From 5f155e74f9e6b3008e9346152ee081c264275271 Mon Sep 17 00:00:00 2001 From: Naka Masato Date: Fri, 28 Jul 2023 08:55:57 +0900 Subject: [PATCH] chore: upgrade kubebuilder version to v3.10.0 (#18) --- .update-readme.sh | 6 +- .upgrade-version.sh | 19 ++- Dockerfile | 6 +- Makefile | 12 +- PROJECT | 2 +- README.md | 8 +- api/v1alpha1/webhook_suite_test.go | 4 +- main.go => cmd/main.go | 4 +- config/certmanager/certificate.yaml | 10 +- config/certmanager/kustomizeconfig.yaml | 10 +- .../bases/secret.example.com_passwords.yaml | 3 +- .../crd/patches/cainjection_in_passwords.yaml | 2 +- config/default/kustomization.yaml | 134 ++++++++++++++---- config/default/webhookcainjection_patch.yaml | 6 +- config/rbac/role.yaml | 1 - config/rbac/service_account.yaml | 2 +- config/samples/kustomization.yaml | 4 + config/webhook/kustomizeconfig.yaml | 5 +- config/webhook/manifests.yaml | 1 - go.mod | 12 +- go.sum | 24 ++-- .../controller}/password_controller.go | 4 +- .../controller}/suite_test.go | 4 +- 23 files changed, 172 insertions(+), 111 deletions(-) rename main.go => cmd/main.go (97%) create mode 100644 config/samples/kustomization.yaml rename {controllers => internal/controller}/password_controller.go (98%) rename {controllers => internal/controller}/suite_test.go (95%) diff --git a/.update-readme.sh b/.update-readme.sh index 6239266..26ce13d 100755 --- a/.update-readme.sh +++ b/.update-readme.sh @@ -13,7 +13,7 @@ if [ $# -eq 0 ]; then exit 1 fi -if [[ ! "$1" =~ ^v[0-9].[0-9].[0-9]$ ]];then +if [[ ! "$1" =~ ^v[0-9]+.[0-9]+.[0-9]+$ ]];then echo "kubebuilder version format '$1' is invalid" get_latest_release "kubernetes-sigs/kubebuilder" exit 1 @@ -25,7 +25,7 @@ KUBEBUILDER_VERSION=$1 # get versions export $(grep CERT_MANAGER_VERSION= .upgrade-version.sh) -$(grep 'export KUSTOMIZE_VERSION=' .upgrade-version.sh) +KUSTOMIZE_VERSION=$(bin/kustomize version) GO_VERSION_CLI_RESULT=$(go version) GO_VERSION=$(echo ${GO_VERSION_CLI_RESULT} | sed 's/go version \(go[^\s]*\) [^\s]*/\1/') @@ -34,7 +34,7 @@ gsed -i "s/.*Docker Engine.*/1. Docker Engine: $(docker version | grep -A 2 Serv gsed -i "s#\[go\](https://github.com/golang/go):.*#[go](https://github.com/golang/go): [${GO_VERSION}](https://github.com/golang/go/releases/${GO_VERSION})#g" README.md gsed -i "s#\[kubebuilder\](https://github.com/kubernetes-sigs/kubebuilder):.*#[kubebuilder](https://github.com/kubernetes-sigs/kubebuilder): [${KUBEBUILDER_VERSION}](https://github.com/kubernetes-sigs/kubebuilder/releases/${KUBEBUILDER_VERSION})#g" README.md K8S_VERSION=$(kubectl version --output=json | jq -r .serverVersion.gitVersion) -gsed -i "s#\[Kubernetes\](https://github.com/kubernetes/kubernetes):.*#[Kubernetes](https://github.com/kubernetes/kubernetes):[${K8S_VERSION}](https://github.com/kubernetes/kubernetes/releases/tag/${K8S_VERSION})#g" README.md +gsed -i "s#\[Kubernetes\](https://github.com/kubernetes/kubernetes):.*#[Kubernetes](https://github.com/kubernetes/kubernetes): [${K8S_VERSION}](https://github.com/kubernetes/kubernetes/releases/tag/${K8S_VERSION})#g" README.md KIND_VERSION=$(kind version | sed 's/kind \(v[0-9\.]*\) .*/\1/') gsed -i "s#\[kind\](https://github.com/kubernetes-sigs/kind):.*#[kind](https://github.com/kubernetes-sigs/kind): [${KIND_VERSION}](https://github.com/kubernetes-sigs/kind/releases/tag/${KIND_VERSION})#g" README.md gsed -i "s#\[kustomize](https://github.com/kubernetes-sigs/kustomize):.*#[kustomize](https://github.com/kubernetes-sigs/kustomize): [${KUSTOMIZE_VERSION}](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2F${KUSTOMIZE_VERSION})#g" README.md diff --git a/.upgrade-version.sh b/.upgrade-version.sh index 66a2b0d..d73aaf8 100755 --- a/.upgrade-version.sh +++ b/.upgrade-version.sh @@ -2,12 +2,12 @@ set -eux -PASSWORD_CONTROLLER_GO_FILE=controllers/password_controller.go +PASSWORD_CONTROLLER_GO_FILE=internal/controller/password_controller.go PASSWORD_GO_TYPE_FILE=api/v1alpha1/password_types.go PASSWORD_WEBHOOK_FILE=api/v1alpha1/password_webhook.go SAMPLE_YAML_FILE=config/samples/secret_v1alpha1_password.yaml CERT_MANAGER_VERSION=v1.8.0 -export KUSTOMIZE_VERSION=v4.5.5 +export CONTROLLER_TOOLS_VERSION=v0.12.0 # https://github.com/kubernetes-sigs/kubebuilder/issues/3316 pre-commit get_latest_release() { @@ -55,7 +55,8 @@ KEEP_FILES=( renovate.json ) -rm -rf api config controllers hack bin bundle +sudo rm -rf bin +rm -rf api config controllers hack bin bundle cmd internal for f in `ls` .dockerignore .gitignore; do if [[ ! " ${KEEP_FILES[*]} " =~ " ${f} " ]] && [ -f "$f" ]; then rm $f @@ -100,6 +101,7 @@ git add . pre-commit run -a || true git commit -am "[kubebuilder] Init project" + echo "======== INIT PROJECT COMPLETED ===========" # 2. [kubebuilder] Create API Password (Controller & Resource) @@ -140,7 +142,7 @@ gsed -i "/PasswordSpec defines/ r tmpfile" $PASSWORD_GO_TYPE_FILE rm tmpfile ## fmt -KUSTOMIZE_VERSION=4.5.5 make install +make install # Check if Foo field is removed in CRD test "$(kubectl get crd passwords.secret.example.com -o jsonpath='{.spec.versions[].schema.openAPIV3Schema.properties.spec}' | jq '.properties == null')" = "true" @@ -480,9 +482,9 @@ gsed -i '0,/apiVersion/s/apiVersion/#apiVersion/' config/default/webhookcainject gsed -i 's/#- ..\/webhook/- ..\/webhook/g' config/default/kustomization.yaml gsed -i 's/#- ..\/certmanager/- ..\/certmanager/g' config/default/kustomization.yaml -gsed -i 's/#- manager_webhook_patch.yaml/- manager_webhook_patch.yaml/g' config/default/kustomization.yaml -gsed -i 's/#- webhookcainjection_patch.yaml/- webhookcainjection_patch.yaml/g' config/default/kustomization.yaml -gsed -i -e '/CERTIFICATE_NAMESPACE/,+25 s/#//' config/default/kustomization.yaml +gsed -i 's/#- manager_webhook_patch.yaml/- manager_webhook_patch.yaml/g' config/default/kustomization.yaml # To enable webhook, uncomment all the sections with [WEBHOOK] prefix +gsed -i 's/#- webhookcainjection_patch.yaml/- webhookcainjection_patch.yaml/g' config/default/kustomization.yaml # To enable cert-manager uncomment all sections with 'CERTMANAGER' prefix. +gsed -i -e '/#replacements:/,+96 s/#//' config/default/kustomization.yaml # To enable cert-manager uncomment all sections with 'CERTMANAGER' prefix. gsed -i 's/#- patches/- patches/g' config/crd/kustomization.yaml make install @@ -499,9 +501,6 @@ while [ "$(kubectl get po -n cert-manager -o 'jsonpath={.items[*].status.contain done echo "cert-manager is ready" -if [ -f bin/kustomize ]; then - rm bin/kustomize -fi IMG=password-operator:webhook make docker-build IMG=$IMG kind load docker-image $IMG diff --git a/Dockerfile b/Dockerfile index 8f9cca1..ef4cfaf 100644 --- a/Dockerfile +++ b/Dockerfile @@ -12,16 +12,16 @@ COPY go.sum go.sum RUN go mod download # Copy the go source -COPY main.go main.go +COPY cmd/main.go cmd/main.go COPY api/ api/ -COPY controllers/ controllers/ +COPY internal/controller/ internal/controller/ # Build # the GOARCH has not a default value to allow the binary be built according to the host where the command # was called. For example, if we call make docker-build in a local env which has the Apple Silicon M1 SO # the docker BUILDPLATFORM arg will be linux/arm64 when for Apple x86 it will be linux/amd64. Therefore, # by leaving it empty we can ensure that the container and binary shipped on it will have the same platform. -RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager main.go +RUN CGO_ENABLED=0 GOOS=${TARGETOS:-linux} GOARCH=${TARGETARCH} go build -a -o manager cmd/main.go # Use distroless as minimal base image to package the manager binary # Refer to https://github.com/GoogleContainerTools/distroless for more details diff --git a/Makefile b/Makefile index 57f9988..87dd37d 100644 --- a/Makefile +++ b/Makefile @@ -2,7 +2,7 @@ # Image URL to use all building/pushing image targets IMG ?= controller:latest # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.26.0 +ENVTEST_K8S_VERSION = 1.26.1 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) ifeq (,$(shell go env GOBIN)) @@ -62,11 +62,11 @@ test: manifests generate fmt vet envtest ## Run tests. .PHONY: build build: manifests generate fmt vet ## Build manager binary. - go build -o bin/manager main.go + go build -o bin/manager cmd/main.go .PHONY: run run: manifests generate fmt vet ## Run a controller from your host. - go run ./main.go + go run ./cmd/main.go # If you wish built the manager image targeting other platforms you can use the --platform flag. # (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it. @@ -132,8 +132,8 @@ CONTROLLER_GEN ?= $(LOCALBIN)/controller-gen ENVTEST ?= $(LOCALBIN)/setup-envtest ## Tool Versions -KUSTOMIZE_VERSION ?= v3.8.7 -CONTROLLER_TOOLS_VERSION ?= v0.11.1 +KUSTOMIZE_VERSION ?= v5.0.0 +CONTROLLER_TOOLS_VERSION ?= v0.11.3 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" .PHONY: kustomize @@ -143,7 +143,7 @@ $(KUSTOMIZE): $(LOCALBIN) echo "$(LOCALBIN)/kustomize version is not expected $(KUSTOMIZE_VERSION). Removing it before installing."; \ rm -rf $(LOCALBIN)/kustomize; \ fi - test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) | bash -s -- $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); } + test -s $(LOCALBIN)/kustomize || { curl -Ss $(KUSTOMIZE_INSTALL_SCRIPT) --output install_kustomize.sh && bash install_kustomize.sh $(subst v,,$(KUSTOMIZE_VERSION)) $(LOCALBIN); rm install_kustomize.sh; } .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/PROJECT b/PROJECT index c812eee..eda4ddd 100644 --- a/PROJECT +++ b/PROJECT @@ -4,7 +4,7 @@ # More info: https://book.kubebuilder.io/reference/project-config.html domain: example.com layout: -- go.kubebuilder.io/v3 +- go.kubebuilder.io/v4 projectName: password-operator repo: example.com/password-operator resources: diff --git a/README.md b/README.md index 719fac7..1e4ada5 100644 --- a/README.md +++ b/README.md @@ -2,12 +2,12 @@ Example Kubernetes Operator project created with kubebuilder, which manages a CRD `Password` and generates a configurable password. ## Versions -1. Docker Engine: 20.10.20 +1. Docker Engine: 24.0.2 1. [go](https://github.com/golang/go): [go1.19](https://github.com/golang/go/releases/go1.19) -1. [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder): [v3.9.0](https://github.com/kubernetes-sigs/kubebuilder/releases/v3.9.0) -1. [Kubernetes](https://github.com/kubernetes/kubernetes):[v1.25.3](https://github.com/kubernetes/kubernetes/releases/tag/v1.25.3) +1. [kubebuilder](https://github.com/kubernetes-sigs/kubebuilder): [v3.10.0](https://github.com/kubernetes-sigs/kubebuilder/releases/v3.10.0) +1. [Kubernetes](https://github.com/kubernetes/kubernetes): [v1.25.3](https://github.com/kubernetes/kubernetes/releases/tag/v1.25.3) 1. [kind](https://github.com/kubernetes-sigs/kind): [v0.17.0](https://github.com/kubernetes-sigs/kind/releases/tag/v0.17.0) -1. [kustomize](https://github.com/kubernetes-sigs/kustomize): [v4.5.5](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv4.5.5) +1. [kustomize](https://github.com/kubernetes-sigs/kustomize): [v5.0.0](https://github.com/kubernetes-sigs/kustomize/releases/tag/kustomize%2Fv5.0.0) 1. [cert-manager](https://github.com/cert-manager/cert-manager): [v1.8.0](https://github.com/cert-manager/cert-manager/releases/tag/v1.8.0) ## Getting Started diff --git a/api/v1alpha1/webhook_suite_test.go b/api/v1alpha1/webhook_suite_test.go index 6b186ee..e47efa2 100644 --- a/api/v1alpha1/webhook_suite_test.go +++ b/api/v1alpha1/webhook_suite_test.go @@ -28,7 +28,7 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" - admissionv1beta1 "k8s.io/api/admission/v1beta1" + admissionv1 "k8s.io/api/admission/v1" //+kubebuilder:scaffold:imports "k8s.io/apimachinery/pkg/runtime" "k8s.io/client-go/rest" @@ -78,7 +78,7 @@ var _ = BeforeSuite(func() { err = AddToScheme(scheme) Expect(err).NotTo(HaveOccurred()) - err = admissionv1beta1.AddToScheme(scheme) + err = admissionv1.AddToScheme(scheme) Expect(err).NotTo(HaveOccurred()) //+kubebuilder:scaffold:scheme diff --git a/main.go b/cmd/main.go similarity index 97% rename from main.go rename to cmd/main.go index 14696c5..6eece03 100644 --- a/main.go +++ b/cmd/main.go @@ -32,7 +32,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/log/zap" secretv1alpha1 "example.com/password-operator/api/v1alpha1" - "example.com/password-operator/controllers" + "example.com/password-operator/internal/controller" //+kubebuilder:scaffold:imports ) @@ -89,7 +89,7 @@ func main() { os.Exit(1) } - if err = (&controllers.PasswordReconciler{ + if err = (&controller.PasswordReconciler{ Client: mgr.GetClient(), Scheme: mgr.GetScheme(), }).SetupWithManager(mgr); err != nil { diff --git a/config/certmanager/certificate.yaml b/config/certmanager/certificate.yaml index 946506c..a642243 100644 --- a/config/certmanager/certificate.yaml +++ b/config/certmanager/certificate.yaml @@ -5,8 +5,8 @@ apiVersion: cert-manager.io/v1 kind: Issuer metadata: labels: - app.kubernetes.io/name: issuer - app.kubernetes.io/instance: selfsigned-issuer + app.kubernetes.io/name: certificate + app.kubernetes.io/instance: serving-cert app.kubernetes.io/component: certificate app.kubernetes.io/created-by: password-operator app.kubernetes.io/part-of: password-operator @@ -29,10 +29,10 @@ metadata: name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml namespace: system spec: - # $(SERVICE_NAME) and $(SERVICE_NAMESPACE) will be substituted by kustomize + # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize dnsNames: - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc - - $(SERVICE_NAME).$(SERVICE_NAMESPACE).svc.cluster.local + - SERVICE_NAME.SERVICE_NAMESPACE.svc + - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local issuerRef: kind: Issuer name: selfsigned-issuer diff --git a/config/certmanager/kustomizeconfig.yaml b/config/certmanager/kustomizeconfig.yaml index e631f77..cf6f89e 100644 --- a/config/certmanager/kustomizeconfig.yaml +++ b/config/certmanager/kustomizeconfig.yaml @@ -1,4 +1,4 @@ -# This configuration is for teaching kustomize how to update name ref and var substitution +# This configuration is for teaching kustomize how to update name ref substitution nameReference: - kind: Issuer group: cert-manager.io @@ -6,11 +6,3 @@ nameReference: - kind: Certificate group: cert-manager.io path: spec/issuerRef/name - -varReference: -- kind: Certificate - group: cert-manager.io - path: spec/commonName -- kind: Certificate - group: cert-manager.io - path: spec/dnsNames diff --git a/config/crd/bases/secret.example.com_passwords.yaml b/config/crd/bases/secret.example.com_passwords.yaml index 096f9a9..fe6cbf3 100644 --- a/config/crd/bases/secret.example.com_passwords.yaml +++ b/config/crd/bases/secret.example.com_passwords.yaml @@ -3,8 +3,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: passwords.secret.example.com spec: group: secret.example.com diff --git a/config/crd/patches/cainjection_in_passwords.yaml b/config/crd/patches/cainjection_in_passwords.yaml index 60f0c51..22a5574 100644 --- a/config/crd/patches/cainjection_in_passwords.yaml +++ b/config/crd/patches/cainjection_in_passwords.yaml @@ -3,5 +3,5 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME name: passwords.secret.example.com diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml index 1677cc0..1c25916 100644 --- a/config/default/kustomization.yaml +++ b/config/default/kustomization.yaml @@ -9,10 +9,12 @@ namespace: password-operator-system namePrefix: password-operator- # Labels to add to all resources and selectors. -#commonLabels: -# someName: someValue +#labels: +#- includeSelectors: true +# pairs: +# someName: someValue -bases: +resources: - ../crd - ../rbac - ../manager @@ -41,32 +43,102 @@ patchesStrategicMerge: # 'CERTMANAGER' needs to be enabled to use ca injection - webhookcainjection_patch.yaml -# the following config is for teaching kustomize how to do var substitution -vars: # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix. -- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml - fieldref: - fieldpath: metadata.namespace -- name: CERTIFICATE_NAME - objref: - kind: Certificate - group: cert-manager.io - version: v1 - name: serving-cert # this name should match the one in certificate.yaml -- name: SERVICE_NAMESPACE # namespace of the service - objref: - kind: Service - version: v1 - name: webhook-service - fieldref: - fieldpath: metadata.namespace -- name: SERVICE_NAME - objref: - kind: Service - version: v1 - name: webhook-service +# Uncomment the following replacements to add the cert-manager CA injection annotations +replacements: + - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.namespace # namespace of the certificate CR + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - select: + kind: CustomResourceDefinition + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 0 + create: true + - source: + kind: Certificate + group: cert-manager.io + version: v1 + name: serving-cert # this name should match the one in certificate.yaml + fieldPath: .metadata.name + targets: + - select: + kind: ValidatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: MutatingWebhookConfiguration + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - select: + kind: CustomResourceDefinition + fieldPaths: + - .metadata.annotations.[cert-manager.io/inject-ca-from] + options: + delimiter: '/' + index: 1 + create: true + - source: # Add cert-manager annotation to the webhook Service + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.name # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 0 + create: true + - source: + kind: Service + version: v1 + name: webhook-service + fieldPath: .metadata.namespace # namespace of the service + targets: + - select: + kind: Certificate + group: cert-manager.io + version: v1 + fieldPaths: + - .spec.dnsNames.0 + - .spec.dnsNames.1 + options: + delimiter: '.' + index: 1 + create: true diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml index ad906d1..0b5e5b7 100644 --- a/config/default/webhookcainjection_patch.yaml +++ b/config/default/webhookcainjection_patch.yaml @@ -1,5 +1,5 @@ # This patch add annotation to admission webhook config and -# the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. +# CERTIFICATE_NAMESPACE and CERTIFICATE_NAME will be substituted by kustomize #apiVersion: admissionregistration.k8s.io/v1 #kind: MutatingWebhookConfiguration #metadata: @@ -12,7 +12,7 @@ # app.kubernetes.io/managed-by: kustomize # name: mutating-webhook-configuration # annotations: -# cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) +# cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration @@ -26,4 +26,4 @@ metadata: app.kubernetes.io/managed-by: kustomize name: validating-webhook-configuration annotations: - cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) + cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index 500294c..3b2bc0a 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -2,7 +2,6 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: - creationTimestamp: null name: manager-role rules: - apiGroups: diff --git a/config/rbac/service_account.yaml b/config/rbac/service_account.yaml index a13b7ec..203c40b 100644 --- a/config/rbac/service_account.yaml +++ b/config/rbac/service_account.yaml @@ -3,7 +3,7 @@ kind: ServiceAccount metadata: labels: app.kubernetes.io/name: serviceaccount - app.kubernetes.io/instance: controller-manager + app.kubernetes.io/instance: controller-manager-sa app.kubernetes.io/component: rbac app.kubernetes.io/created-by: password-operator app.kubernetes.io/part-of: password-operator diff --git a/config/samples/kustomization.yaml b/config/samples/kustomization.yaml new file mode 100644 index 0000000..b98526b --- /dev/null +++ b/config/samples/kustomization.yaml @@ -0,0 +1,4 @@ +## Append samples of your project ## +resources: +- secret_v1alpha1_password.yaml +#+kubebuilder:scaffold:manifestskustomizesamples diff --git a/config/webhook/kustomizeconfig.yaml b/config/webhook/kustomizeconfig.yaml index 492aac6..9740514 100644 --- a/config/webhook/kustomizeconfig.yaml +++ b/config/webhook/kustomizeconfig.yaml @@ -1,4 +1,4 @@ -# the following config is for teaching kustomize where to look at when substituting vars. +# the following config is for teaching kustomize where to look at when substituting nameReference. # It requires kustomize v2.1.0 or newer to work properly. nameReference: - kind: Service @@ -20,6 +20,3 @@ namespace: group: admissionregistration.k8s.io path: webhooks/clientConfig/service/namespace create: true - -varReference: -- path: metadata/annotations diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 7925649..307cc7c 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -2,7 +2,6 @@ apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: - creationTimestamp: null name: validating-webhook-configuration webhooks: - admissionReviewVersions: diff --git a/go.mod b/go.mod index f9ada62..276de9a 100644 --- a/go.mod +++ b/go.mod @@ -6,10 +6,10 @@ require ( github.com/onsi/ginkgo/v2 v2.6.0 github.com/onsi/gomega v1.24.1 github.com/sethvargo/go-password v0.2.0 - k8s.io/api v0.26.0 - k8s.io/apimachinery v0.26.0 - k8s.io/client-go v0.26.0 - sigs.k8s.io/controller-runtime v0.14.1 + k8s.io/api v0.26.1 + k8s.io/apimachinery v0.26.1 + k8s.io/client-go v0.26.1 + sigs.k8s.io/controller-runtime v0.14.4 ) require ( @@ -60,8 +60,8 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/apiextensions-apiserver v0.26.0 // indirect - k8s.io/component-base v0.26.0 // indirect + k8s.io/apiextensions-apiserver v0.26.1 // indirect + k8s.io/component-base v0.26.1 // indirect k8s.io/klog/v2 v2.80.1 // indirect k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect k8s.io/utils v0.0.0-20221128185143-99ec85e7a448 // indirect diff --git a/go.sum b/go.sum index 0245b69..b936bde 100644 --- a/go.sum +++ b/go.sum @@ -588,16 +588,16 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.26.0 h1:IpPlZnxBpV1xl7TGk/X6lFtpgjgntCg8PJ+qrPHAC7I= -k8s.io/api v0.26.0/go.mod h1:k6HDTaIFC8yn1i6pSClSqIwLABIcLV9l5Q4EcngKnQg= -k8s.io/apiextensions-apiserver v0.26.0 h1:Gy93Xo1eg2ZIkNX/8vy5xviVSxwQulsnUdQ00nEdpDo= -k8s.io/apiextensions-apiserver v0.26.0/go.mod h1:7ez0LTiyW5nq3vADtK6C3kMESxadD51Bh6uz3JOlqWQ= -k8s.io/apimachinery v0.26.0 h1:1feANjElT7MvPqp0JT6F3Ss6TWDwmcjLypwoPpEf7zg= -k8s.io/apimachinery v0.26.0/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= -k8s.io/client-go v0.26.0 h1:lT1D3OfO+wIi9UFolCrifbjUUgu7CpLca0AD8ghRLI8= -k8s.io/client-go v0.26.0/go.mod h1:I2Sh57A79EQsDmn7F7ASpmru1cceh3ocVT9KlX2jEZg= -k8s.io/component-base v0.26.0 h1:0IkChOCohtDHttmKuz+EP3j3+qKmV55rM9gIFTXA7Vs= -k8s.io/component-base v0.26.0/go.mod h1:lqHwlfV1/haa14F/Z5Zizk5QmzaVf23nQzCwVOQpfC8= +k8s.io/api v0.26.1 h1:f+SWYiPd/GsiWwVRz+NbFyCgvv75Pk9NK6dlkZgpCRQ= +k8s.io/api v0.26.1/go.mod h1:xd/GBNgR0f707+ATNyPmQ1oyKSgndzXij81FzWGsejg= +k8s.io/apiextensions-apiserver v0.26.1 h1:cB8h1SRk6e/+i3NOrQgSFij1B2S0Y0wDoNl66bn8RMI= +k8s.io/apiextensions-apiserver v0.26.1/go.mod h1:AptjOSXDGuE0JICx/Em15PaoO7buLwTs0dGleIHixSM= +k8s.io/apimachinery v0.26.1 h1:8EZ/eGJL+hY/MYCNwhmDzVqq2lPl3N3Bo8rvweJwXUQ= +k8s.io/apimachinery v0.26.1/go.mod h1:tnPmbONNJ7ByJNz9+n9kMjNP8ON+1qoAIIC70lztu74= +k8s.io/client-go v0.26.1 h1:87CXzYJnAMGaa/IDDfRdhTzxk/wzGZ+/HUQpqgVSZXU= +k8s.io/client-go v0.26.1/go.mod h1:IWNSglg+rQ3OcvDkhY6+QLeasV4OYHDjdqeWkDQZwGE= +k8s.io/component-base v0.26.1 h1:4ahudpeQXHZL5kko+iDHqLj/FSGAEUnSVO0EBbgDd+4= +k8s.io/component-base v0.26.1/go.mod h1:VHrLR0b58oC035w6YQiBSbtsf0ThuSwXP+p5dD/kAWU= k8s.io/klog/v2 v2.80.1 h1:atnLQ121W371wYYFawwYx1aEY2eUfs4l3J72wtgAwV4= k8s.io/klog/v2 v2.80.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+OGxg8HsuBr/5f6tVAjDu6E= @@ -607,8 +607,8 @@ k8s.io/utils v0.0.0-20221128185143-99ec85e7a448/go.mod h1:OLgZIPagt7ERELqWJFomSt rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.14.1 h1:vThDes9pzg0Y+UbCPY3Wj34CGIYPgdmspPm2GIpxpzM= -sigs.k8s.io/controller-runtime v0.14.1/go.mod h1:GaRkrY8a7UZF0kqFFbUKG7n9ICiTY5T55P1RiE3UZlU= +sigs.k8s.io/controller-runtime v0.14.4 h1:Kd/Qgx5pd2XUL08eOV2vwIq3L9GhIbJ5Nxengbd4/0M= +sigs.k8s.io/controller-runtime v0.14.4/go.mod h1:WqIdsAY6JBsjfc/CqO0CORmNtoCtE4S6qbPc9s68h+0= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= diff --git a/controllers/password_controller.go b/internal/controller/password_controller.go similarity index 98% rename from controllers/password_controller.go rename to internal/controller/password_controller.go index 4f149f9..26a9153 100644 --- a/controllers/password_controller.go +++ b/internal/controller/password_controller.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "context" @@ -51,7 +51,7 @@ type PasswordReconciler struct { // the user. // // For more details, check Reconcile and its Result here: -// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.14.1/pkg/reconcile +// - https://pkg.go.dev/sigs.k8s.io/controller-runtime@v0.14.4/pkg/reconcile func (r *PasswordReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { logger := log.FromContext(ctx) diff --git a/controllers/suite_test.go b/internal/controller/suite_test.go similarity index 95% rename from controllers/suite_test.go rename to internal/controller/suite_test.go index 48fcdf7..0555ba0 100644 --- a/controllers/suite_test.go +++ b/internal/controller/suite_test.go @@ -14,7 +14,7 @@ See the License for the specific language governing permissions and limitations under the License. */ -package controllers +package controller import ( "path/filepath" @@ -52,7 +52,7 @@ var _ = BeforeSuite(func() { By("bootstrapping test environment") testEnv = &envtest.Environment{ - CRDDirectoryPaths: []string{filepath.Join("..", "config", "crd", "bases")}, + CRDDirectoryPaths: []string{filepath.Join("..", "..", "config", "crd", "bases")}, ErrorIfCRDPathMissing: true, }