refactor: remove the controller code and use the webhook code in the …

…runtime manager.

Dockerfile

@@ -1,12 +1,20 @@
-FROM registry.access.redhat.com/ubi8/ubi-minimal
+FROM golang:1.19 as builder
 
-ENV TZ="Europe/Zurich" \
-  LANG="en_US.UTF-8" \
-  WEBHOOK=/usr/local/bin/webhook \
-  UIDGID=1001:1001
+ENV GO111MODULE=on \
+    GOPROXY=https://goproxy.cn,direct
 
-COPY bin/webhook ${WEBHOOK}
+WORKDIR /
 
-USER ${UIDGID}
+COPY . .
 
-CMD ["${WEBHOOK}"]
+RUN GOOS=linux GOARCH=amd64 go build -o manager
+
+FROM kcllang/kcl
+
+WORKDIR /
+COPY --from=builder /manager .
+
+ENV KCL_GO_DISABLE_ARTIFACT=on
+ENV LANG="en_US.UTF-8"
+
+ENTRYPOINT ["/manager"]

Makefile

@@ -47,9 +47,9 @@ ifeq ($(USE_IMAGE_DIGESTS), true)
 endif
 
 # Image URL to use all building/pushing image targets
-IMG ?= controller:latest
+IMG ?= kcllang/kcl-operator
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.26.0
+ENVTEST_K8S_VERSION = 1.28.0
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -134,15 +134,19 @@ test: manifests generate fmt vet envtest ## Run tests.
 
 .PHONY: build
 build: ## Build binaries.
-	make webhook
+	make manager
+
+.PHONY: build
+build-linux: ## Build binaries.
+	make manager-linux
 
-.PHONY: webhook
-webhook: manifests generate fmt vet ## Build webhook binary
-	go build -o bin/webhook main.go
+.PHONY: manager
+manager: manifests generate fmt vet ## Build manager binary
+	go build -o bin/manager main.go
 
-.PHONY: webhook-linux
-webhook-linux: generate fmt vet
-	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o build/bin/webhook main.go
+.PHONY: manager-linux
+manager-linux: generate fmt vet
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o build/bin/manager main.go
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
@@ -152,11 +156,11 @@ run: manifests generate fmt vet ## Run a controller from your host.
 # (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it.
 # More info: https://docs.docker.com/develop/develop-images/build_enhancements/
 .PHONY: docker-build
-docker-build: webhook-linux ## Build docker image with the webhook.
+docker-build: ## Build docker image with the manager.
 	docker build -t $(IMG) .
 
 .PHONY: docker-push
-docker-push: ## Push docker image with the webhook.
+docker-push: ## Push docker image with the manager.
 	docker push ${IMG}
 
 # PLATFORMS defines the target platforms for the manager image be build to provide support to multiple

config/default/kustomization.yaml

@@ -1,5 +1,5 @@
 # Adds namespace to all resources.
-namespace: kcl-operator-system
+namespace: default
 
 # Value of this field is prepended to the
 # names of all resources, e.g. a deployment named
@@ -16,22 +16,13 @@ bases:
 - ../crd
 - ../rbac
 - ../manager
-- ../webhook
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
-#- ../webhook
+- ../webhook
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
-#- ../certmanager
+# - ../certmanager
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
-#- ../prometheus
-
-patchesStrategicMerge:
-# Protect the /metrics endpoint by putting it behind auth.
-# If you want your controller-manager to expose the /metrics
-# endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
-
-
+# - ../prometheus
 
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml

config/default/webhookcainjection_patch.yaml

@@ -10,6 +10,6 @@ metadata:
 apiVersion: admissionregistration.k8s.io/v1beta1
 kind: ValidatingWebhookConfiguration
 metadata:
-  name: prometheus-rule-validating-webhook
+  name: validating-webhook-configuration
   annotations:
     cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)

config/manager/manager.yaml

@@ -3,6 +3,9 @@ kind: Namespace
 metadata:
   labels:
     control-plane: controller-manager
+    webhook: kcl-operator
+    app: kcl-operator
+    app.kubernetes.io/name: kcl-operator
   name: system
 ---
 apiVersion: apps/v1
@@ -12,28 +15,36 @@ metadata:
   namespace: system
   labels:
     control-plane: controller-manager
+    webhook: kcl-operator
+    app: kcl-operator
+    app.kubernetes.io/name: kcl-operator
 spec:
   selector:
     matchLabels:
       control-plane: controller-manager
+      webhook: kcl-operator
+      app: kcl-operator
+      app.kubernetes.io/name: kcl-operator
   replicas: 1
   template:
     metadata:
       labels:
         control-plane: controller-manager
+        webhook: kcl-operator
+        app: kcl-operator
+        app.kubernetes.io/name: kcl-operator
     spec:
       containers:
-      - command:
-        - /manager
-        args:
-        - --enable-leader-election
-        image: controller:latest
+      - image: kcllang/kcl-operator2
+        ports:
+          - containerPort: 9443
         name: manager
-        resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 10m
-            memory: 64Mi
+        volumeMounts:
+          - name: webhook-certs
+            mountPath: /etc/webhook/certs
+            readOnly: true
+      volumes:
+        - name: webhook-certs
+          secret:
+            secretName: pod-annotate-webhook-certs
       terminationGracePeriodSeconds: 10

config/rbac/kustomization.yaml

@@ -9,10 +9,3 @@ resources:
 - role_binding.yaml
 - leader_election_role.yaml
 - leader_election_role_binding.yaml
-# Comment the following 4 lines if you want to disable
-# the auth proxy (https://github.com/brancz/kube-rbac-proxy)
-# which protects your /metrics endpoint.
-- auth_proxy_service.yaml
-- auth_proxy_role.yaml
-- auth_proxy_role_binding.yaml
-- auth_proxy_client_clusterrole.yaml

config/webhook/certs.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+data:
+  cert.pem: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURLVENDQWhHZ0F3SUJBZ0lKQU5UY285SnEyUkwwTUEwR0NTcUdTSWIzRFFFQkJRVUFNQ3N4S1RBbkJnTlYKQkFNTUlIQnZaQzFoYm01dmRHRjBaUzEzWldKb2IyOXJMbVJsWm1GMWJIUXVjM1pqTUI0WERUSXdNREl5TWpJegpNemt6T1ZvWERUTXdNREl4T1RJek16a3pPVm93S3pFcE1DY0dBMVVFQXd3Z2NHOWtMV0Z1Ym05MFlYUmxMWGRsClltaHZiMnN1WkdWbVlYVnNkQzV6ZG1Nd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUIKQVFDeFFCSzhrSmxVNFI5a1YzMXVnVGo4Mkwzd3k0SEJmR0hlc3YrdnNFK21PMWt3MGM4RG9ScEs1L3J2UkJDbwpGU3o4SVk2Q0poLzhUektvdTlONStKZVBzbU9PNDg1QUxoT2dqZGxwaDlyMVZyVEp0UE8zOVJtVExvc2VsWjVvClRsM2pZMWcwUURmUUFnNWY5QW4rMXRvSEJ3SmZVNnM3bjkveFo3bEdEVVBkVmFPY2ZWQ0l2bnRxaUoxZ0grOTIKVlJ5Q2I1VmQxTW5lT2hIZDY3WXRGYmp5WWpuT1lsNUxvd0dnVWZ4WnhPMGM2aHJQYmhyZFBiSnN6Znk3ajBlZgpWQmJOQ2t2MmFXZG92aG44SE5ROEVXNmIySnBheVUrOTZwc0hmeVJrYmZTL0E4U3Jxc1NSSWRkcmdBNEdiaFl5CjhVVUNXeTdGQWJVU2c2bFRyMEZOV0JHQkFnTUJBQUdqVURCT01CMEdBMVVkRGdRV0JCUTFpR0JodUhVd0RWbGcKSDh2TWxiU1RjeVpvMlRBZkJnTlZIU01FR0RBV2dCUTFpR0JodUhVd0RWbGdIOHZNbGJTVGN5Wm8yVEFNQmdOVgpIUk1FQlRBREFRSC9NQTBHQ1NxR1NJYjNEUUVCQlFVQUE0SUJBUUNYemE3SGN2QkY1Sk9OYTJEcHB4K2JhdGFECmpRaWptUzh3ZW8wNlhGTy83bG9hNGNFNkxVYTVTUGNKSXFWVVNjSGZibTZjQ0EwYWdSSDE5Y01oQUtYNlhVQkUKcjhnbFhYTFpIeHgrQ1F3TnJ5UGd6YzVNYjUwUUd2Tkw1c1VhL0c4dHpqSzE5cHgxTlNSeTAyMWptNGoxWlZTYwo0U0sxRW5VNjY1TUJUY0NqL0ttcWhOR0E3alVsc1M0a0prbXhBeFAxdUR1SzBaU2ttTUtLL3MzSGtEemI1VWZhCklXQXZHS2Q5VVBBRDRYOHEvUmRnUkxvZ3ZEMThJYXcrSkxwS2NTcStmM3dyQlcyWDRaNTlLbWJjYk13MU9NYzEKSnlvWUZ2SUdhVnU4M2FRZ1BpV0RxTkhxRW5xNC9XRHZrM1JMUDZFSGp4bGVmaGhIZzRpQWgya3NHbmtpCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
+  key.pem: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBc1VBU3ZKQ1pWT0VmWkZkOWJvRTQvTmk5OE11QndYeGgzckwvcjdCUHBqdFpNTkhQCkE2RWFTdWY2NzBRUXFCVXMvQ0dPZ2lZZi9FOHlxTHZUZWZpWGo3SmpqdVBPUUM0VG9JM1phWWZhOVZhMHliVHoKdC9VWmt5NkxIcFdlYUU1ZDQyTllORUEzMEFJT1gvUUovdGJhQndjQ1gxT3JPNS9mOFdlNVJnMUQzVldqbkgxUQppTDU3YW9pZFlCL3ZkbFVjZ20rVlhkVEozam9SM2V1MkxSVzQ4bUk1em1KZVM2TUJvRkg4V2NUdEhPb2F6MjRhCjNUMnliTTM4dTQ5SG4xUVd6UXBMOW1sbmFMNFovQnpVUEJGdW05aWFXc2xQdmVxYkIzOGtaRzMwdndQRXE2ckUKa1NIWGE0QU9CbTRXTXZGRkFsc3V4UUcxRW9PcFU2OUJUVmdSZ1FJREFRQUJBb0lCQUgzKzU5SzJqdWd4SnRseQovNnlmbXR6UlRTTnY1Z3FkMmd3dC9XYnIwNUo4dVlma2ZGMCtGYXlOZm1pNlg0UzdtTUNaTWUzK0g5cUFpYWc3CjY3WFdLaFp4WGlmaWMyaFgySWZXaldkZ3RScVV5ZXBnQUtjUlNWN0FSUkEybHVYYVh3OFdQVXJYSTFWdlFMeWcKZ3NKdUE0bmZSNlp2bVZiRzdLOXpaZFlQODkvT281M0xzVnkxVGtBWFlIVzZ5V0cxQ1BtY3RBOTdNUFF0d0pTKwpBN2dmcDUzbEFYSWMvOVRhUElpU3FJQkl2dXd6YlNCZ1loZ01MTU5ka0Zib3ZXUWtQMDEySndZQzdHdHlwWWdWCk8zT0R4bitxQ1NQbW9sRExxb3B4YXFuSHByWVoreC9BbkhMcUNVdjZSZ0tNN0wwdk53Und0MFlhK01BeHVHa3UKU1dlUEJnRUNnWUVBMkorQ3UvaTNvV1MvSlhxSW5FcFhYTkxwNEM0KzFZbGpYenhNQmlGTG9iOUR5L1JnSHdVUgpHR3lka3RFWE9hWjZqSGo3SXpUeVY4WmlQcVhOR0VKTTQrVThqR1Rlc3orNThTQjJqZFFBdUZxUVFwejF0UTkrCmQrYTVWNjFaVGg0YUVBZU1aNUtzSlZQMGlONHY3ODJDSklscHZOY2NXZzd5dm9QK21iWG9DOUVDZ1lFQTBYaGMKZEdjRWozUzBWS3FjRVEvTWFMUXZHdUVZbzZIVmJnRWdsNFBBM0M3K2VQcVBXb0xBejNyY2QyamRpU1R3bVNvUwppN3FpeWh0RTc5dW9QdmNIS0c3bXFUTzlJdTVCYlFSQlE3dFNiMEtMSml6UEpCTm5EV05yT0xOVXljOXVmRGU3Cmc2WmhPdmQzWC9Cb0FXUVBmMzlmdnh4TDBJYzA4aTVRVk5MUkJyRUNnWUVBaHlTTWRTU251eUtWTlphS1g2YnAKZGRtSFd2cSs3STAzMTVSUWdZcUlHckt1WXpGa1BqWDFBbDNRdUdXRnJjdTByS3BWVXhPWEZUZUkxeml0Q1ROagpzTkcwd29temZmU0YxbTdBUjU4NWk4bkVNaXFtQjMxUkV4QjRGTURxOUJkSGZ6U1dYWTlkb2pRTVhNN3c3UlF5CjJ3UjNXUDZDaTVURDBDT2MxTnh0bGVFQ2dZQWV4RWtBSitsNWtMQzBCdU1wZG1LVnRuRjh4emN4UWFIeHFHUzcKSEhVRllqbXFWMU1hL2oySHZBb0oxL05DSTVUYlNseXkvVlRQenJXUGJYb0cxWTNObUl4MHFjN01CS2JEZG02SApua243WVpEQ3FLNDhKRVZzcC8rbHNtRnZ5dkgxZU5Jb0FoWWg3UnN4a2tRVWdEZnVpQ3p1Q3gvdm53eGR6Z09xCmtkUjE0UUtCZ0VaaXpOUEs2N1BGZzZrRE9Id0pZYUFyN3h6WVFWOERoaStOLzkzcHRnQURwM1A5clRPWlpMS2kKS2ZXdkx3S25PdjBpWmlCajExWkxML0NJcWFicjM0bDlWaU5BdzhBcE5BajgyN1hOVGdNdWI0TW5kZUw0cHpMRQp4ZVoxaWtURlZIYWtFWk1JMXVzUWZtUXJaTGZoSHNkNTV3ajZKS2d5Z1JRRVM3RDFwa0pqCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
+kind: Secret
+metadata:
+  creationTimestamp: null
+  name: pod-annotate-webhook-certs

config/webhook/kustomization.yaml

@@ -8,5 +8,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 images:
 - name: controller
-  newName: controller
-  newTag: latest
+  newName: kcllang/kcl-operator