94 @@ rules: - update --- apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: kcl-operator - app.kubernetes.io/instance: metrics-reader - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: clusterrole - app.kubernetes.io/part-of: kcl-operator - name: kcl-operator-metrics-reader -rules: -- nonResourceURLs: - - /metrics - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: kcl-operator - app.kubernetes.io/instance: proxy-role - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: clusterrole - app.kubernetes.io/part-of: kcl-operator - name: kcl-operator-proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: kcl-operator-leader-election-rolebinding - namespace: kcl-operator-system -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: kcl-operator-leader-election-role -subjects: -- kind: ServiceAccount - name: default - namespace: kcl-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: kcl-operator-manager-rolebinding + name: manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: kcl-operator-manager-role + name: manager-role subjects: - kind: ServiceAccount name: default - namespace: kcl-operator-system ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: kcl-operator - app.kubernetes.io/instance: proxy-rolebinding - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/part-of: kcl-operator - name: kcl-operator-proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: kcl-operator-proxy-role -subjects: -- kind: ServiceAccount - name: kcl-operator-controller-manager - namespace: kcl-operator-system + namespace: default --- apiVersion: v1 -kind: Service +data: + cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ1akNDQXM2Z0F3SUJBZ0lVSk03UjJPZ1JpcUN4dGZpaDRhZHpMbnF3aTVJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZTXhDekFKQmdOVkJBWVRBa05PTVJBd0RnWURWUVFJRXdkQ1pXbHFhVzVuTVJBd0RnWURWUVFIRXdkQwpaV2xxYVc1bk1SUXdFZ1lEVlFRS0V3dFZibWwwWldSVGRHRmphekVQTUEwR0ExVUVDeE1HUkdWMmIzQnpNU2t3Ckp3WURWUVFERXlCd2IyUXRZVzV1YjNSaGRHVXRkMlZpYUc5dmF5NWtaV1poZFd4MExuTjJZekFnRncweU16QTQKTXpFd01qVXdNemRhR0E4ek1ESXpNREV3TVRBeU5UQXpOMW93Z1lNeEN6QUpCZ05WQkFZVEFrTk9NUkF3RGdZRApWUVFJRXdkQ1pXbHFhVzVuTVJBd0RnWURWUVFIRXdkQ1pXbHFhVzVuTVJRd0VnWURWUVFLRXd0VmJtbDBaV1JUCmRHRmphekVQTUEwR0ExVUVDeE1HUkdWMmIzQnpNU2t3SndZRFZRUURFeUJ3YjJRdFlXNXViM1JoZEdVdGQyVmkKYUc5dmF5NWtaV1poZFd4MExuTjJZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQgpBTXVrYTFBS0tYNko2UWhrQmQ2clNyRzh0a3ZsbG5lcW5PTE5ya0FZMGV0VXNtS3hlZnJoYUhjNlhjdTJYcGFZCitGRWxTeEU0ZGNKa09YWmpGTDg4c3RleXRqOWFHaG5uOHN3WnozMWFNUU5iMWJERjIvTTdVWm16bjVKdG1IV2MKKzdnUUJORDN5Myt6SFZyaWNYVnNxb2ppSFhoN0huUC8vVlRNellrTUhtUk9ER0ZZTUlRVmowcDl3VFVYMnE3NQphSS9zMTY2Vi9CRURIbHNlc29SbnVjU0h4R2JtMzF3TnNQSFQzOWpIRHEvV3AvNytzNnpjT3hZekt1MzdIOWN1CkIycDhRNUp6NWdtazFuU01JZU1rUGhveStWUXYrRHR2TnNnN2tWOGhvTERKOWdBdW5obDFUbVNLQmU2elM1SUsKS3RaWFNENE1NQjc3VC9CTXBmU3VLQ01DQXdFQUFhTk9NRXd3S3dZRFZSMFJCQ1F3SW9JZ2NHOWtMV0Z1Ym05MApZWFJsTFhkbFltaHZiMnN1WkdWbVlYVnNkQzV6ZG1Nd0hRWURWUjBPQkJZRUZMZGgycnVhYjAxSERSN2xGWlBHClRUbEU1ZXg0TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFESEJONmNNdmZ1OTJpWjZEM1ZLUDdFbnIzWHF4cXYKUE9CdTdMRnlxRVBySlZ4L2E0ME5zUXQzYlk4NWUzOXM5aERHRklYcTVwcXpQRFl3WUxnUW8za2IyVjJCVVVmcwpBZmtjVE9DbExsK3dDK2kzTm9mZzNLZC9CckUxelRhUGc1UmFkRU5HUVZmbjZ6a3NYNEVBaXJhUmdhVW9uQmFPCk5WdUFLZ1phSVovUXJjQ1RjSGZMNC9yeVNWT0hTSzRZa05RWFVWZnhscGJCaU9HRUg3N2NqS3g2eEpjSHZTYnoKVXJtZlFHQ25IS25aWUJhSVJ2ZTErWGtEbEllUkFlTlB1SWh2YjRKZm0yNmxYbnFVcXpoeEd4b29wQi81eHN6NwoyeEpmWFdwdzhVZWpudGYxRzRIYytyVStJL1dnRnM2WTRFb3pTUzVKOWtCVHNYSkdFb011cVFhbAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRRExwR3RRQ2lsK2lla0kKWkFYZXEwcXh2TFpMNVpaM3Fweml6YTVBR05IclZMSmlzWG42NFdoM09sM0x0bDZXbVBoUkpVc1JPSFhDWkRsMgpZeFMvUExMWHNyWS9XaG9aNS9MTUdjOTlXakVEVzlXd3hkdnpPMUdaczUrU2JaaDFuUHU0RUFUUTk4dC9zeDFhCjRuRjFiS3FJNGgxNGV4NXovLzFVek0ySkRCNWtUZ3hoV0RDRUZZOUtmY0UxRjlxdStXaVA3TmV1bGZ3UkF4NWIKSHJLRVo3bkVoOFJtNXQ5Y0RiRHgwOS9ZeHc2djFxZisvck9zM0RzV015cnQreC9YTGdkcWZFT1NjK1lKcE5aMApqQ0hqSkQ0YU12bFVML2c3YnpiSU81RmZJYUN3eWZZQUxwNFpkVTVraWdYdXMwdVNDaXJXVjBnK0REQWUrMC93ClRLWDByaWdqQWdNQkFBRUNnZ0VBTDRpaCtlMWRVU21jeVBZYi9xVktDcUhMaFh6Q09nMkxrRTlGVUxYYWJnMTMKbEJ6c0paanUyd0czT2lGSUErd1I3bEwvcWpYZEd2SnREVXJFWVgwb0c3d2QyVHpOWWVXbjRXZFc3T0ljRmJZZQpjNlJEbW90cW1TOTUzR0tUbDBSODV6SnFCV01KejdWOThTUnhLbUVpajFBRVpBYU5EYk9mck9jZlJOR2MySG1LCmR3RXhWZDMxeTFpUkhNS05ndjZZZmMwZ1lNaGFmc3lNMC9oS1dQMVFlcHRCRnNRYktlcFBSNmhSLzRiT0ZYeUEKeXdBNVZWZ1p4VWF0MElWbCt2UnZXUWE3SUdOQTFSVmxNK0lEWW9HaE1wVGg2OGl4ajdaL3ZIbVpBOVJxTDl3NQpMajFHKzJldUtvYzdJY0dZRkwzT1MvdFpqSm1lVTlaNDdqaTBqM0t6UFFLQmdRRDJrdXh3Ym5SWVo0Tzl0eTQ3CnlZa3dDNFh3VFpXampwdmR6VjRSWlFCRXd4UlF4OTVPV0RoU1U3d3o2MHczZkprUTFPUnFycGx4QytraVMxMmkKRHo2ZFN3eDZ0M01NWTh4dGZXNFMrVFVrMUN4ZHpUQVVBdFRENThYRlRZdVVGTjdlZFlrZmZMbkxkbUd0TU5USwovUVlOV0F4UWM2NGkraTFDSXF1bDcwMXVid0tCZ1FEVGJWa3BJczJ0QzYrdHREajBwUFVnNDdJeTZhdVdnREdPCmVwS0xmeVk3M2J3dm5vTHNnT2pXVkloOGd5Umc3a1JPQ0pNRlZWdXAzSDdRUzFjQkpyMHlZMmwwejhCUEZCQ20KbUVMY3BHcmtCUjVqT0creThubXNyLzJkMjF1NmRCbDJtcUQ5UGJuOHhjbG1PTVAwam9aZW5LRnBLMW5UdUJ1TQpVSldoNlJkN2pRS0JnRkp0K1piNGhmS0w0SEhLekN6MmllTkM1dXJYdFAreGpBL1JPUEpOdHBKR09RTnNYYmdKCkxBTHh0VWdTRUMrNGVwOHkzSTJCZ3hCVXNBSmorWkJVMGxUWkl2bmZYQm0zUHo4WElIWTlVM1BWYm1PSlZkcEsKdkFBbCttcWtLdFk5UitoTW1LT3JHWjJZSEwwK1J0VDVVMDJnc3JVdWh2ZHdkVExYemxReHRNd0hBb0dBVCtXYwpzZnppK0tmWDVhNmJiMmYrOGtUWmpIL2RSZXgvemJYb055ci9pZFFMVDN0NVFtS2NtcElyV2RJOUp4d2pWOUhKCnJWUktaWEJidzk4VXEreTF4cHJtdVN2aElvRVVvY0FjVkVFVjI4RkxjSGRkVHFSdThxRTNHRFpTL2F6dUNuSDQKc0hwcEZHcXg1eDFBZitSMFJzQ3VCbzVKVGNiZk1qRXB1cHZaTWVrQ2dZQmdmK3Bzc1dVc2p0ejg5bXBTQWlyQwovMG5ncXA3K1dHWWI4QzMxQmRBSGNsWER0ZzBwZHk4QkhjQndIWHBTMlpVZk5rN1pieVZDMzRxYndCa1FrcXc2CjZ3SnI1bWJheDNZbDdJTXVKQlRWdmpxN0JBU1dKS21ZUERBT2JsTGYyMW1SK3oxYXBFSjZkbUE5aHBtNDB6V3oKOWV3T0NjRWJFaGw0Wm9nREJjc1kwdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +kind: Secret metadata: - labels: - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: kcl-operator - app.kubernetes.io/instance: controller-manager-metrics-service - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/name: service - app.kubernetes.io/part-of: kcl-operator - control-plane: controller-manager - name: kcl-operator-controller-manager-metrics-service - namespace: kcl-operator-system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager + creationTimestamp: null + name: pod-annotate-webhook-certs + namespace: default --- apiVersion: v1 kind: Service metadata: - annotations: - service.alpha.openshift.io/serving-cert-secret-name: kcl-operator-serving-cert labels: - webhook: kcl-operator - name: kcl-operator-webhook-service - namespace: kcl-operator-system + app: pod-annotate-webhook + name: pod-annotate-webhook + namespace: default spec: ports: - port: 443 - targetPort: 9443 + protocol: TCP + targetPort: 8081 selector: - webhook: kcl-operator + app: pod-annotate-webhook --- apiVersion: apps/v1 kind: Deployment metadata: labels: - control-plane: controller-manager - name: kcl-operator-controller-manager - namespace: kcl-operator-system + app: pod-annotate-webhook + name: pod-annotate-webhook + namespace: default spec: replicas: 1 selector: matchLabels: - control-plane: controller-manager + app: pod-annotate-webhook template: metadata: labels: - control-plane: controller-manager + app: pod-annotate-webhook spec: containers: - args: - - --secure-listen-address=0.0.0.0:8443 - - --upstream=http://127.0.0.1:8080/ - - --logtostderr=true - - --v=10 - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 - name: kube-rbac-proxy - ports: - - containerPort: 8443 - name: https - - args: - - --metrics-addr=127.0.0.1:8080 - - --enable-leader-election - command: - - /manager - image: controller:latest - name: manager - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - terminationGracePeriodSeconds: 10 + - -tls-cert-file=/etc/webhook/certs/cert.pem + - -tls-key-file=/etc/webhook/certs/key.pem + - -addr=:8081 + image: kcllang/webhookserver + imagePullPolicy: Always + name: pod-annotate-webhook + volumeMounts: + - mountPath: /etc/webhook/certs + name: webhook-certs + readOnly: true + volumes: + - name: webhook-certs + secret: + secretName: pod-annotate-webhook-certs --- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration metadata: - creationTimestamp: null - name: kcl-operator-prometheus-rule-validating-webhook + labels: + app: pod-annotate-webhook + kind: mutator + name: pod-annotate-webhook webhooks: -- clientConfig: - caBundle: Cg== +- admissionReviewVersions: + - v1beta1 + clientConfig: + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ1akNDQXM2Z0F3SUJBZ0lVSk03UjJPZ1JpcUN4dGZpaDRhZHpMbnF3aTVJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZTXhDekFKQmdOVkJBWVRBa05PTVJBd0RnWURWUVFJRXdkQ1pXbHFhVzVuTVJBd0RnWURWUVFIRXdkQwpaV2xxYVc1bk1SUXdFZ1lEVlFRS0V3dFZibWwwWldSVGRHRmphekVQTUEwR0ExVUVDeE1HUkdWMmIzQnpNU2t3Ckp3WURWUVFERXlCd2IyUXRZVzV1YjNSaGRHVXRkMlZpYUc5dmF5NWtaV1poZFd4MExuTjJZekFnRncweU16QTQKTXpFd01qVXdNemRhR0E4ek1ESXpNREV3TVRBeU5UQXpOMW93Z1lNeEN6QUpCZ05WQkFZVEFrTk9NUkF3RGdZRApWUVFJRXdkQ1pXbHFhVzVuTVJBd0RnWURWUVFIRXdkQ1pXbHFhVzVuTVJRd0VnWURWUVFLRXd0VmJtbDBaV1JUCmRHRmphekVQTUEwR0ExVUVDeE1HUkdWMmIzQnpNU2t3SndZRFZRUURFeUJ3YjJRdFlXNXViM1JoZEdVdGQyVmkKYUc5dmF5NWtaV1poZFd4MExuTjJZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQgpBTXVrYTFBS0tYNko2UWhrQmQ2clNyRzh0a3ZsbG5lcW5PTE5ya0FZMGV0VXNtS3hlZnJoYUhjNlhjdTJYcGFZCitGRWxTeEU0ZGNKa09YWmpGTDg4c3RleXRqOWFHaG5uOHN3WnozMWFNUU5iMWJERjIvTTdVWm16bjVKdG1IV2MKKzdnUUJORDN5Myt6SFZyaWNYVnNxb2ppSFhoN0huUC8vVlRNellrTUhtUk9ER0ZZTUlRVmowcDl3VFVYMnE3NQphSS9zMTY2Vi9CRURIbHNlc29SbnVjU0h4R2JtMzF3TnNQSFQzOWpIRHEvV3AvNytzNnpjT3hZekt1MzdIOWN1CkIycDhRNUp6NWdtazFuU01JZU1rUGhveStWUXYrRHR2TnNnN2tWOGhvTERKOWdBdW5obDFUbVNLQmU2elM1SUsKS3RaWFNENE1NQjc3VC9CTXBmU3VLQ01DQXdFQUFhTk9NRXd3S3dZRFZSMFJCQ1F3SW9JZ2NHOWtMV0Z1Ym05MApZWFJsTFhkbFltaHZiMnN1WkdWbVlYVnNkQzV6ZG1Nd0hRWURWUjBPQkJZRUZMZGgycnVhYjAxSERSN2xGWlBHClRUbEU1ZXg0TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFESEJONmNNdmZ1OTJpWjZEM1ZLUDdFbnIzWHF4cXYKUE9CdTdMRnlxRVBySlZ4L2E0ME5zUXQzYlk4NWUzOXM5aERHRklYcTVwcXpQRFl3WUxnUW8za2IyVjJCVVVmcwpBZmtjVE9DbExsK3dDK2kzTm9mZzNLZC9CckUxelRhUGc1UmFkRU5HUVZmbjZ6a3NYNEVBaXJhUmdhVW9uQmFPCk5WdUFLZ1phSVovUXJjQ1RjSGZMNC9yeVNWT0hTSzRZa05RWFVWZnhscGJCaU9HRUg3N2NqS3g2eEpjSHZTYnoKVXJtZlFHQ25IS25aWUJhSVJ2ZTErWGtEbEllUkFlTlB1SWh2YjRKZm0yNmxYbnFVcXpoeEd4b29wQi81eHN6NwoyeEpmWFdwdzhVZWpudGYxRzRIYytyVStJL1dnRnM2WTRFb3pTUzVKOWtCVHNYSkdFb011cVFhbAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== service: - name: kcl-operator-webhook-service - namespace: kcl-operator-system - path: /validate-v1-prometheusrule - failurePolicy: Fail - name: prometheusrule-validating-webhook.example.com + name: pod-annotate-webhook + namespace: default + path: /mutate + name: pod-annotate-webhook.slok.dev rules: - apiGroups: - "" @@ -336,6 +195,6 @@ webhooks: - v1 operations: - CREATE - - UPDATE resources: - pods + sideEffects: None diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml deleted file mode 100644 index d361f62..0000000 --- a/config/certmanager/certificate.yaml +++ /dev/null @@ -1,26 +0,0 @@ -# The following manifests contain a self-signed issuer CR and a certificate CR. -# More document can be found at https://docs.cert-manager.io -# WARNING: Targets CertManager 0.11 check https://docs.cert-manager.io/en/latest/tasks/upgrading/index.html for -# breaking changes -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer - namespace: system -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml - namespace: system -spec: - # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize - dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local - issuerRef: - kind: Issuer - name: selfsigned-issuer - secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize diff --git a/config/certmanager/kustomization.yaml b/config/certmanager/kustomization.yaml deleted file mode 100644 index bebea5a..0000000 --- a/config/certmanager/kustomization.yaml +++ /dev/null @@ -1,5 +0,0 @@ -resources: -- certificate.yaml - -configurations: -- kustomizeconfig.yaml diff --git a/config/certmanager/kustomizeconfig.yaml b/config/certmanager/kustomizeconfig.yaml deleted file mode 100644 index 90d7c31..0000000 --- a/config/certmanager/kustomizeconfig.yaml +++ /dev/null @@ -1,16 +0,0 @@ -# This configuration is for teaching kustomize how to update name ref and var substitution -nameReference: -- kind: Issuer - group: cert-manager.io - fieldSpecs: - - kind: Certificate - group: cert-manager.io - path: spec/issuerRef/name - -varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames diff --git a/config/crds/krm.kcl.dev_kclruns.yaml b/config/crds/krm.kcl.dev_kclruns.yaml deleted file mode 100644 index f1305fb..0000000 --- a/config/crds/krm.kcl.dev_kclruns.yaml +++ /dev/null @@ -1,54 +0,0 @@ ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.12.0 - name: kclruns.krm.kcl.dev -spec: - group: krm.kcl.dev - names: - kind: KCLRun - listKind: KCLRunList - plural: kclruns - singular: kclrun - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: KCLRun is the Schema for the kclruns API - properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string - metadata: - type: object - spec: - description: KCLRunSpec defines the desired state of KCLRun - properties: - params: - description: Params are the parameters in key-value pairs format. - type: object - source: - description: Source is a required field for providing a KCL script - inline. - type: string - required: - - source - type: object - status: - description: KCLRunStatus defines the observed state of KCLRun - type: object - type: object - served: true - storage: true - subresources: - status: {} diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index e361da0..81dae0b 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -1,73 +1,6 @@ # Adds namespace to all resources. -namespace: kcl-operator-system - -# Value of this field is prepended to the -# names of all resources, e.g. a deployment named -# "wordpress" becomes "alices-wordpress". -# Note that it should also match with the prefix (text before '-') of the namespace -# field above. -namePrefix: kcl-operator- - -# Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue - -bases: +namespace: default +resources: - ../crd - ../rbac -- ../manager - ../webhook -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- ../webhook -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required. -#- ../certmanager -# [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'. -#- ../prometheus - -patchesStrategicMerge: -# Protect the /metrics endpoint by putting it behind auth. -# If you want your controller-manager to expose the /metrics -# endpoint w/o any authn/z, please comment the following line. -- manager_auth_proxy_patch.yaml - - - -# [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in -# crd/kustomization.yaml -#- manager_webhook_patch.yaml - -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. -# Uncomment 'CERTMANAGER' sections in crd/kustomization.yaml to enable the CA injection in the admission webhooks. -# 'CERTMANAGER' needs to be enabled to use ca injection -#- webhookcainjection_patch.yaml - -# the following config is for teaching kustomize how to do var substitution -vars: -# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -# - name: CERTIFICATE_NAMESPACE # namespace of the certificate CR -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -# fieldref: -# fieldpath: metadata.namespace -# - name: CERTIFICATE_NAME -# objref: -# kind: Certificate -# group: cert-manager.io -# version: v1 -# name: serving-cert # this name should match the one in certificate.yaml -- name: SERVICE_NAMESPACE # namespace of the service - objref: - kind: Service - version: v1 - name: webhook-service - fieldref: - fieldpath: metadata.namespace -- name: SERVICE_NAME - objref: - kind: Service - version: v1 - name: webhook-service diff --git a/config/default/manager_auth_proxy_patch.yaml b/config/default/manager_auth_proxy_patch.yaml deleted file mode 100644 index 77e743d..0000000 --- a/config/default/manager_auth_proxy_patch.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# This patch inject a sidecar container which is a HTTP proxy for the -# controller manager, it performs RBAC authorization against the Kubernetes API using SubjectAccessReviews. -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: kube-rbac-proxy - image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0 - args: - - "--secure-listen-address=0.0.0.0:8443" - - "--upstream=http://127.0.0.1:8080/" - - "--logtostderr=true" - - "--v=10" - ports: - - containerPort: 8443 - name: https - - name: manager - args: - - "--metrics-addr=127.0.0.1:8080" - - "--enable-leader-election" diff --git a/config/default/manager_webhook_patch.yaml b/config/default/manager_webhook_patch.yaml deleted file mode 100644 index 738de35..0000000 --- a/config/default/manager_webhook_patch.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system -spec: - template: - spec: - containers: - - name: manager - ports: - - containerPort: 9443 - name: webhook-server - protocol: TCP - volumeMounts: - - mountPath: /tmp/k8s-webhook-server/serving-certs - name: cert - readOnly: true - volumes: - - name: cert - secret: - defaultMode: 420 - secretName: webhook-server-cert diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml deleted file mode 100644 index 4fe5aab..0000000 --- a/config/default/webhookcainjection_patch.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# This patch add annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - name: mutating-webhook-configuration - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - name: prometheus-rule-validating-webhook - annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml deleted file mode 100644 index 5c5f0b8..0000000 --- a/config/manager/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- manager.yaml diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml deleted file mode 100644 index 517b509..0000000 --- a/config/manager/manager.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - control-plane: controller-manager - name: system ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: controller-manager - namespace: system - labels: - control-plane: controller-manager -spec: - selector: - matchLabels: - control-plane: controller-manager - replicas: 1 - template: - metadata: - labels: - control-plane: controller-manager - spec: - containers: - - command: - - /manager - args: - - --enable-leader-election - image: controller:latest - name: manager - resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 10m - memory: 64Mi - terminationGracePeriodSeconds: 10 diff --git a/config/prometheus/kustomization.yaml b/config/prometheus/kustomization.yaml deleted file mode 100644 index ed13716..0000000 --- a/config/prometheus/kustomization.yaml +++ /dev/null @@ -1,2 +0,0 @@ -resources: -- monitor.yaml diff --git a/config/prometheus/monitor.yaml b/config/prometheus/monitor.yaml deleted file mode 100644 index 92a70bf..0000000 --- a/config/prometheus/monitor.yaml +++ /dev/null @@ -1,26 +0,0 @@ - -# Prometheus Monitor Service (Metrics) -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: servicemonitor - app.kubernetes.io/instance: controller-manager-metrics-monitor - app.kubernetes.io/component: metrics - app.kubernetes.io/created-by: kcl-operator - app.kubernetes.io/part-of: kcl-operator - app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-monitor - namespace: system -spec: - endpoints: - - path: /metrics - port: https - scheme: https - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token - tlsConfig: - insecureSkipVerify: true - selector: - matchLabels: - control-plane: controller-manager diff --git a/config/rbac/auth_proxy_client_clusterrole.yaml b/config/rbac/auth_proxy_client_clusterrole.yaml deleted file mode 100644 index 1909b9b..0000000 --- a/config/rbac/auth_proxy_client_clusterrole.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: metrics-reader - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: kcl-operator - app.kubernetes.io/part-of: kcl-operator - app.kubernetes.io/managed-by: kustomize - name: metrics-reader -rules: -- nonResourceURLs: - - "/metrics" - verbs: - - get diff --git a/config/rbac/auth_proxy_role.yaml b/config/rbac/auth_proxy_role.yaml deleted file mode 100644 index 0b975d8..0000000 --- a/config/rbac/auth_proxy_role.yaml +++ /dev/null @@ -1,24 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/name: clusterrole - app.kubernetes.io/instance: proxy-role - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: kcl-operator - app.kubernetes.io/part-of: kcl-operator - app.kubernetes.io/managed-by: kustomize - name: proxy-role -rules: -- apiGroups: - - authentication.k8s.io - resources: - - tokenreviews - verbs: - - create -- apiGroups: - - authorization.k8s.io - resources: - - subjectaccessreviews - verbs: - - create diff --git a/config/rbac/auth_proxy_role_binding.yaml b/config/rbac/auth_proxy_role_binding.yaml deleted file mode 100644 index 04b7d3c..0000000 --- a/config/rbac/auth_proxy_role_binding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/name: clusterrolebinding - app.kubernetes.io/instance: proxy-rolebinding - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: kcl-operator - app.kubernetes.io/part-of: kcl-operator - app.kubernetes.io/managed-by: kustomize - name: proxy-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: proxy-role -subjects: -- kind: ServiceAccount - name: controller-manager - namespace: system diff --git a/config/rbac/auth_proxy_service.yaml b/config/rbac/auth_proxy_service.yaml deleted file mode 100644 index 80cd4ca..0000000 --- a/config/rbac/auth_proxy_service.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - labels: - control-plane: controller-manager - app.kubernetes.io/name: service - app.kubernetes.io/instance: controller-manager-metrics-service - app.kubernetes.io/component: kube-rbac-proxy - app.kubernetes.io/created-by: kcl-operator - app.kubernetes.io/part-of: kcl-operator - app.kubernetes.io/managed-by: kustomize - name: controller-manager-metrics-service - namespace: system -spec: - ports: - - name: https - port: 8443 - protocol: TCP - targetPort: https - selector: - control-plane: controller-manager diff --git a/config/rbac/kustomization.yaml b/config/rbac/kustomization.yaml index 731832a..55d4d0c 100644 --- a/config/rbac/kustomization.yaml +++ b/config/rbac/kustomization.yaml @@ -7,12 +7,3 @@ resources: - service_account.yaml - role.yaml - role_binding.yaml -- leader_election_role.yaml -- leader_election_role_binding.yaml -# Comment the following 4 lines if you want to disable -# the auth proxy (https://github.com/brancz/kube-rbac-proxy) -# which protects your /metrics endpoint. -- auth_proxy_service.yaml -- auth_proxy_role.yaml -- auth_proxy_role_binding.yaml -- auth_proxy_client_clusterrole.yaml diff --git a/config/rbac/leader_election_role.yaml b/config/rbac/leader_election_role.yaml deleted file mode 100644 index 355d88f..0000000 --- a/config/rbac/leader_election_role.yaml +++ /dev/null @@ -1,37 +0,0 @@ -# permissions to do leader election. -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: leader-election-role -rules: -- apiGroups: - - "" - resources: - - configmaps - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - configmaps/status - verbs: - - get - - list - - watch - - create - - update - - patch - - delete -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch diff --git a/config/rbac/leader_election_role_binding.yaml b/config/rbac/leader_election_role_binding.yaml deleted file mode 100644 index eed1690..0000000 --- a/config/rbac/leader_election_role_binding.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: leader-election-rolebinding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: leader-election-role -subjects: -- kind: ServiceAccount - name: default - namespace: system diff --git a/config/samples/krm.kcl.dev_v1alpha1_kclrun.yaml b/config/samples/krm.kcl.dev_v1alpha1_kclrun.yaml deleted file mode 100644 index 696aa3a..0000000 --- a/config/samples/krm.kcl.dev_v1alpha1_kclrun.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: krm.kcl.dev/v1alpha1 -kind: KCLRun -metadata: - labels: - app.kubernetes.io/name: kclrun - app.kubernetes.io/instance: kclrun-sample - app.kubernetes.io/part-of: kcl-operator - app.kubernetes.io/managed-by: kustomize - app.kubernetes.io/created-by: kcl-operator - name: kclrun-sample -spec: - # TODO(user): Add fields here diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml deleted file mode 100644 index 464437e..0000000 --- a/config/samples/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -## Append samples you want in your CSV to this file as resources ## -resources: -- krm.kcl.dev_v1alpha1_kclrun.yaml -#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/webhook/kustomization.yaml b/config/webhook/kustomization.yaml index 438f0af..b80552c 100644 --- a/config/webhook/kustomization.yaml +++ b/config/webhook/kustomization.yaml @@ -1,12 +1,9 @@ resources: -- manifests.yaml -- service.yaml - -configurations: -- kustomizeconfig.yaml +- webhook-certs.yaml +- webhook.yaml +- webhook-registration.yaml apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization images: - name: controller - newName: controller - newTag: latest + newName: kcllang/webhookserver diff --git a/config/webhook/kustomizeconfig.yaml b/config/webhook/kustomizeconfig.yaml deleted file mode 100644 index 25e21e3..0000000 --- a/config/webhook/kustomizeconfig.yaml +++ /dev/null @@ -1,25 +0,0 @@ -# the following config is for teaching kustomize where to look at when substituting vars. -# It requires kustomize v2.1.0 or newer to work properly. -nameReference: -- kind: Service - version: v1 - fieldSpecs: - - kind: MutatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name - - kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/name - -namespace: -- kind: MutatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true -- kind: ValidatingWebhookConfiguration - group: admissionregistration.k8s.io - path: webhooks/clientConfig/service/namespace - create: true - -varReference: -- path: metadata/annotations diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 04d4860..2df6781 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -1,19 +1,19 @@ --- apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration +kind: MutatingWebhookConfiguration metadata: creationTimestamp: null - name: validating-webhook-configuration + name: mutating-webhook-configuration webhooks: - admissionReviewVersions: - - v1 + - v1beta1 clientConfig: service: name: webhook-service namespace: system - path: /validate-v1alpha1-kcl-run + path: /mutate failurePolicy: Fail - name: kcl-run-validating-webhook.kcl-lang.io + name: pod-annotate-webhook.slok.dev rules: - apiGroups: - "" diff --git a/config/webhook/service.yaml b/config/webhook/service.yaml deleted file mode 100644 index b337f01..0000000 --- a/config/webhook/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - annotations: - service.alpha.openshift.io/serving-cert-secret-name: kcl-operator-serving-cert - labels: - webhook: kcl-operator - name: webhook-service - namespace: system -spec: - ports: - - port: 443 - targetPort: 9443 - selector: - webhook: kcl-operator diff --git a/config/webhook/webhook-certs.yaml b/config/webhook/webhook-certs.yaml new file mode 100644 index 0000000..bf9837e --- /dev/null +++ b/config/webhook/webhook-certs.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ1akNDQXM2Z0F3SUJBZ0lVSk03UjJPZ1JpcUN4dGZpaDRhZHpMbnF3aTVJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZTXhDekFKQmdOVkJBWVRBa05PTVJBd0RnWURWUVFJRXdkQ1pXbHFhVzVuTVJBd0RnWURWUVFIRXdkQwpaV2xxYVc1bk1SUXdFZ1lEVlFRS0V3dFZibWwwWldSVGRHRmphekVQTUEwR0ExVUVDeE1HUkdWMmIzQnpNU2t3Ckp3WURWUVFERXlCd2IyUXRZVzV1YjNSaGRHVXRkMlZpYUc5dmF5NWtaV1poZFd4MExuTjJZekFnRncweU16QTQKTXpFd01qVXdNemRhR0E4ek1ESXpNREV3TVRBeU5UQXpOMW93Z1lNeEN6QUpCZ05WQkFZVEFrTk9NUkF3RGdZRApWUVFJRXdkQ1pXbHFhVzVuTVJBd0RnWURWUVFIRXdkQ1pXbHFhVzVuTVJRd0VnWURWUVFLRXd0VmJtbDBaV1JUCmRHRmphekVQTUEwR0ExVUVDeE1HUkdWMmIzQnpNU2t3SndZRFZRUURFeUJ3YjJRdFlXNXViM1JoZEdVdGQyVmkKYUc5dmF5NWtaV1poZFd4MExuTjJZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQgpBTXVrYTFBS0tYNko2UWhrQmQ2clNyRzh0a3ZsbG5lcW5PTE5ya0FZMGV0VXNtS3hlZnJoYUhjNlhjdTJYcGFZCitGRWxTeEU0ZGNKa09YWmpGTDg4c3RleXRqOWFHaG5uOHN3WnozMWFNUU5iMWJERjIvTTdVWm16bjVKdG1IV2MKKzdnUUJORDN5Myt6SFZyaWNYVnNxb2ppSFhoN0huUC8vVlRNellrTUhtUk9ER0ZZTUlRVmowcDl3VFVYMnE3NQphSS9zMTY2Vi9CRURIbHNlc29SbnVjU0h4R2JtMzF3TnNQSFQzOWpIRHEvV3AvNytzNnpjT3hZekt1MzdIOWN1CkIycDhRNUp6NWdtazFuU01JZU1rUGhveStWUXYrRHR2TnNnN2tWOGhvTERKOWdBdW5obDFUbVNLQmU2elM1SUsKS3RaWFNENE1NQjc3VC9CTXBmU3VLQ01DQXdFQUFhTk9NRXd3S3dZRFZSMFJCQ1F3SW9JZ2NHOWtMV0Z1Ym05MApZWFJsTFhkbFltaHZiMnN1WkdWbVlYVnNkQzV6ZG1Nd0hRWURWUjBPQkJZRUZMZGgycnVhYjAxSERSN2xGWlBHClRUbEU1ZXg0TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFESEJONmNNdmZ1OTJpWjZEM1ZLUDdFbnIzWHF4cXYKUE9CdTdMRnlxRVBySlZ4L2E0ME5zUXQzYlk4NWUzOXM5aERHRklYcTVwcXpQRFl3WUxnUW8za2IyVjJCVVVmcwpBZmtjVE9DbExsK3dDK2kzTm9mZzNLZC9CckUxelRhUGc1UmFkRU5HUVZmbjZ6a3NYNEVBaXJhUmdhVW9uQmFPCk5WdUFLZ1phSVovUXJjQ1RjSGZMNC9yeVNWT0hTSzRZa05RWFVWZnhscGJCaU9HRUg3N2NqS3g2eEpjSHZTYnoKVXJtZlFHQ25IS25aWUJhSVJ2ZTErWGtEbEllUkFlTlB1SWh2YjRKZm0yNmxYbnFVcXpoeEd4b29wQi81eHN6NwoyeEpmWFdwdzhVZWpudGYxRzRIYytyVStJL1dnRnM2WTRFb3pTUzVKOWtCVHNYSkdFb011cVFhbAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + key.pem: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2QUlCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktZd2dnU2lBZ0VBQW9JQkFRRExwR3RRQ2lsK2lla0kKWkFYZXEwcXh2TFpMNVpaM3Fweml6YTVBR05IclZMSmlzWG42NFdoM09sM0x0bDZXbVBoUkpVc1JPSFhDWkRsMgpZeFMvUExMWHNyWS9XaG9aNS9MTUdjOTlXakVEVzlXd3hkdnpPMUdaczUrU2JaaDFuUHU0RUFUUTk4dC9zeDFhCjRuRjFiS3FJNGgxNGV4NXovLzFVek0ySkRCNWtUZ3hoV0RDRUZZOUtmY0UxRjlxdStXaVA3TmV1bGZ3UkF4NWIKSHJLRVo3bkVoOFJtNXQ5Y0RiRHgwOS9ZeHc2djFxZisvck9zM0RzV015cnQreC9YTGdkcWZFT1NjK1lKcE5aMApqQ0hqSkQ0YU12bFVML2c3YnpiSU81RmZJYUN3eWZZQUxwNFpkVTVraWdYdXMwdVNDaXJXVjBnK0REQWUrMC93ClRLWDByaWdqQWdNQkFBRUNnZ0VBTDRpaCtlMWRVU21jeVBZYi9xVktDcUhMaFh6Q09nMkxrRTlGVUxYYWJnMTMKbEJ6c0paanUyd0czT2lGSUErd1I3bEwvcWpYZEd2SnREVXJFWVgwb0c3d2QyVHpOWWVXbjRXZFc3T0ljRmJZZQpjNlJEbW90cW1TOTUzR0tUbDBSODV6SnFCV01KejdWOThTUnhLbUVpajFBRVpBYU5EYk9mck9jZlJOR2MySG1LCmR3RXhWZDMxeTFpUkhNS05ndjZZZmMwZ1lNaGFmc3lNMC9oS1dQMVFlcHRCRnNRYktlcFBSNmhSLzRiT0ZYeUEKeXdBNVZWZ1p4VWF0MElWbCt2UnZXUWE3SUdOQTFSVmxNK0lEWW9HaE1wVGg2OGl4ajdaL3ZIbVpBOVJxTDl3NQpMajFHKzJldUtvYzdJY0dZRkwzT1MvdFpqSm1lVTlaNDdqaTBqM0t6UFFLQmdRRDJrdXh3Ym5SWVo0Tzl0eTQ3CnlZa3dDNFh3VFpXampwdmR6VjRSWlFCRXd4UlF4OTVPV0RoU1U3d3o2MHczZkprUTFPUnFycGx4QytraVMxMmkKRHo2ZFN3eDZ0M01NWTh4dGZXNFMrVFVrMUN4ZHpUQVVBdFRENThYRlRZdVVGTjdlZFlrZmZMbkxkbUd0TU5USwovUVlOV0F4UWM2NGkraTFDSXF1bDcwMXVid0tCZ1FEVGJWa3BJczJ0QzYrdHREajBwUFVnNDdJeTZhdVdnREdPCmVwS0xmeVk3M2J3dm5vTHNnT2pXVkloOGd5Umc3a1JPQ0pNRlZWdXAzSDdRUzFjQkpyMHlZMmwwejhCUEZCQ20KbUVMY3BHcmtCUjVqT0creThubXNyLzJkMjF1NmRCbDJtcUQ5UGJuOHhjbG1PTVAwam9aZW5LRnBLMW5UdUJ1TQpVSldoNlJkN2pRS0JnRkp0K1piNGhmS0w0SEhLekN6MmllTkM1dXJYdFAreGpBL1JPUEpOdHBKR09RTnNYYmdKCkxBTHh0VWdTRUMrNGVwOHkzSTJCZ3hCVXNBSmorWkJVMGxUWkl2bmZYQm0zUHo4WElIWTlVM1BWYm1PSlZkcEsKdkFBbCttcWtLdFk5UitoTW1LT3JHWjJZSEwwK1J0VDVVMDJnc3JVdWh2ZHdkVExYemxReHRNd0hBb0dBVCtXYwpzZnppK0tmWDVhNmJiMmYrOGtUWmpIL2RSZXgvemJYb055ci9pZFFMVDN0NVFtS2NtcElyV2RJOUp4d2pWOUhKCnJWUktaWEJidzk4VXEreTF4cHJtdVN2aElvRVVvY0FjVkVFVjI4RkxjSGRkVHFSdThxRTNHRFpTL2F6dUNuSDQKc0hwcEZHcXg1eDFBZitSMFJzQ3VCbzVKVGNiZk1qRXB1cHZaTWVrQ2dZQmdmK3Bzc1dVc2p0ejg5bXBTQWlyQwovMG5ncXA3K1dHWWI4QzMxQmRBSGNsWER0ZzBwZHk4QkhjQndIWHBTMlpVZk5rN1pieVZDMzRxYndCa1FrcXc2CjZ3SnI1bWJheDNZbDdJTXVKQlRWdmpxN0JBU1dKS21ZUERBT2JsTGYyMW1SK3oxYXBFSjZkbUE5aHBtNDB6V3oKOWV3T0NjRWJFaGw0Wm9nREJjc1kwdz09Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K +kind: Secret +metadata: + creationTimestamp: null + name: pod-annotate-webhook-certs diff --git a/config/webhook/webhook-registration.yaml b/config/webhook/webhook-registration.yaml new file mode 100644 index 0000000..7cffb75 --- /dev/null +++ b/config/webhook/webhook-registration.yaml @@ -0,0 +1,22 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: pod-annotate-webhook + labels: + app: pod-annotate-webhook + kind: mutator +webhooks: + - name: pod-annotate-webhook.slok.dev + clientConfig: + service: + name: pod-annotate-webhook + namespace: default + path: "/mutate" + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ1akNDQXM2Z0F3SUJBZ0lVSk03UjJPZ1JpcUN4dGZpaDRhZHpMbnF3aTVJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZTXhDekFKQmdOVkJBWVRBa05PTVJBd0RnWURWUVFJRXdkQ1pXbHFhVzVuTVJBd0RnWURWUVFIRXdkQwpaV2xxYVc1bk1SUXdFZ1lEVlFRS0V3dFZibWwwWldSVGRHRmphekVQTUEwR0ExVUVDeE1HUkdWMmIzQnpNU2t3Ckp3WURWUVFERXlCd2IyUXRZVzV1YjNSaGRHVXRkMlZpYUc5dmF5NWtaV1poZFd4MExuTjJZekFnRncweU16QTQKTXpFd01qVXdNemRhR0E4ek1ESXpNREV3TVRBeU5UQXpOMW93Z1lNeEN6QUpCZ05WQkFZVEFrTk9NUkF3RGdZRApWUVFJRXdkQ1pXbHFhVzVuTVJBd0RnWURWUVFIRXdkQ1pXbHFhVzVuTVJRd0VnWURWUVFLRXd0VmJtbDBaV1JUCmRHRmphekVQTUEwR0ExVUVDeE1HUkdWMmIzQnpNU2t3SndZRFZRUURFeUJ3YjJRdFlXNXViM1JoZEdVdGQyVmkKYUc5dmF5NWtaV1poZFd4MExuTjJZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQgpBTXVrYTFBS0tYNko2UWhrQmQ2clNyRzh0a3ZsbG5lcW5PTE5ya0FZMGV0VXNtS3hlZnJoYUhjNlhjdTJYcGFZCitGRWxTeEU0ZGNKa09YWmpGTDg4c3RleXRqOWFHaG5uOHN3WnozMWFNUU5iMWJERjIvTTdVWm16bjVKdG1IV2MKKzdnUUJORDN5Myt6SFZyaWNYVnNxb2ppSFhoN0huUC8vVlRNellrTUhtUk9ER0ZZTUlRVmowcDl3VFVYMnE3NQphSS9zMTY2Vi9CRURIbHNlc29SbnVjU0h4R2JtMzF3TnNQSFQzOWpIRHEvV3AvNytzNnpjT3hZekt1MzdIOWN1CkIycDhRNUp6NWdtazFuU01JZU1rUGhveStWUXYrRHR2TnNnN2tWOGhvTERKOWdBdW5obDFUbVNLQmU2elM1SUsKS3RaWFNENE1NQjc3VC9CTXBmU3VLQ01DQXdFQUFhTk9NRXd3S3dZRFZSMFJCQ1F3SW9JZ2NHOWtMV0Z1Ym05MApZWFJsTFhkbFltaHZiMnN1WkdWbVlYVnNkQzV6ZG1Nd0hRWURWUjBPQkJZRUZMZGgycnVhYjAxSERSN2xGWlBHClRUbEU1ZXg0TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFESEJONmNNdmZ1OTJpWjZEM1ZLUDdFbnIzWHF4cXYKUE9CdTdMRnlxRVBySlZ4L2E0ME5zUXQzYlk4NWUzOXM5aERHRklYcTVwcXpQRFl3WUxnUW8za2IyVjJCVVVmcwpBZmtjVE9DbExsK3dDK2kzTm9mZzNLZC9CckUxelRhUGc1UmFkRU5HUVZmbjZ6a3NYNEVBaXJhUmdhVW9uQmFPCk5WdUFLZ1phSVovUXJjQ1RjSGZMNC9yeVNWT0hTSzRZa05RWFVWZnhscGJCaU9HRUg3N2NqS3g2eEpjSHZTYnoKVXJtZlFHQ25IS25aWUJhSVJ2ZTErWGtEbEllUkFlTlB1SWh2YjRKZm0yNmxYbnFVcXpoeEd4b29wQi81eHN6NwoyeEpmWFdwdzhVZWpudGYxRzRIYytyVStJL1dnRnM2WTRFb3pTUzVKOWtCVHNYSkdFb011cVFhbAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + rules: + - operations: [ "CREATE" ] + apiGroups: [""] + apiVersions: ["v1"] + resources: ["pods"] + sideEffects: None + admissionReviewVersions: ["v1beta1"] diff --git a/config/webhook/webhook.yaml b/config/webhook/webhook.yaml new file mode 100644 index 0000000..459b8bc --- /dev/null +++ b/config/webhook/webhook.yaml @@ -0,0 +1,46 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: pod-annotate-webhook + labels: + app: pod-annotate-webhook +spec: + replicas: 1 + selector: + matchLabels: + app: pod-annotate-webhook + template: + metadata: + labels: + app: pod-annotate-webhook + spec: + containers: + - name: pod-annotate-webhook + image: kcllang/webhookserver + imagePullPolicy: Always + args: + - -tls-cert-file=/etc/webhook/certs/cert.pem + - -tls-key-file=/etc/webhook/certs/key.pem + - -addr=:8081 + volumeMounts: + - name: webhook-certs + mountPath: /etc/webhook/certs + readOnly: true + volumes: + - name: webhook-certs + secret: + secretName: pod-annotate-webhook-certs +--- +apiVersion: v1 +kind: Service +metadata: + name: pod-annotate-webhook + labels: + app: pod-annotate-webhook +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 8081 + selector: + app: pod-annotate-webhook diff --git a/controllers/kclrun_controller.go b/controllers/kclrun_controller.go deleted file mode 100644 index 74c997e..0000000 --- a/controllers/kclrun_controller.go +++ /dev/null @@ -1,62 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "context" - - "k8s.io/apimachinery/pkg/runtime" - ctrl "sigs.k8s.io/controller-runtime" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/log" - - krmkcldevv1alpha1 "kcl-lang.io/kcl-operator/api/kclrun/v1alpha1" -) - -// KCLRunReconciler reconciles a KCLRun object -type KCLRunReconciler struct { - client.Client - Scheme *runtime.Scheme -} - -//+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns,verbs=get;list;watch;create;update;patch;delete -//+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns/status,verbs=get;update;patch -//+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns/finalizers,verbs=update - -// Reconcile is part of the main kubernetes reconciliation loop which aims to -// move the current state of the cluster closer to the desired state. -// TODO(user): Modify the Reconcile function to compare the state specified by -// the KCLRun object against the actual cluster state, and then -// perform operations to make the cluster state reflect the state specified by -// the user. -// -// For more details, check Reconcile and its Result here: -// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.14.1/pkg/reconcile -func (r *KCLRunReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { - _ = log.FromContext(ctx) - - // TODO(user): your logic here - - return ctrl.Result{}, nil -} - -// SetupWithManager sets up the controller with the Manager. -func (r *KCLRunReconciler) SetupWithManager(mgr ctrl.Manager) error { - return ctrl.NewControllerManagedBy(mgr). - For(&krmkcldevv1alpha1.KCLRun{}). - Complete(r) -} diff --git a/controllers/suite_test.go b/controllers/suite_test.go deleted file mode 100644 index 20d7a27..0000000 --- a/controllers/suite_test.go +++ /dev/null @@ -1,80 +0,0 @@ -/* -Copyright 2023. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package controllers - -import ( - "path/filepath" - "testing" - - . "github.com/onsi/ginkgo/v2" - . "github.com/onsi/gomega" - - "k8s.io/client-go/kubernetes/scheme" - "k8s.io/client-go/rest" - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/envtest" - logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/log/zap" - - krmkcldevv1alpha1 "kcl-lang.io/kcl-operator/api/kclrun/v1alpha1" - //+kubebuilder:scaffold:imports -) - -// These tests use Ginkgo (BDD-style Go testing framework). Refer to -// http://onsi.github.io/ginkgo/ to learn more about Ginkgo. - -var cfg *rest.Config -var k8sClient client.Client -var testEnv *envtest.Environment - -func TestAPIs(t *testing.T) { - RegisterFailHandler(Fail) - - RunSpecs(t, "Controller Suite") -} - -var _ = BeforeSuite(func() { - logf.SetLogger(zap.New(zap.WriteTo(GinkgoWriter), zap.UseDevMode(true))) - - By("bootstrapping test environment") - testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, - ErrorIfCRDPathMissing: true, - } - - var err error - // cfg is defined in this file globally. - cfg, err = testEnv.Start() - Expect(err).NotTo(HaveOccurred()) - Expect(cfg).NotTo(BeNil()) - - err = krmkcldevv1alpha1.AddToScheme(scheme.Scheme) - Expect(err).NotTo(HaveOccurred()) - - //+kubebuilder:scaffold:scheme - - k8sClient, err = client.New(cfg, client.Options{Scheme: scheme.Scheme}) - Expect(err).NotTo(HaveOccurred()) - Expect(k8sClient).NotTo(BeNil()) - -}) - -var _ = AfterSuite(func() { - By("tearing down the test environment") - err := testEnv.Stop() - Expect(err).NotTo(HaveOccurred()) -}) diff --git a/go.mod b/go.mod index 8511f17..b9042b9 100644 --- a/go.mod +++ b/go.mod @@ -3,9 +3,8 @@ module kcl-lang.io/kcl-operator go 1.20 require ( - github.com/onsi/ginkgo/v2 v2.11.0 - github.com/onsi/gomega v1.27.10 - k8s.io/api v0.28.0 + github.com/sirupsen/logrus v1.9.0 + github.com/slok/kubewebhook/v2 v2.5.0 k8s.io/apimachinery v0.28.0 k8s.io/client-go v0.28.0 kcl-lang.io/krm-kcl v0.4.1 @@ -18,30 +17,30 @@ require ( cloud.google.com/go v0.110.0 // indirect cloud.google.com/go/compute v1.19.0 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect - cloud.google.com/go/iam v1.0.0 // indirect - cloud.google.com/go/storage v1.29.0 // indirect + cloud.google.com/go/iam v0.13.0 // indirect + cloud.google.com/go/storage v1.28.1 // indirect github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 // indirect github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect github.com/BurntSushi/toml v1.2.1 // indirect github.com/GoogleContainerTools/kpt-functions-sdk/go/api v0.0.0-20220720212527-133180134b93 // indirect github.com/GoogleContainerTools/kpt-functions-sdk/go/fn v0.0.0-20230427202446-3255accc518d // indirect github.com/Microsoft/go-winio v0.6.0 // indirect - github.com/ProtonMail/go-crypto v0.0.0-20230331115716-d34776aa93ec // indirect + github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 // indirect github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect github.com/acomagu/bufpipe v1.0.4 // indirect - github.com/aws/aws-sdk-go v1.44.204 // indirect + github.com/aws/aws-sdk-go v1.44.122 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chai2010/jsonv v1.1.3 // indirect github.com/chai2010/protorpc v1.1.4 // indirect - github.com/cloudflare/circl v1.3.3 // indirect + github.com/cloudflare/circl v1.1.0 // indirect github.com/containerd/containerd v1.7.0 // indirect github.com/cyphar/filepath-securejoin v0.2.3 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/docker/cli v23.0.2+incompatible // indirect - github.com/docker/distribution v2.8.2+incompatible // indirect - github.com/docker/docker v23.0.3+incompatible // indirect + github.com/docker/cli v23.0.1+incompatible // indirect + github.com/docker/distribution v2.8.1+incompatible // indirect + github.com/docker/docker v23.0.1+incompatible // indirect github.com/docker/docker-credential-helpers v0.7.0 // indirect github.com/docker/go-connections v0.4.0 // indirect github.com/docker/go-metrics v0.0.1 // indirect @@ -56,23 +55,20 @@ require ( github.com/go-git/go-git/v5 v5.6.1 // indirect github.com/go-logr/logr v1.2.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-logr/zapr v1.2.4 // indirect github.com/go-openapi/jsonpointer v0.19.6 // indirect github.com/go-openapi/jsonreference v0.20.2 // indirect github.com/go-openapi/swag v0.22.3 // indirect - github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/gofrs/flock v0.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.3 // indirect - github.com/golang/snappy v0.0.4 // indirect + github.com/golang/snappy v0.0.3 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/go-cmp v0.5.9 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect github.com/google/uuid v1.3.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect - github.com/googleapis/gax-go/v2 v2.8.0 // indirect + github.com/googleapis/gax-go/v2 v2.7.1 // indirect github.com/gorilla/mux v1.8.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-getter v1.7.1 // indirect @@ -85,7 +81,7 @@ require ( github.com/json-iterator/go v1.1.12 // indirect github.com/julienschmidt/httprouter v1.3.0 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/klauspost/compress v1.16.3 // indirect + github.com/klauspost/compress v1.16.0 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect @@ -98,8 +94,10 @@ require ( github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect github.com/morikuni/aec v1.0.0 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/onsi/ginkgo/v2 v2.11.0 // indirect + github.com/onsi/gomega v1.27.10 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect - github.com/opencontainers/image-spec v1.1.0-rc3 // indirect + github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b // indirect github.com/otiai10/copy v1.9.0 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pkg/errors v0.9.1 // indirect @@ -108,8 +106,7 @@ require ( github.com/prometheus/client_model v0.4.0 // indirect github.com/prometheus/common v0.44.0 // indirect github.com/prometheus/procfs v0.10.1 // indirect - github.com/sergi/go-diff v1.3.1 // indirect - github.com/sirupsen/logrus v1.9.0 // indirect + github.com/sergi/go-diff v1.1.0 // indirect github.com/skeema/knownhosts v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/thoas/go-funk v0.9.3 // indirect @@ -119,13 +116,12 @@ require ( go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/otel v1.14.0 // indirect go.opentelemetry.io/otel/trace v1.14.0 // indirect - go.uber.org/multierr v1.11.0 // indirect go.uber.org/zap v1.25.0 // indirect golang.org/x/crypto v0.11.0 // indirect golang.org/x/mod v0.10.0 // indirect golang.org/x/net v0.13.0 // indirect golang.org/x/oauth2 v0.8.0 // indirect - golang.org/x/sync v0.3.0 // indirect + golang.org/x/sync v0.2.0 // indirect golang.org/x/sys v0.11.0 // indirect golang.org/x/term v0.10.0 // indirect golang.org/x/text v0.11.0 // indirect @@ -133,7 +129,9 @@ require ( golang.org/x/tools v0.9.3 // indirect golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/api v0.115.0 // indirect + gomodules.xyz/jsonpatch/v3 v3.0.1 // indirect + gomodules.xyz/orderedmap v0.1.0 // indirect + google.golang.org/api v0.114.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9 // indirect @@ -144,6 +142,7 @@ require ( gopkg.in/warnings.v0 v0.1.2 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect + k8s.io/api v0.28.0 // indirect k8s.io/apiextensions-apiserver v0.28.0 // indirect k8s.io/component-base v0.28.0 // indirect k8s.io/klog/v2 v2.100.1 // indirect @@ -153,7 +152,7 @@ require ( kcl-lang.io/kcl-go v0.5.4 // indirect kcl-lang.io/kpm v0.3.4-0.20230824121556-85a014e222fc // indirect oras.land/oras-go v1.2.3 // indirect - oras.land/oras-go/v2 v2.2.0 // indirect + oras.land/oras-go/v2 v2.0.2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/kustomize/kyaml v0.14.3 // indirect ) diff --git a/go.sum b/go.sum index b9d50f1..2b18714 100644 --- a/go.sum +++ b/go.sum @@ -109,8 +109,8 @@ cloud.google.com/go/gkehub v0.10.0/go.mod h1:UIPwxI0DsrpsVoWpLB0stwKCP+WFVG9+y97 cloud.google.com/go/grafeas v0.2.0/go.mod h1:KhxgtF2hb0P191HlY5besjYm6MqTSTj3LSI+M+ByZHc= cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp4bnY= cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= -cloud.google.com/go/iam v1.0.0 h1:hlQJMovyJJwYjZcTohUH4o1L8Z8kYz+E+W/zktiLCBc= -cloud.google.com/go/iam v1.0.0/go.mod h1:ikbQ4f1r91wTmBmmOtBCOtuEOei6taatNXytzB7Cxew= +cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k= +cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= @@ -172,8 +172,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 cloud.google.com/go/storage v1.22.1/go.mod h1:S8N1cAStu7BOeFfE8KAQzmyyLkK8p/vmRq6kuBTW58Y= cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeLgDvXzfIXc= cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= -cloud.google.com/go/storage v1.29.0 h1:6weCgzRvMg7lzuUurI4697AqIRPU1SvzHhynwpW31jI= -cloud.google.com/go/storage v1.29.0/go.mod h1:4puEjyTKnku6gfKoTfNOU/W+a9JyuVNxjpS5GBrB8h4= +cloud.google.com/go/storage v1.28.1 h1:F5QDG5ChchaAVQhINh24U99OWHURqrW8OmQcGKXcbgI= +cloud.google.com/go/storage v1.28.1/go.mod h1:Qnisd4CqDdo6BGs2AD5LLnEsmSQ80wQ5ogcBBKhU86Y= cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g= cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU= @@ -203,9 +203,8 @@ github.com/Microsoft/go-winio v0.6.0 h1:slsWYD/zyx7lCXoZVlvQrj0hPTM1HI4+v1sIda2y github.com/Microsoft/go-winio v0.6.0/go.mod h1:cTAf44im0RAYeL23bpB+fzCyDH2MJiz2BO69KH/soAE= github.com/Microsoft/hcsshim v0.10.0-rc.7 h1:HBytQPxcv8Oy4244zbQbe6hnOnx544eL5QPUqhJldz8= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= +github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8 h1:wPbRQzjjwFc0ih8puEVAOFGELsn1zoIIYdxvML7mDxA= github.com/ProtonMail/go-crypto v0.0.0-20230217124315-7d5c6f04bbb8/go.mod h1:I0gYDMZ6Z5GRU7l58bNFSkPTFN6Yl12dsUlAZ8xy98g= -github.com/ProtonMail/go-crypto v0.0.0-20230331115716-d34776aa93ec h1:eQusauqzE1cAFR5hGnwkuSmFxKoy3+j9/cVaDeYfjjs= -github.com/ProtonMail/go-crypto v0.0.0-20230331115716-d34776aa93ec/go.mod h1:8TI4H3IbrackdNgv+92dI+rhpCaLqM0IfpgCgenFvRE= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d h1:licZJFw2RwpHMqeKTCYkitsPqHNxTmd4SNR5r94FGM8= github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d/go.mod h1:asat636LX7Bqt5lYEZ27JNDcqxfjdBQuJ/MM4CN/Lzo= @@ -218,11 +217,8 @@ github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuW github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= +github.com/aws/aws-sdk-go v1.44.122 h1:p6mw01WBaNpbdP2xrisz5tIkcNwzj/HysobNoaAHjgo= github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= -github.com/aws/aws-sdk-go v1.44.204 h1:7/tPUXfNOHB390A63t6fJIwmlwVQAkAwcbzKsU2/6OQ= -github.com/aws/aws-sdk-go v1.44.204/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= -github.com/benbjohnson/clock v1.3.0 h1:ip6w0uFQkncKQ979AypyG0ER7mqUSBdKLOgAle/AT8A= github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q= github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -248,9 +244,8 @@ github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWR github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= +github.com/cloudflare/circl v1.1.0 h1:bZgT/A+cikZnKIwn7xL2OBj012Bmvho/o6RpRvv3GKY= github.com/cloudflare/circl v1.1.0/go.mod h1:prBCrKB9DV4poKZY1l9zBXg2QJY7mvgRvtMxxK7fi4I= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= -github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -272,12 +267,12 @@ github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSs github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/distribution/distribution/v3 v3.0.0-20221208165359-362910506bc2 h1:aBfCb7iqHmDEIp6fBvC/hQUddQfg+3qdYjwzaiP9Hnc= -github.com/docker/cli v23.0.2+incompatible h1:Yj4wkrNtyCNLCMobKDYzEUIsbtMbfAulkHMH75/ecik= -github.com/docker/cli v23.0.2+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= -github.com/docker/distribution v2.8.2+incompatible h1:T3de5rq0dB1j30rp0sA2rER+m322EBzniBPB6ZIzuh8= -github.com/docker/distribution v2.8.2+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= -github.com/docker/docker v23.0.3+incompatible h1:9GhVsShNWz1hO//9BNg/dpMnZW25KydO4wtVxWAIbho= -github.com/docker/docker v23.0.3+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= +github.com/docker/cli v23.0.1+incompatible h1:LRyWITpGzl2C9e9uGxzisptnxAn1zfZKXy13Ul2Q5oM= +github.com/docker/cli v23.0.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/distribution v2.8.1+incompatible h1:Q50tZOPR6T/hjNsyc9g8/syEs6bk8XXApsHjKukMl68= +github.com/docker/distribution v2.8.1+incompatible/go.mod h1:J2gT2udsDAN96Uj4KfcMRqY0/ypR+oyYUYmja8H+y+w= +github.com/docker/docker v23.0.1+incompatible h1:vjgvJZxprTTE1A37nm+CLNAdwu6xZekyoiVlUZEINcY= +github.com/docker/docker v23.0.1+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= github.com/docker/docker-credential-helpers v0.7.0 h1:xtCHsjxogADNZcdv1pKUHXryefjlVRqWqIhk/uXJp0A= github.com/docker/docker-credential-helpers v0.7.0/go.mod h1:rETQfLdHNT3foU5kuNkFR1R1V12OJRRO5lzt2D1b5X0= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= @@ -302,6 +297,7 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.m github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/go-control-plane v0.10.2-0.20220325020618-49ff273808a1/go.mod h1:KJwIaB5Mv44NWtYuAOFCVOjcI94vtpEz2JU/D2v6IjE= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch/v5 v5.6.0 h1:b91NhWfaz02IuVxO9faSllyAtNXHMPkC5J8sJCLunww= github.com/evanphx/json-patch/v5 v5.6.0/go.mod h1:G79N1coSVB93tBe7j6PhzjmR3/2VvlbKOFpnXhI9Bw4= @@ -336,7 +332,6 @@ github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbV github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.2.4 h1:QHVo+6stLbfJmYGkQ7uGHUCu5hnAFAj6mDe6Ea0SeOo= -github.com/go-logr/zapr v1.2.4/go.mod h1:FyHWQIzQORZ0QVE1BtVHv3cKtNLuXsbNLtpuhNapBOA= github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE= github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs= github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE= @@ -345,7 +340,6 @@ github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/ github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ= @@ -386,9 +380,8 @@ github.com/golang/protobuf v1.5.1/go.mod h1:DopwsBzvsk0Fs44TXzsVbJyPhcCPeIwnvohx github.com/golang/protobuf v1.5.2/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg= github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= +github.com/golang/snappy v0.0.3 h1:fHPg5GQYlCeLIPB9BZqMVR5nR9A+IM5zcgeTdjMYmLA= github.com/golang/snappy v0.0.3/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= -github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= -github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= github.com/gomodule/redigo v1.8.2 h1:H5XSIre1MB5NbPYFp+i1NBbb5qN1W8Y8YAQoAYbkm8k= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= @@ -452,8 +445,8 @@ github.com/googleapis/gax-go/v2 v2.3.0/go.mod h1:b8LNqSzNabLiUpXKkY7HAR5jr6bIT99 github.com/googleapis/gax-go/v2 v2.4.0/go.mod h1:XOTVJ59hdnfJLIP/dh8n5CGryZR2LxK9wbMD5+iXC6c= github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqEF02fYlzkUCyo= github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= -github.com/googleapis/gax-go/v2 v2.8.0 h1:UBtEZqx1bjXtOQ5BVTkuYghXrr3N4V123VKJK67vJZc= -github.com/googleapis/gax-go/v2 v2.8.0/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= +github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6cvPr8A= +github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/gorilla/handlers v1.5.1 h1:9lRY6j8DEeeBT10CvO9hGW0gmky0BprnvDI5vfhUHH4= github.com/gorilla/mux v1.8.0 h1:i40aqfkR1h2SlN9hojwV5ZA91wcXFOvkdNIeFDP5koI= @@ -500,8 +493,8 @@ github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= -github.com/klauspost/compress v1.16.3 h1:XuJt9zzcnaz6a16/OU53ZjWp/v7/42WcR5t2a0PcNQY= -github.com/klauspost/compress v1.16.3/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.16.0 h1:iULayQNOReoYUe+1qtKOqw9CwJv3aNQu8ivo7lw1HU4= +github.com/klauspost/compress v1.16.0/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -554,8 +547,8 @@ github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI= github.com/onsi/gomega v1.27.10/go.mod h1:RsS8tutOdbdgzbPtzzATp12yT7kM5I5aElG3evPbQ0M= github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U= github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= -github.com/opencontainers/image-spec v1.1.0-rc3 h1:fzg1mXZFj8YdPeNkRXMg+zb88BFV0Ys52cJydRwBkb8= -github.com/opencontainers/image-spec v1.1.0-rc3/go.mod h1:X4pATf0uXsnn3g5aiGIsVnJBR4mxhKzfwmvK/B2NTm8= +github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b h1:YWuSjZCQAPM8UUBLkYUk1e+rZcvWHJmFb6i6rM44Xs8= +github.com/opencontainers/image-spec v1.1.0-rc2.0.20221005185240-3a7f492d3f1b/go.mod h1:3OVijpioIKYWTqjiG0zfF6wvoJ4fAXGbjdZuI2NgsRQ= github.com/otiai10/copy v1.9.0 h1:7KFNiCgZ91Ru4qW4CWPf/7jqtxLagGRmIxWldPP9VY4= github.com/otiai10/copy v1.9.0/go.mod h1:hsfX19wcn0UWIHUQ3/4fHuehhk2UyArQ9dVFAn3FczI= github.com/otiai10/curr v0.0.0-20150429015615-9b4961190c95/go.mod h1:9qAhocn7zKJG+0mI8eUu6xqkFDYS2kb2saOteoSB3cE= @@ -596,15 +589,16 @@ github.com/prometheus/procfs v0.10.1/go.mod h1:nwNm2aOCAYw8uTR/9bWRREkZFxAUcWzPH github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= +github.com/sergi/go-diff v1.1.0 h1:we8PVUC3FE2uYfodKH/nBHMSetSfHDR6scGdBi+erh0= github.com/sergi/go-diff v1.1.0/go.mod h1:STckp+ISIX8hZLjrqAeVduY0gWCT9IjLuqbuNXdaHfM= -github.com/sergi/go-diff v1.3.1 h1:xkr+Oxo4BOQKmkn/B9eMK0g5Kg/983T9DqqPHwYqD+8= -github.com/sergi/go-diff v1.3.1/go.mod h1:aMJSSKb2lpPvRNec0+w3fl7LP9IOFzdc9Pa4NFbPK1I= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/skeema/knownhosts v1.1.0 h1:Wvr9V0MxhjRbl3f9nMnKnFfiWTJmtECJ9Njkea3ysW0= github.com/skeema/knownhosts v1.1.0/go.mod h1:sKFq3RD6/TKZkSWn8boUbDC7Qkgcv+8XXijpFO6roag= +github.com/slok/kubewebhook/v2 v2.5.0 h1:CwMxLbTEcha3+SxSXc4pc9iIbREdhgLurAs+/uRzxIw= +github.com/slok/kubewebhook/v2 v2.5.0/go.mod h1:TcQS+Ae0TDiiwm9glxum6AFvtumR33qdAenUeiQ/TWs= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -655,13 +649,8 @@ go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188Wl go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M= go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/goleak v1.2.1 h1:NBol2c7O1ZokfZ0LEU9K6Whx/KnwvepVetCUhtKja4A= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= -go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= -go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= go.uber.org/zap v1.25.0 h1:4Hvk6GtkucQ790dqmj7l1eEnRdKm3k3ZUrUMS2d5+5c= go.uber.org/zap v1.25.0/go.mod h1:JIAUzQIH94IC4fOJQm7gMmBJP5k7wQfdcnYdPoEXJYk= golang.org/x/arch v0.1.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= @@ -677,7 +666,6 @@ golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0 golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -717,7 +705,6 @@ golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.6.0/go.mod h1:4mET923SAdbXp2ki8ey+zGs1SLqsuM2Y0uvdZR/fUNI= -golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk= golang.org/x/mod v0.10.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -773,7 +760,6 @@ golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfS golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.13.0 h1:Nvo8UFsZ8X3BhAC9699Z1j7XQ3rsZnUUm7jfBEk1ueY= golang.org/x/net v0.13.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -817,9 +803,8 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220929204114-8fcdb60fdcc0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= +golang.org/x/sync v0.2.0 h1:PUR+T4wwASmuSTYdKjYHI5TD22Wy5ogLU5qZCOLxBrI= +golang.org/x/sync v0.2.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -894,7 +879,6 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -902,7 +886,6 @@ golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuX golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= golang.org/x/term v0.10.0/go.mod h1:lpqdcUyK/oCiQxvxVrppt5ggO2KCZ5QblwqPnfZ6d5o= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -916,7 +899,6 @@ golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -979,7 +961,6 @@ golang.org/x/tools v0.1.4/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.2.0/go.mod h1:y4OqIKeOV/fWJetJ8bXPU1sEVniLMIyDAZWeHdV+NTA= -golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -993,6 +974,10 @@ golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2 h1:H2TDz8ibqkAF6YGhCdN3j golang.org/x/xerrors v0.0.0-20220907171357-04be3eba64a2/go.mod h1:K8+ghG5WaK9qNqU5K3HdILfMLy1f3aNYFI/wnl100a8= gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw= gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= +gomodules.xyz/jsonpatch/v3 v3.0.1 h1:Te7hKxV52TKCbNYq3t84tzKav3xhThdvSsSp/W89IyI= +gomodules.xyz/jsonpatch/v3 v3.0.1/go.mod h1:CBhndykehEwTOlEfnsfJwvkFQbSN8YZFr9M+cIHAJto= +gomodules.xyz/orderedmap v0.1.0 h1:fM/+TGh/O1KkqGR5xjTKg6bU8OKBkg7p0Y+x/J9m8Os= +gomodules.xyz/orderedmap v0.1.0/go.mod h1:g9/TPUCm1t2gwD3j3zfV8uylyYhVdCNSi+xCEIu7yTU= google.golang.org/api v0.4.0/go.mod h1:8k5glujaEP+g9n7WNsDg8QP6cUVNI86fCNMcbazEtwE= google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E3M= google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg= @@ -1041,8 +1026,8 @@ google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ google.golang.org/api v0.97.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s= google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= -google.golang.org/api v0.115.0 h1:6FFkVvStt4YqXSx3azKyzj7fXerGnVlLJ/eud01nBDE= -google.golang.org/api v0.115.0/go.mod h1:9cD4/t6uvd9naoEJFA+M96d0IuB6BqFuyhpw68+mRGg= +google.golang.org/api v0.114.0 h1:1xQPji6cO2E2vLiI+C/XiFAnsn1WV3mjaEwGLhi3grE= +google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1271,8 +1256,8 @@ kcl-lang.io/krm-kcl v0.4.1 h1:P5QqQVORxO5e548vpQADElB3TfDwLoMk2klY7nPKOa0= kcl-lang.io/krm-kcl v0.4.1/go.mod h1:yBqbzWmG5VEyrJTpTgrfuzNFM3IiMrnCU+r0MtPvIVo= oras.land/oras-go v1.2.3 h1:v8PJl+gEAntI1pJ/LCrDgsuk+1PKVavVEPsYIHFE5uY= oras.land/oras-go v1.2.3/go.mod h1:M/uaPdYklze0Vf3AakfarnpoEckvw0ESbRdN8Z1vdJg= -oras.land/oras-go/v2 v2.2.0 h1:E1fqITD56Eg5neZbxBtAdZVgDHD6wBabJo6xESTcQyo= -oras.land/oras-go/v2 v2.2.0/go.mod h1:pXjn0+KfarspMHHNR3A56j3tgvr+mxArHuI8qVn59v8= +oras.land/oras-go/v2 v2.0.2 h1:3aSQdJ7EUC0ft2e9PjJB9Jzastz5ojPA4LzZ3Q4YbUc= +oras.land/oras-go/v2 v2.0.2/go.mod h1:PWnWc/Kyyg7wUTUsDHshrsJkzuxXzreeMd6NrfdnFSo= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= diff --git a/hack/testlocal/kcl-run.yaml b/hack/testlocal/kcl-run.yaml deleted file mode 100644 index 1943c3b..0000000 --- a/hack/testlocal/kcl-run.yaml +++ /dev/null @@ -1,9 +0,0 @@ -apiVersion: krm.kcl.dev/v1alpha1 -kind: KCLRun -metadata: - name: set-annotation -spec: - params: - annotations: - config.kubernetes.io/local-config: "true" - source: oci://ghcr.io/kcl-lang/set-annotation diff --git a/hack/testlocal/pod.yaml b/hack/testlocal/pod.yaml deleted file mode 100644 index 0e79d8a..0000000 --- a/hack/testlocal/pod.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: nginx -spec: - containers: - - name: nginx - image: nginx:1.14.2 - ports: - - containerPort: 80 diff --git a/main.go b/main.go index 3032866..c9cc9a2 100644 --- a/main.go +++ b/main.go @@ -1,65 +1,122 @@ +/* +Copyright 2023. +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + package main import ( + "flag" + "fmt" + "net/http" "os" // Import all Kubernetes client auth plugins (e.g. Azure, GCP, OIDC, etc.) // to ensure that exec-entrypoint and run can make use of them. - _ "k8s.io/client-go/plugin/pkg/client/auth" "k8s.io/apimachinery/pkg/runtime" + _ "k8s.io/client-go/plugin/pkg/client/auth" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" _ "k8s.io/client-go/plugin/pkg/client/auth/gcp" - "sigs.k8s.io/controller-runtime/pkg/client/config" - "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/log/zap" + clientconfig "sigs.k8s.io/controller-runtime/pkg/client/config" "sigs.k8s.io/controller-runtime/pkg/manager" - "sigs.k8s.io/controller-runtime/pkg/manager/signals" - "sigs.k8s.io/controller-runtime/pkg/webhook" krmkcldevv1alpha1 "kcl-lang.io/kcl-operator/api/kclrun/v1alpha1" - webhookadmission "kcl-lang.io/kcl-operator/pkg/webhook/handler" + "kcl-lang.io/kcl-operator/pkg/webhook/handler" + + "github.com/sirupsen/logrus" + kwhhttp "github.com/slok/kubewebhook/v2/pkg/http" + kwhlogrus "github.com/slok/kubewebhook/v2/pkg/log/logrus" + kwhmutating "github.com/slok/kubewebhook/v2/pkg/webhook/mutating" //+kubebuilder:scaffold:imports ) +type config struct { + certFile string + keyFile string + addr string +} + +func initFlags() *config { + cfg := &config{} + + fl := flag.NewFlagSet(os.Args[0], flag.ExitOnError) + fl.StringVar(&cfg.certFile, "tls-cert-file", "", "TLS certificate file") + fl.StringVar(&cfg.keyFile, "tls-key-file", "", "TLS key file") + fl.StringVar(&cfg.addr, "addr", ":8081", "The webhook server port") + + _ = fl.Parse(os.Args[1:]) + return cfg +} + var ( scheme = runtime.NewScheme() ) func init() { - log.SetLogger(zap.New()) utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(krmkcldevv1alpha1.AddToScheme(scheme)) //+kubebuilder:scaffold:scheme } func main() { - setupLog := log.Log.WithName("entrypoint") + logrusLogEntry := logrus.NewEntry(logrus.New()) + logrusLogEntry.Logger.SetLevel(logrus.DebugLevel) + logger := kwhlogrus.NewLogrus(logrusLogEntry) + + cfg := initFlags() // setup a manager - setupLog.Info("setting up manager") - mgr, err := manager.New(config.GetConfigOrDie(), manager.Options{}) + logger.Infof("Setup a manager") + mgr, err := manager.New(clientconfig.GetConfigOrDie(), manager.Options{ + Scheme: scheme, + }) if err != nil { - setupLog.Error(err, "unable to setup controller manager") + logger.Errorf("unable to setup controller manager %v", err) os.Exit(1) } - // +kubebuilder:scaffold:builder - - setupLog.Info("setting up webhook server") - hookServer := mgr.GetWebhookServer() - - setupLog.Info("registering KCL validating webhook endpoint") - hookServer.Register("/validate-v1alpha1-kcl-run", &webhook.Admission{Handler: &webhookadmission.ValidationHandler{ + // Create our mutator + mt := &handler.MutationHandler{ Client: mgr.GetClient(), Reader: mgr.GetAPIReader(), Scheme: mgr.GetScheme(), - }}) + Logger: logger, + } + + //+kubebuilder:scaffold:builder + + mcfg := kwhmutating.WebhookConfig{ + ID: "podAnnotate", + Mutator: mt, + Logger: logger, + } + wh, err := kwhmutating.NewWebhook(mcfg) + if err != nil { + fmt.Fprintf(os.Stderr, "error creating webhook: %s", err) + os.Exit(1) + } - setupLog.Info("starting manager") - if err := mgr.Start(signals.SetupSignalHandler()); err != nil { - setupLog.Error(err, "problem running manager") + // Get the handler for our webhook. + whHandler, err := kwhhttp.HandlerFor(kwhhttp.HandlerConfig{Webhook: wh, Logger: logger}) + if err != nil { + fmt.Fprintf(os.Stderr, "error creating webhook handler: %s", err) + os.Exit(1) + } + logger.Infof("Webhook server Listening on %s", cfg.addr) + err = http.ListenAndServeTLS(cfg.addr, cfg.certFile, cfg.keyFile, whHandler) + if err != nil { + fmt.Fprintf(os.Stderr, "error serving webhook: %s", err) os.Exit(1) } } diff --git a/pkg/webhook/handler/mutation.go b/pkg/webhook/handler/mutation.go new file mode 100644 index 0000000..8f04e94 --- /dev/null +++ b/pkg/webhook/handler/mutation.go @@ -0,0 +1,83 @@ +package handler + +import ( + "bytes" + "context" + + "k8s.io/apimachinery/pkg/runtime" + krmkcldevv1alpha1 "kcl-lang.io/kcl-operator/api/kclrun/v1alpha1" + "kcl-lang.io/krm-kcl/pkg/kio" + + "github.com/slok/kubewebhook/v2/pkg/log" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + runtimeyaml "k8s.io/apimachinery/pkg/runtime/serializer/yaml" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/yaml" + + kwhmodel "github.com/slok/kubewebhook/v2/pkg/model" + kwhmutating "github.com/slok/kubewebhook/v2/pkg/webhook/mutating" +) + +//+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns/status,verbs=get;update;patch +//+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns/finalizers,verbs=update +//+kubebuilder:webhook:admissionReviewVersions=v1beta1,path=/mutate,mutating=true,failurePolicy=fail,groups="",resources=pods,verbs=create;update,versions=v1,sideEffects=none,name=pod-annotate-webhook.slok.dev + +// MutationHandler validates Kubernetes resources using the KCL source. +type MutationHandler struct { + Client client.Client + Reader client.Reader + Scheme *runtime.Scheme + Logger log.Logger +} + +func (v *MutationHandler) Mutate(ctx context.Context, r *kwhmodel.AdmissionReview, obj metav1.Object) (*kwhmutating.MutatorResult, error) { + // Get the KCL source + v.Logger.Infof("Get the KCL source list..") + kclRunList := &krmkcldevv1alpha1.KCLRunList{} + err := v.Reader.List(ctx, kclRunList, client.InNamespace(r.Namespace)) + if err != nil { + v.Logger.Errorf("Get KCL source error: %v", err) + return &kwhmutating.MutatorResult{}, err + } + if len(kclRunList.Items) > 0 { + v.Logger.Infof("Mutating using KCL..") + // Input Example: https://github.com/kcl-lang/krm-kcl/blob/main/examples/mutation/set-annotations/suite/good.yaml + in, out := bytes.NewBuffer(r.NewObjectRaw), bytes.NewBuffer([]byte{}) + for _, kclRun := range kclRunList.Items { + kclRunBytes, err := yaml.Marshal(kclRun) + if err != nil { + v.Logger.Errorf("Get KCL source %v bytes error: %v", kclRun.Name, err) + return &kwhmutating.MutatorResult{}, err + } + in.WriteString("\n---\n") + in.Write(kclRunBytes) + } + // Run pipeline to get the result mutated or validated by the KCL source. + pipeline := kio.NewPipeline(in, out, false) + if err := pipeline.Execute(); err != nil { + v.Logger.Errorf("KCL Pipeline exec error: %v", err) + return &kwhmutating.MutatorResult{}, err + } + v.Logger.Infof("Decode Mutate object.. %v", out.String()) + // The actual mutation is done by a string in JSONPatch style, i.e. we don't _actually_ modify the object, but + // tell K8S how it should modifiy it + o, _, err := runtimeyaml.NewDecodingSerializer(unstructured.UnstructuredJSONScheme).Decode(out.Bytes(), nil, nil) + if err != nil { + v.Logger.Errorf("Data decode error %v", err) + return &kwhmutating.MutatorResult{}, err + } + unstructuredMap, err := runtime.DefaultUnstructuredConverter.ToUnstructured(o) + unstructuredObj := &unstructured.Unstructured{Object: unstructuredMap} + if err != nil { + v.Logger.Errorf("Data decode error %v", err) + return &kwhmutating.MutatorResult{}, err + } + v.Logger.Infof("Mutate using KCL finished") + return &kwhmutating.MutatorResult{ + MutatedObject: unstructuredObj, + }, nil + } + return &kwhmutating.MutatorResult{}, nil +} diff --git a/pkg/webhook/handler/validation.go b/pkg/webhook/handler/validation.go deleted file mode 100644 index d987e7d..0000000 --- a/pkg/webhook/handler/validation.go +++ /dev/null @@ -1,58 +0,0 @@ -package handler - -import ( - "bytes" - "context" - "net/http" - - "k8s.io/apimachinery/pkg/runtime" - "k8s.io/apimachinery/pkg/types" - krmkcldevv1alpha1 "kcl-lang.io/kcl-operator/api/kclrun/v1alpha1" - "kcl-lang.io/krm-kcl/pkg/kio" - - "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/controller-runtime/pkg/webhook/admission" - "sigs.k8s.io/yaml" -) - -// +kubebuilder:webhook:admissionReviewVersions=v1,path=/validate-v1alpha1-kcl-run,mutating=false,failurePolicy=fail,groups="",resources=pods,verbs=create;update,versions=v1,sideEffects=none,name=kcl-run-validating-webhook.kcl-lang.io - -// ValidationHandler validates PrometheusRules -type ValidationHandler struct { - Client client.Client - Reader client.Reader - Scheme *runtime.Scheme - decoder *admission.Decoder -} - -// ValidationHandler admits a PrometheusRule if a specific set of Rule labels exist -func (v *ValidationHandler) Handle(ctx context.Context, req admission.Request) admission.Response { - kclRun := &krmkcldevv1alpha1.KCLRun{} - err := v.Client.Get(ctx, types.NamespacedName{Name: req.AdmissionRequest.Namespace}, kclRun) - if err != nil { - return admission.Errored(http.StatusBadRequest, err) - } - kclRunBytes, err := yaml.Marshal(kclRun) - if err != nil { - return admission.Errored(http.StatusBadRequest, err) - } - in, out := bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{}) - in.WriteString("\n---\n") - in.Write(kclRunBytes) - pipeline := kio.NewPipeline(in, out, false) - if err := pipeline.Execute(); err != nil { - return admission.Errored(http.StatusBadRequest, err) - } - // the actual mutation is done by a string in JSONPatch style, i.e. we don't _actually_ modify the object, but - // tell K8S how it should modifiy it - jsonBytes, err := yaml.YAMLToJSON(out.Bytes()) - if err != nil { - return admission.Errored(http.StatusBadRequest, err) - } - return admission.PatchResponseFromRaw(req.Object.Raw, jsonBytes) -} - -func (v *ValidationHandler) InjectDecoder(d *admission.Decoder) error { - v.decoder = d - return nil -}