Admission Controller (Webhook) for Akri Configuration(s)

.dockerignore

@@ -39,18 +39,26 @@
 !target/x86_64-unknown-linux-gnu/release/agent
 !target/x86_64-unknown-linux-gnu/debug/udev-video-broker
 !target/x86_64-unknown-linux-gnu/release/udev-video-broker
+!target/x86_64-unknown-linux-gnu/debug/webhook-configuration
+!target/x86_64-unknown-linux-gnu/release/webhook-configuration
+
 !target/aarch64-unknown-linux-gnu/debug/controller
 !target/aarch64-unknown-linux-gnu/release/controller
 !target/aarch64-unknown-linux-gnu/debug/agent
 !target/aarch64-unknown-linux-gnu/release/agent
 !target/aarch64-unknown-linux-gnu/debug/udev-video-broker
 !target/aarch64-unknown-linux-gnu/release/udev-video-broker
+!target/aarch64-unknown-linux-gnu/debug/webhook-configuration
+!target/aarch64-unknown-linux-gnu/release/webhook-configuration
+
 !target/armv7-unknown-linux-gnueabihf/debug/controller
 !target/armv7-unknown-linux-gnueabihf/release/controller
 !target/armv7-unknown-linux-gnueabihf/debug/agent
 !target/armv7-unknown-linux-gnueabihf/release/agent
 !target/armv7-unknown-linux-gnueabihf/debug/udev-video-broker
 !target/armv7-unknown-linux-gnueabihf/release/udev-video-broker
+!target/armv7-unknown-linux-gnueabihf/debug/webhook-configuration
+!target/armv7-unknown-linux-gnueabihf/release/webhook-configuration
 
 # Cross toml file needs to be available for making the cross build containers
 !Cross.toml

.github/workflows/build-webhook-configuration-container.yml

@@ -0,0 +1,106 @@
+name: Build Webhook Configuration
+
+on:
+  workflow_dispatch:
+    inputs:
+  push:
+    branches: [main]
+    paths:
+      - .github/actions/build-component-per-arch/**
+      - .github/actions/build-component-multi-arch/**
+      - .github/workflows/build-webhook-configuration-container.yml
+      - build/containers/Dockerfile.webhook-configuration
+      - webhooks/validating/configuration
+      - version.txt
+      - build/akri-containers.mk
+      - Makefile
+  pull_request:
+    branches: [main]
+    paths:
+      - .github/actions/build-component-per-arch/**
+      - .github/actions/build-component-multi-arch/**
+      - .github/workflows/build-workflow-configuration-container.yml
+      - build/containers/Dockerfile.workflow-configuration
+      - webhooks/validating/configuration
+      - version.txt
+      - build/akri-containers.mk
+      - Makefile
+  release:
+    types:
+      - published
+
+env:
+  AKRI_COMPONENT: webhook-configuration
+  MAKEFILE_COMPONENT: webhook-configuration
+
+jobs:
+  per-arch:
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+    strategy:
+      matrix:
+        arch:
+          - arm64v8
+          - arm32v7
+          - amd64
+
+    steps:
+      - name: Checkout the head commit of the branch
+        uses: actions/checkout@v2
+        with:
+          persist-credentials: false
+
+      - name: Prepare To Install
+        uses: actions/setup-node@v1
+        with:
+          node-version: 12
+      - name: Install Deps
+        run: |
+          yarn install
+          yarn add @actions/core @actions/github @actions/exec fs
+
+      - name: Run Per-Arch component build for ${{ env.AKRI_COMPONENT }}
+        uses: ./.github/actions/build-component-per-arch
+        with:
+          github_event_name: ${{ github.event_name }}
+          github_ref: ${{ github.ref }}
+          github_event_action: ${{ github.event.action }}
+          github_merged: ${{ github.event.pull_request.merged }}
+          container_name: ${{ env.AKRI_COMPONENT }}
+          container_prefix: ghcr.io/deislabs/akri
+          container_registry_base_url: ghcr.io
+          container_registry_username: ${{ secrets.crUsername }}
+          container_registry_password: ${{ secrets.crPassword }}
+          makefile_component_name: ${{ env.MAKEFILE_COMPONENT }}
+          platform: ${{ matrix.arch }}
+          build_rust: "1"
+
+  multi-arch:
+    if: (github.event_name == 'release') || (github.event_name == 'push' && github.ref == 'refs/heads/main') || (startsWith(github.event_name, 'pull_request') && github.event.action == 'closed' && github.event.pull_request.merged == true && github.ref != 'refs/heads/main')
+    needs: per-arch
+    runs-on: ubuntu-latest
+    timeout-minutes: 60
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v2
+
+      - name: Prepare To Install
+        uses: actions/setup-node@v1
+        with:
+          node-version: 12
+      - name: Install Deps
+        run: |
+          yarn install
+          yarn add @actions/core @actions/github @actions/exec fs
+
+      - name: Run Multi-Arch component build for ${{ env.AKRI_COMPONENT }}
+        uses: ./.github/actions/build-component-multi-arch
+        with:
+          github_event_name: ${{ github.event_name }}
+          container_name: ${{ env.AKRI_COMPONENT }}
+          container_prefix: ghcr.io/deislabs/akri
+          container_registry_base_url: ghcr.io
+          container_registry_username: ${{ secrets.crUsername }}
+          container_registry_password: ${{ secrets.crPassword }}
+          makefile_component_name: ${{ env.MAKEFILE_COMPONENT }}

.github/workflows/run-test-cases.yml

@@ -9,6 +9,7 @@ on:
       - test/run-end-to-end.py
       - test/run-conservation-of-broker-pod.py
       - test/run-helm-install-delete.py
+      - test/run-webhook.py
       - test/shared_test_code.py
       - .github/workflows/run-test-cases.yml
       - build/containers/Dockerfile.agent
@@ -26,6 +27,7 @@ on:
       - test/run-end-to-end.py
       - test/run-conservation-of-broker-pod.py
       - test/run-helm-install-delete.py
+      - test/run-webhook.py
       - test/shared_test_code.py
       - .github/workflows/run-test-cases.yml
       - build/containers/Dockerfile.agent
@@ -64,8 +66,10 @@ jobs:
           make akri-build
           make controller-build-amd64
           make agent-build-amd64
+          make webhook-configuration-build-amd64
           docker save ${PREFIX}/agent:${LABEL_PREFIX}-amd64 > agent.tar
           docker save ${PREFIX}/controller:${LABEL_PREFIX}-amd64 > controller.tar
+          docker save ${PREFIX}/webhook-configuration:${LABEL_PREFIX}-amd64 > webhook-configuration.tar
 
       - name: Upload Agent container as artifact
         if: startsWith(github.event_name, 'pull_request')
@@ -79,6 +83,12 @@ jobs:
         with:
           name: controller.tar
           path: controller.tar
+      - name: Upload Webhook-Configuration container as artifact
+        if: startsWith(github.event_name, 'pull_request')
+        uses: actions/upload-artifact@v2
+        with:
+          name: webhook-configuration.tar
+          path: webhook-configuration.tar
 
   test-cases:
     needs: build-containers
@@ -137,6 +147,8 @@ jobs:
         test:
           - case: end-to-end
             file: test/run-end-to-end.py
+          - case: webhook
+            file: test/run-webhook.py
 
     steps:
       - name: Checkout the head commit of the branch
@@ -163,6 +175,11 @@ jobs:
         uses: actions/download-artifact@v2
         with:
           name: controller.tar
+      - name: Download Webhook-Configuration container artifact
+        if: startsWith(github.event_name, 'pull_request')
+        uses: actions/download-artifact@v2
+        with:
+          name: webhook-configuration.tar
 
       - if: startsWith(matrix.kube.runtime, 'K3s')
         name: Install K3s
@@ -197,6 +214,7 @@ jobs:
         run: |
           sudo k3s ctr image import agent.tar
           sudo k3s ctr image import controller.tar
+          sudo k3s ctr image import webhook-configuration.tar
 
       - if: startsWith(matrix.kube.runtime, 'Kubernetes')
         name: Install Kubernetes
@@ -222,6 +240,7 @@ jobs:
         run: |
           sudo docker load --input agent.tar
           sudo docker load --input controller.tar
+          sudo docker load --input webhook-configuration.tar
 
       - if: startsWith(matrix.kube.runtime, 'MicroK8s')
         name: Install MicroK8s
@@ -234,7 +253,6 @@ jobs:
           sudo chown -f -R $USER $HOME/.kube --verbose
           sudo sh -c "microk8s.kubectl config view --raw >~/.kube/config"
           sudo cat ~/.kube/config
-          # sudo microk8s.enable helm3
           sudo microk8s.enable rbac
           sudo microk8s.enable dns
           until sudo microk8s.status --wait-ready; do sleep 5s; echo "Try again"; done
@@ -253,6 +271,7 @@ jobs:
           sudo microk8s ctr images ls
           sudo microk8s ctr --debug --timeout 10s images import agent.tar
           sudo microk8s ctr --debug --timeout 10s images import controller.tar
+          sudo microk8s ctr --debug --timeout 10s images import webhook-configuration.tar
           sudo microk8s ctr images ls
 
       - name: Add Akri Helm Chart
@@ -270,7 +289,7 @@ jobs:
         run: |
           git fetch origin main
           git show origin/main:version.txt > /tmp/version_to_test.txt
-          echo '--set agent.image.pullPolicy=Never,agent.image.tag=pr-amd64,controller.image.pullPolicy=Never,controller.image.tag=pr-amd64' > /tmp/extra_helm_args.txt
+          echo '--set agent.image.pullPolicy=Never,agent.image.tag=pr-amd64,controller.image.pullPolicy=Never,controller.image.tag=pr-amd64,webhookConfiguration.image.pullPolicy=Never,webhookConfiguration.image.tag=pr-amd64' > /tmp/extra_helm_args.txt
       # For non-PR (i.e. push, release, manual), version.txt is corresponds
       # to an existing Helm chart.
       - if: (!(startsWith(github.event_name, 'pull_request')))
@@ -311,3 +330,9 @@ jobs:
         with:
           name: ${{ matrix.kube.runtime }}-${{ matrix.test.case }}-controller-log
           path: /tmp/controller_log.txt
+      - name: Upload webhook log as artifact
+        if: always()
+        uses: actions/upload-artifact@v2
+        with:
+          name: ${{ matrix.kube.runtime }}-${{ matrix.test.case }}-webhook-log
+          path: /tmp/webhook_log.txt

Cargo.toml

@@ -4,9 +4,4 @@
 h2 = { git = "https://github.com/kate-goldenring/h2", branch = "master" }
 
 [workspace]
-members = [
-  "shared",
-  "controller",
-  "agent",
-  "samples/brokers/udev-video-broker"
-]
+members = ["shared", "controller", "agent", "samples/brokers/udev-video-broker", "webhooks/validating/configuration"]

agent/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "agent"
-version = "0.1.18"
+version = "0.2.0"
 authors = ["Kate Goldenring <[email protected]>", "<[email protected]>"]
 edition = "2018"