Merge pull request #717 from hectorj2f/unify_controllers

Combine the two controllers into a single pod

.github/workflows/codeql-analysis.yml

@@ -67,7 +67,6 @@ jobs:
 
     - name: Build policy controller for CodeQL
       run: |
-        make policy-webhook
         make policy-controller
 
     - name: Perform CodeQL Analysis

.github/workflows/kind-cluster-image-policy-resync-period.yaml

@@ -90,13 +90,10 @@ jobs:
         make ko-policy-controller
         kustomize build test/kustomize-invalid-policy-resync-period | kubectl apply -f -
 
-        # Wait for the webhook to come up and become Ready
-        kubectl rollout status --timeout 5m --namespace cosign-system deployments/webhook
-
         sleep 30
 
         # And make sure a panic occurred
-        kubectl -n cosign-system logs deployment/policy-webhook | grep "panic: Failed to parse --policy-resync-period '1d' : time: unknown unit \"d\" in duration \"1d\""
+        kubectl -n cosign-system logs deployment/webhook | grep "panic: Failed to parse --policy-resync-period '1d' : time: unknown unit \"d\" in duration \"1d\""
 
         sleep 10
 
@@ -114,7 +111,6 @@ jobs:
 
         # Wait for the webhook to come up and become Ready
         kubectl rollout status --timeout 5m --namespace cosign-system deployments/webhook
-        kubectl rollout status --timeout 5m --namespace cosign-system deployments/policy-webhook
         sleep 10
 
     - name: Collect diagnostics

.github/workflows/kind-cluster-image-policy.yaml

@@ -106,7 +106,6 @@ jobs:
 
         # Wait for the webhook to come up and become Ready
         kubectl rollout status --timeout 5m --namespace cosign-system deployments/webhook
-        kubectl rollout status --timeout 5m --namespace cosign-system deployments/policy-webhook
 
         # And make sure everything is up.
         kubectl wait deployment -n cosign-system --for condition=Available=True --timeout=90s --all

.github/workflows/kind-e2e-trustroot-crd.yaml

@@ -84,6 +84,7 @@ jobs:
 
         # Wait for the webhook to come up and become Ready
         kubectl rollout status --timeout 5m --namespace cosign-system deployments/webhook
+        
         kubectl wait deployment -n cosign-system --for condition=Available=True --timeout=90s --all
 
     - name: Run TrustRoot CRD e2e tests

.ko.yaml

@@ -31,17 +31,3 @@ builds:
       - -extldflags "-static"
       - "{{ .Env.LDFLAGS }}"
 
-  - id: policy_webhook
-    dir: .
-    main: ./cmd/policy_webhook
-    env:
-      - CGO_ENABLED=0
-    flags:
-      - -trimpath
-      - --tags
-      - "{{ .Env.GIT_HASH }}"
-      - --tags
-      - "{{ .Env.GIT_VERSION }}"
-    ldflags:
-      - -extldflags "-static"
-      - "{{ .Env.LDFLAGS }}"

Makefile

@@ -85,13 +85,9 @@ fmt: ## Format all go files
 
 ## Build policy-controller binary
 .PHONY: policy-controller
-policy-controller: policy-webhook
+policy-controller:
 	CGO_ENABLED=0 go build -trimpath -ldflags "$(LDFLAGS)" -o $@ ./cmd/webhook
 
-.PHONY: policy-webhook
-policy-webhook: ## Build the policy webhook binary
-	CGO_ENABLED=0 go build -trimpath -ldflags "$(LDFLAGS)" -o $@ ./cmd/policy_webhook
-
 ## Build policy-tester binary
 .PHONY: policy-tester
 policy-tester:
@@ -114,7 +110,6 @@ test:
 
 clean:
 	rm -rf policy-controller
-	rm -rf policy-webhook
 
 KOCACHE_PATH=/tmp/ko
 ARTIFACT_HUB_LABELS=--image-label io.artifacthub.package.readme-url="https://raw.githubusercontent.com/sigstore/policy-controller/main/README.md" \
@@ -133,23 +128,16 @@ endef
 # ko build
 ##########
 .PHONY: ko
-ko: ko-policy-controller ko-policy-webhook
+ko: ko-policy-controller
 
 .PHONY: ko-policy-controller
-ko-policy-controller: kustomize-policy-controller ko-policy-webhook
+ko-policy-controller: kustomize-policy-controller
 	# policy-controller
 	LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
 	KOCACHE=$(KOCACHE_PATH) KO_DOCKER_REPO=$(KO_PREFIX)/policy-controller ko resolve --bare \
 		--platform=$(POLICY_CONTROLLER_ARCHS) --tags $(GIT_VERSION) --tags $(GIT_HASH)$(LATEST_TAG) \
 		--image-refs policyControllerImagerefs --filename config/webhook.yaml >> $(POLICY_CONTROLLER_YAML)
 
-ko-policy-webhook:
-	# policy_webhook
-	LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
-	KOCACHE=$(KOCACHE_PATH) KO_DOCKER_REPO=$(KO_PREFIX)/policy-webhook ko resolve --bare \
-		--platform=$(POLICY_CONTROLLER_ARCHS) --tags $(GIT_VERSION) --tags $(GIT_HASH)$(LATEST_TAG) \
-		--image-refs policyImagerefs --filename config/policy-webhook.yaml >> $(POLICY_CONTROLLER_YAML)
-
 .PHONY: ko-local
 ko-local:
 	LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
@@ -158,12 +146,6 @@ ko-local:
 		$(ARTIFACT_HUB_LABELS) \
 		github.com/sigstore/policy-controller/cmd/webhook
 
-	LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) \
-	KOCACHE=$(KOCACHE_PATH) KO_DOCKER_REPO=ko.local ko build --base-import-paths \
-		--tags $(GIT_VERSION) --tags $(GIT_HASH) \
-		$(ARTIFACT_HUB_LABELS) \
-		github.com/sigstore/policy-controller/cmd/policy_webhook
-
 .PHONY: ko-apply
 ko-apply:
 	LDFLAGS="$(LDFLAGS)" GIT_HASH=$(GIT_HASH) GIT_VERSION=$(GIT_VERSION) ko apply -Bf config/