Change ExtensionConfig to Cluster scoped

Signed-off-by: killianmuldoon <[email protected]>
kubernetes-sigs · May 25, 2022 · 5f3276f · 5f3276f
1 parent 3224c6b
commit 5f3276f
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 12 deletions.
diff --git a/config/crd/bases/runtime.cluster.x-k8s.io_extensionconfigs.yaml b/config/crd/bases/runtime.cluster.x-k8s.io_extensionconfigs.yaml
@@ -17,7 +17,7 @@ spec:
     shortNames:
     - ext
     singular: extensionconfig
-  scope: Namespaced
+  scope: Cluster
   versions:
   - additionalPrinterColumns:
     - description: Time duration since creation of ExtensionConfig

diff --git a/docs/proposals/20220221-runtime-SDK.md b/docs/proposals/20220221-runtime-SDK.md
@@ -269,8 +269,8 @@ can be found in the annex at the end of the document. Please note that during im
 mechanism allowing to:
 
 - Inform admins about Runtime Extension using a deprecated version of a Runtime Hook (e.g. return a well known
-  HTTP header, set a condition on the RuntimeExtensionConfiguration object defined in the following paragraphs,
-  webhook warnings on RuntimeExtensionConfiguration create/update).
+  HTTP header, set a condition on the ExtensionConfig object defined in the following paragraphs,
+  webhook warnings on ExtensionConfig create/update).
 - Prevent upgrades to new Cluster API versions that makes configured Runtime Extension not functional due to
   the expiration of the deprecation period (e.g. implement a preflight check in the `clusterctl upgrade` command
   or a validation webhook, if possible).
@@ -510,7 +510,7 @@ In these cases above recommendations about availability and identity and access
 _Important! Cluster administrators should carefully vet any Runtime Extension registration, thus preventing
 malicious components from being added to the system._
 
-_Creating RuntimeExtensionConfiguration will be allowed only if the Runtime Extension feature flag is set to true._
+_Creating ExtensionConfigs will be allowed only if the Runtime Extension feature flag is set to true._
 
 By registering a Runtime Extension the Cluster API Runtime becomes aware of a Runtime Extension implementing a
 Runtime Hook, and as a consequence the runtime starts calling the extension at well-defined moments of the
@@ -519,11 +519,11 @@ workload cluster’s lifecycle.
 This process has many similarities with registering dynamic webhooks in Kubernetes, but some specific 
 behavior is introduced by this proposal:
 
-The Cluster administrator is required to register available Runtime Extension server using the following CR
+The Cluster administrator is required to register available Runtime Extension server using the following CR:
 
 ```yaml
-apiVersion: runtime.cluster.x-k8s.io/v1beta1
-kind: Extension
+apiVersion: runtime.cluster.x-k8s.io/v1alpha1
+kind: ExtensionConfig
 metadata:
   name: "my-amazing-extensions"
 spec:
@@ -544,7 +544,7 @@ spec:
 ```
 
 Once the extension is registered the [discovery hook](#discovery-hook) is called and the above CR is updated with the list
-of the Runtime Extensions supported by the server.
+of the Runtime Extensions supported by the server. The ExtensionConfig is Cluster scoped, meaning it has no namespace. The `namespaceSelector` will enable targeting of a subset of Clusters. 
 
 ```yaml
 
@@ -791,7 +791,7 @@ Following threats were considered:
 - Malicious Runtime Extensions being registered 
 
 Mitigation: The same mitigations used for avoiding malicious dynamic webhooks in Kubernetes apply
-(defining RBAC rules for the RuntimeExtensionConfiguration assigning this responsibility to cluster admin only).
+(defining RBAC rules for the ExtensionConfig assigning this responsibility to cluster admin only).
 
 - Privilege escalation of HTTP Servers running Runtime Extensions
 

diff --git a/exp/runtime/api/v1alpha1/extensionconfig_types.go b/exp/runtime/api/v1alpha1/extensionconfig_types.go
@@ -152,7 +152,7 @@ const (
 // ANCHOR_END: ExtensionConfigStatus
 
 // +kubebuilder:object:root=true
-// +kubebuilder:resource:path=extensionconfigs,shortName=ext,scope=Namespaced,categories=cluster-api
+// +kubebuilder:resource:path=extensionconfigs,shortName=ext,scope=Cluster,categories=cluster-api
 // +kubebuilder:subresource:status
 // +kubebuilder:storageversion
 // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp",description="Time duration since creation of ExtensionConfig"

diff --git a/test/go.mod b/test/go.mod
@@ -52,7 +52,6 @@ require (
 	github.com/docker/distribution v2.8.0+incompatible // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/drone/envsubst/v2 v2.0.0-20210730161058-179042472c46 // indirect
-	github.com/emicklei/go-restful v2.15.0+incompatible // indirect
 	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
 	github.com/evanphx/json-patch/v5 v5.6.0 // indirect
 	github.com/fsnotify/fsnotify v1.5.1 // indirect

diff --git a/test/go.sum b/test/go.sum
@@ -346,7 +346,6 @@ github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25Kn
 github.com/elazarl/goproxy v0.0.0-20180725130230-947c36da3153/go.mod h1:/Zj4wYkgs4iZTTu3o/KG3Itv/qCCa8VVMlb3i9OVuzc=
 github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
-github.com/emicklei/go-restful v2.15.0+incompatible h1:8KpYO/Xl/ZudZs5RNOEhWMBY4hmzlZhhRd9cu+jrZP4=
 github.com/emicklei/go-restful v2.15.0+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
 github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=