From 167c5b4dc943d3b8d1d39e15f23be0d6079c172a Mon Sep 17 00:00:00 2001 From: Yusuke Kuoka Date: Tue, 24 Aug 2021 10:31:36 +0900 Subject: [PATCH] Use non-deprecated API versions in CRDs and Webhooks (#733) Resolves #144 --- api/v1alpha1/runner_webhook.go | 4 +- api/v1alpha1/runnerdeployment_webhook.go | 4 +- api/v1alpha1/runnerreplicaset_webhook.go | 4 +- .../templates/webhook_configs.yaml | 4 +- .../crd/patches/cainjection_in_runners.yaml | 2 +- config/crd/patches/webhook_in_runners.yaml | 19 +-- config/default/webhookcainjection_patch.yaml | 4 +- config/webhook/manifests.v1beta1.yaml | 130 ------------------ config/webhook/manifests.yaml | 128 +++++++++++++++++ 9 files changed, 149 insertions(+), 150 deletions(-) delete mode 100644 config/webhook/manifests.v1beta1.yaml diff --git a/api/v1alpha1/runner_webhook.go b/api/v1alpha1/runner_webhook.go index 7587564626..861fdce66e 100644 --- a/api/v1alpha1/runner_webhook.go +++ b/api/v1alpha1/runner_webhook.go @@ -34,7 +34,7 @@ func (r *Runner) SetupWebhookWithManager(mgr ctrl.Manager) error { Complete() } -// +kubebuilder:webhook:path=/mutate-actions-summerwind-dev-v1alpha1-runner,verbs=create;update,mutating=true,failurePolicy=fail,groups=actions.summerwind.dev,resources=runners,versions=v1alpha1,name=mutate.runner.actions.summerwind.dev,sideEffects=None,webhookVersions=v1beta1 +// +kubebuilder:webhook:path=/mutate-actions-summerwind-dev-v1alpha1-runner,verbs=create;update,mutating=true,failurePolicy=fail,groups=actions.summerwind.dev,resources=runners,versions=v1alpha1,name=mutate.runner.actions.summerwind.dev,sideEffects=None,admissionReviewVersions=v1beta1 var _ webhook.Defaulter = &Runner{} @@ -43,7 +43,7 @@ func (r *Runner) Default() { // Nothing to do. } -// +kubebuilder:webhook:path=/validate-actions-summerwind-dev-v1alpha1-runner,verbs=create;update,mutating=false,failurePolicy=fail,groups=actions.summerwind.dev,resources=runners,versions=v1alpha1,name=validate.runner.actions.summerwind.dev,sideEffects=None,webhookVersions=v1beta1 +// +kubebuilder:webhook:path=/validate-actions-summerwind-dev-v1alpha1-runner,verbs=create;update,mutating=false,failurePolicy=fail,groups=actions.summerwind.dev,resources=runners,versions=v1alpha1,name=validate.runner.actions.summerwind.dev,sideEffects=None,admissionReviewVersions=v1beta1 var _ webhook.Validator = &Runner{} diff --git a/api/v1alpha1/runnerdeployment_webhook.go b/api/v1alpha1/runnerdeployment_webhook.go index d3fc306252..3f5626fec3 100644 --- a/api/v1alpha1/runnerdeployment_webhook.go +++ b/api/v1alpha1/runnerdeployment_webhook.go @@ -34,7 +34,7 @@ func (r *RunnerDeployment) SetupWebhookWithManager(mgr ctrl.Manager) error { Complete() } -// +kubebuilder:webhook:path=/mutate-actions-summerwind-dev-v1alpha1-runnerdeployment,verbs=create;update,mutating=true,failurePolicy=fail,groups=actions.summerwind.dev,resources=runnerdeployments,versions=v1alpha1,name=mutate.runnerdeployment.actions.summerwind.dev,webhookVersions=v1beta1 +// +kubebuilder:webhook:path=/mutate-actions-summerwind-dev-v1alpha1-runnerdeployment,verbs=create;update,mutating=true,failurePolicy=fail,groups=actions.summerwind.dev,resources=runnerdeployments,versions=v1alpha1,name=mutate.runnerdeployment.actions.summerwind.dev,sideEffects=None,admissionReviewVersions=v1beta1 var _ webhook.Defaulter = &RunnerDeployment{} @@ -43,7 +43,7 @@ func (r *RunnerDeployment) Default() { // Nothing to do. } -// +kubebuilder:webhook:path=/validate-actions-summerwind-dev-v1alpha1-runnerdeployment,verbs=create;update,mutating=false,failurePolicy=fail,groups=actions.summerwind.dev,resources=runnerdeployments,versions=v1alpha1,name=validate.runnerdeployment.actions.summerwind.dev,webhookVersions=v1beta1 +// +kubebuilder:webhook:path=/validate-actions-summerwind-dev-v1alpha1-runnerdeployment,verbs=create;update,mutating=false,failurePolicy=fail,groups=actions.summerwind.dev,resources=runnerdeployments,versions=v1alpha1,name=validate.runnerdeployment.actions.summerwind.dev,sideEffects=None,admissionReviewVersions=v1beta1 var _ webhook.Validator = &RunnerDeployment{} diff --git a/api/v1alpha1/runnerreplicaset_webhook.go b/api/v1alpha1/runnerreplicaset_webhook.go index a2888ed900..b728d57df4 100644 --- a/api/v1alpha1/runnerreplicaset_webhook.go +++ b/api/v1alpha1/runnerreplicaset_webhook.go @@ -34,7 +34,7 @@ func (r *RunnerReplicaSet) SetupWebhookWithManager(mgr ctrl.Manager) error { Complete() } -// +kubebuilder:webhook:path=/mutate-actions-summerwind-dev-v1alpha1-runnerreplicaset,verbs=create;update,mutating=true,failurePolicy=fail,groups=actions.summerwind.dev,resources=runnerreplicasets,versions=v1alpha1,name=mutate.runnerreplicaset.actions.summerwind.dev,sideEffects=None,webhookVersions=v1beta1 +// +kubebuilder:webhook:path=/mutate-actions-summerwind-dev-v1alpha1-runnerreplicaset,verbs=create;update,mutating=true,failurePolicy=fail,groups=actions.summerwind.dev,resources=runnerreplicasets,versions=v1alpha1,name=mutate.runnerreplicaset.actions.summerwind.dev,sideEffects=None,admissionReviewVersions=v1beta1 var _ webhook.Defaulter = &RunnerReplicaSet{} @@ -43,7 +43,7 @@ func (r *RunnerReplicaSet) Default() { // Nothing to do. } -// +kubebuilder:webhook:path=/validate-actions-summerwind-dev-v1alpha1-runnerreplicaset,verbs=create;update,mutating=false,failurePolicy=fail,groups=actions.summerwind.dev,resources=runnerreplicasets,versions=v1alpha1,name=validate.runnerreplicaset.actions.summerwind.dev,sideEffects=None,webhookVersions=v1beta1 +// +kubebuilder:webhook:path=/validate-actions-summerwind-dev-v1alpha1-runnerreplicaset,verbs=create;update,mutating=false,failurePolicy=fail,groups=actions.summerwind.dev,resources=runnerreplicasets,versions=v1alpha1,name=validate.runnerreplicaset.actions.summerwind.dev,sideEffects=None,admissionReviewVersions=v1beta1 var _ webhook.Validator = &RunnerReplicaSet{} diff --git a/charts/actions-runner-controller/templates/webhook_configs.yaml b/charts/actions-runner-controller/templates/webhook_configs.yaml index 8c9dcd5c91..3f78423501 100644 --- a/charts/actions-runner-controller/templates/webhook_configs.yaml +++ b/charts/actions-runner-controller/templates/webhook_configs.yaml @@ -1,6 +1,6 @@ --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: creationTimestamp: null @@ -83,7 +83,7 @@ webhooks: matchLabels: "actions-runner-controller/inject-registration-token": "true" --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: creationTimestamp: null diff --git a/config/crd/patches/cainjection_in_runners.yaml b/config/crd/patches/cainjection_in_runners.yaml index dd831d24d7..669725d851 100644 --- a/config/crd/patches/cainjection_in_runners.yaml +++ b/config/crd/patches/cainjection_in_runners.yaml @@ -1,6 +1,6 @@ # The following patch adds a directive for certmanager to inject CA into the CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: diff --git a/config/crd/patches/webhook_in_runners.yaml b/config/crd/patches/webhook_in_runners.yaml index 1180bdee62..b8b56a4f6b 100644 --- a/config/crd/patches/webhook_in_runners.yaml +++ b/config/crd/patches/webhook_in_runners.yaml @@ -1,17 +1,18 @@ # The following patch enables conversion webhook for CRD # CRD conversion requires k8s 1.13 or later. -apiVersion: apiextensions.k8s.io/v1beta1 +apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: name: runners.actions.summerwind.dev spec: conversion: strategy: Webhook - webhookClientConfig: - # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, - # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) - caBundle: Cg== - service: - namespace: system - name: webhook-service - path: /convert + webhook: + clientConfig: + # this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank, + # but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager) + caBundle: Cg== + service: + namespace: system + name: webhook-service + path: /convert diff --git a/config/default/webhookcainjection_patch.yaml b/config/default/webhookcainjection_patch.yaml index 7e79bf9955..02ab515d42 100644 --- a/config/default/webhookcainjection_patch.yaml +++ b/config/default/webhookcainjection_patch.yaml @@ -1,13 +1,13 @@ # This patch add annotation to admission webhook config and # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize. -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: name: mutating-webhook-configuration annotations: cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME) --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: name: validating-webhook-configuration diff --git a/config/webhook/manifests.v1beta1.yaml b/config/webhook/manifests.v1beta1.yaml deleted file mode 100644 index 34ddd6bebc..0000000000 --- a/config/webhook/manifests.v1beta1.yaml +++ /dev/null @@ -1,130 +0,0 @@ - ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: MutatingWebhookConfiguration -metadata: - creationTimestamp: null - name: mutating-webhook-configuration -webhooks: -- admissionReviewVersions: null - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-actions-summerwind-dev-v1alpha1-runner - failurePolicy: Fail - name: mutate.runner.actions.summerwind.dev - rules: - - apiGroups: - - actions.summerwind.dev - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - runners - sideEffects: None -- admissionReviewVersions: null - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-actions-summerwind-dev-v1alpha1-runnerdeployment - failurePolicy: Fail - name: mutate.runnerdeployment.actions.summerwind.dev - rules: - - apiGroups: - - actions.summerwind.dev - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - runnerdeployments - sideEffects: null -- admissionReviewVersions: null - clientConfig: - service: - name: webhook-service - namespace: system - path: /mutate-actions-summerwind-dev-v1alpha1-runnerreplicaset - failurePolicy: Fail - name: mutate.runnerreplicaset.actions.summerwind.dev - rules: - - apiGroups: - - actions.summerwind.dev - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - runnerreplicasets - sideEffects: None - ---- -apiVersion: admissionregistration.k8s.io/v1beta1 -kind: ValidatingWebhookConfiguration -metadata: - creationTimestamp: null - name: validating-webhook-configuration -webhooks: -- admissionReviewVersions: null - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-actions-summerwind-dev-v1alpha1-runner - failurePolicy: Fail - name: validate.runner.actions.summerwind.dev - rules: - - apiGroups: - - actions.summerwind.dev - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - runners - sideEffects: None -- admissionReviewVersions: null - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-actions-summerwind-dev-v1alpha1-runnerdeployment - failurePolicy: Fail - name: validate.runnerdeployment.actions.summerwind.dev - rules: - - apiGroups: - - actions.summerwind.dev - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - runnerdeployments - sideEffects: null -- admissionReviewVersions: null - clientConfig: - service: - name: webhook-service - namespace: system - path: /validate-actions-summerwind-dev-v1alpha1-runnerreplicaset - failurePolicy: Fail - name: validate.runnerreplicaset.actions.summerwind.dev - rules: - - apiGroups: - - actions.summerwind.dev - apiVersions: - - v1alpha1 - operations: - - CREATE - - UPDATE - resources: - - runnerreplicasets - sideEffects: None diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index 35575392ed..20283f519e 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -6,6 +6,66 @@ metadata: creationTimestamp: null name: mutating-webhook-configuration webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-actions-summerwind-dev-v1alpha1-runner + failurePolicy: Fail + name: mutate.runner.actions.summerwind.dev + rules: + - apiGroups: + - actions.summerwind.dev + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - runners + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-actions-summerwind-dev-v1alpha1-runnerdeployment + failurePolicy: Fail + name: mutate.runnerdeployment.actions.summerwind.dev + rules: + - apiGroups: + - actions.summerwind.dev + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - runnerdeployments + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /mutate-actions-summerwind-dev-v1alpha1-runnerreplicaset + failurePolicy: Fail + name: mutate.runnerreplicaset.actions.summerwind.dev + rules: + - apiGroups: + - actions.summerwind.dev + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - runnerreplicasets + sideEffects: None - admissionReviewVersions: - v1beta1 clientConfig: @@ -25,3 +85,71 @@ webhooks: resources: - pods sideEffects: None + +--- +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + creationTimestamp: null + name: validating-webhook-configuration +webhooks: +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-actions-summerwind-dev-v1alpha1-runner + failurePolicy: Fail + name: validate.runner.actions.summerwind.dev + rules: + - apiGroups: + - actions.summerwind.dev + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - runners + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-actions-summerwind-dev-v1alpha1-runnerdeployment + failurePolicy: Fail + name: validate.runnerdeployment.actions.summerwind.dev + rules: + - apiGroups: + - actions.summerwind.dev + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - runnerdeployments + sideEffects: None +- admissionReviewVersions: + - v1beta1 + clientConfig: + service: + name: webhook-service + namespace: system + path: /validate-actions-summerwind-dev-v1alpha1-runnerreplicaset + failurePolicy: Fail + name: validate.runnerreplicaset.actions.summerwind.dev + rules: + - apiGroups: + - actions.summerwind.dev + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - runnerreplicasets + sideEffects: None