diff --git a/Cargo.lock b/Cargo.lock index e49e76b40..398fb4965 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -333,7 +333,7 @@ checksum = "f26201604c87b1e01bd3d98f8d5d9a8fcbb815e8cedb41ffccbeb4bf593a35fe" [[package]] name = "agent" -version = "0.10.7" +version = "0.10.8" dependencies = [ "akri-debug-echo", "akri-discovery-utils", @@ -402,7 +402,7 @@ dependencies = [ [[package]] name = "akri-debug-echo" -version = "0.10.7" +version = "0.10.8" dependencies = [ "akri-discovery-utils", "akri-shared", @@ -422,7 +422,7 @@ dependencies = [ [[package]] name = "akri-discovery-utils" -version = "0.10.7" +version = "0.10.8" dependencies = [ "akri-shared", "anyhow", @@ -444,7 +444,7 @@ dependencies = [ [[package]] name = "akri-onvif" -version = "0.10.7" +version = "0.10.8" dependencies = [ "akri-discovery-utils", "akri-shared", @@ -472,7 +472,7 @@ dependencies = [ [[package]] name = "akri-opcua" -version = "0.10.7" +version = "0.10.8" dependencies = [ "akri-discovery-utils", "akri-shared", @@ -496,7 +496,7 @@ dependencies = [ [[package]] name = "akri-shared" -version = "0.10.7" +version = "0.10.8" dependencies = [ "anyhow", "async-trait", @@ -525,7 +525,7 @@ dependencies = [ [[package]] name = "akri-udev" -version = "0.10.7" +version = "0.10.8" dependencies = [ "akri-discovery-utils", "anyhow", @@ -1043,7 +1043,7 @@ checksum = "fbdcdcb6d86f71c5e97409ad45898af11cbc995b4ee8112d59095a28d376c935" [[package]] name = "controller" -version = "0.10.7" +version = "0.10.8" dependencies = [ "akri-shared", "anyhow", @@ -1243,7 +1243,7 @@ dependencies = [ [[package]] name = "debug-echo-discovery-handler" -version = "0.10.7" +version = "0.10.8" dependencies = [ "akri-debug-echo", "akri-discovery-utils", @@ -2540,7 +2540,7 @@ checksum = "b7e5500299e16ebb147ae15a00a942af264cf3688f47923b8fc2cd5858f23ad3" [[package]] name = "onvif-discovery-handler" -version = "0.10.7" +version = "0.10.8" dependencies = [ "akri-discovery-utils", "akri-onvif", @@ -2590,7 +2590,7 @@ dependencies = [ [[package]] name = "opcua-discovery-handler" -version = "0.10.7" +version = "0.10.8" dependencies = [ "akri-discovery-utils", "akri-opcua", @@ -4206,7 +4206,7 @@ dependencies = [ [[package]] name = "udev-discovery-handler" -version = "0.10.7" +version = "0.10.8" dependencies = [ "akri-discovery-utils", "akri-udev", @@ -4217,7 +4217,7 @@ dependencies = [ [[package]] name = "udev-video-broker" -version = "0.10.7" +version = "0.10.8" dependencies = [ "akri-shared", "env_logger", @@ -4494,7 +4494,7 @@ dependencies = [ [[package]] name = "webhook-configuration" -version = "0.10.7" +version = "0.10.8" dependencies = [ "actix", "actix-rt 2.7.0", diff --git a/agent/Cargo.toml b/agent/Cargo.toml index 62fe9831b..2a3076ae9 100644 --- a/agent/Cargo.toml +++ b/agent/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "agent" -version = "0.10.7" +version = "0.10.8" authors = ["Kate Goldenring ", ""] edition = "2018" rust-version = "1.68.1" diff --git a/controller/Cargo.toml b/controller/Cargo.toml index 15456ddc9..27a9ea8a9 100644 --- a/controller/Cargo.toml +++ b/controller/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "controller" -version = "0.10.7" +version = "0.10.8" authors = ["", ""] edition = "2018" rust-version = "1.68.1" diff --git a/deployment/helm/Chart.yaml b/deployment/helm/Chart.yaml index ed8710c90..190ff52b0 100644 --- a/deployment/helm/Chart.yaml +++ b/deployment/helm/Chart.yaml @@ -15,9 +15,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.10.7 +version: 0.10.8 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 0.10.7 +appVersion: 0.10.8 diff --git a/deployment/helm/templates/webhook-cert-autogen.yaml b/deployment/helm/templates/webhook-cert-autogen.yaml new file mode 100644 index 000000000..e0c638347 --- /dev/null +++ b/deployment/helm/templates/webhook-cert-autogen.yaml @@ -0,0 +1,181 @@ +{{- if and .Values.webhookConfiguration.enabled (not .Values.webhookConfiguration.caBundle) -}} +{{- if .Values.rbac.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ .Values.webhookConfiguration.name }}-patch + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "akri.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - admissionregistration.k8s.io + resources: + - validatingwebhookconfigurations + verbs: + - get + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ .Values.webhookConfiguration.name }}-patch + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "akri.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.webhookConfiguration.name }}-patch +subjects: + - kind: ServiceAccount + name: {{ .Values.webhookConfiguration.name }}-patch + namespace: {{ .Release.Namespace | quote }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ .Values.webhookConfiguration.name }}-patch + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "akri.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook +rules: + - apiGroups: + - "" + resources: + - secrets + verbs: + - get + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ .Values.webhookConfiguration.name }}-patch + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "akri.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ .Values.webhookConfiguration.name }}-patch +subjects: + - kind: ServiceAccount + name: {{ .Values.webhookConfiguration.name }}-patch + namespace: {{ .Release.Namespace | quote }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.webhookConfiguration.name }}-patch + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "akri.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook +--- +{{- end }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Values.webhookConfiguration.name }}-create + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "akri.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook +spec: + ttlSecondsAfterFinished: 0 + template: + metadata: + name: {{ .Values.webhookConfiguration.name }}-create + labels: + {{- include "akri.labels" . | nindent 8 }} + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: create + image: "{{ .Values.webhookConfiguration.certImage.reference }}:{{ .Values.webhookConfiguration.certImage.tag }}" + imagePullPolicy: {{ .Values.webhookConfiguration.certImage.pullPolicy }} + args: + - create + - --host={{ .Values.webhookConfiguration.name }},{{ .Values.webhookConfiguration.name }}.{{ .Release.Namespace }}.svc + - --namespace={{ .Release.Namespace }} + - --secret-name={{ .Values.webhookConfiguration.name }} + - --cert-name=tls.crt + - --key-name=tls.key + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ .Values.webhookConfiguration.name }}-patch + {{- end }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Values.webhookConfiguration.name }}-patch + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + labels: + {{- include "akri.labels" . | nindent 4 }} + app.kubernetes.io/component: admission-webhook +spec: + ttlSecondsAfterFinished: 0 + template: + metadata: + name: {{ .Values.webhookConfiguration.name }}-patch + labels: + {{- include "akri.labels" . | nindent 8 }} + app.kubernetes.io/component: admission-webhook + spec: + containers: + - name: patch + image: "{{ .Values.webhookConfiguration.certImage.reference }}:{{ .Values.webhookConfiguration.certImage.tag }}" + imagePullPolicy: {{ .Values.webhookConfiguration.certImage.pullPolicy }} + args: + - patch + - --webhook-name={{ .Values.webhookConfiguration.name }} + - --namespace={{ .Release.Namespace }} + - --patch-mutating=false + - --secret-name={{ .Values.webhookConfiguration.name }} + - --patch-failure-policy=Fail + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + restartPolicy: OnFailure + + {{- if .Values.rbac.enabled }} + serviceAccountName: {{ .Values.webhookConfiguration.name }}-patch + {{- end }} +{{- end -}} \ No newline at end of file diff --git a/deployment/helm/templates/webhook-configuration.yaml b/deployment/helm/templates/webhook-configuration.yaml index 167ce1315..a66fe1741 100644 --- a/deployment/helm/templates/webhook-configuration.yaml +++ b/deployment/helm/templates/webhook-configuration.yaml @@ -126,7 +126,9 @@ items: namespace: {{ .Release.Namespace }} port: 443 path: "/validate" - caBundle: {{ required "please rerun helm install" .Values.webhookConfiguration.caBundle }} + {{- if .Values.webhookConfiguration.caBundle }} + caBundle: {{ .Values.webhookConfiguration.caBundle }} + {{- end }} rules: - operations: - "CREATE" diff --git a/deployment/helm/values.yaml b/deployment/helm/values.yaml index ce8c9d515..9f6a5865b 100644 --- a/deployment/helm/values.yaml +++ b/deployment/helm/values.yaml @@ -833,10 +833,11 @@ udev: # Admission Controllers (Webhooks) webhookConfiguration: # enabled defines whether to apply the Akri Admission Controller (Webhook) for Akri Configurations - enabled: false + enabled: true # name of the webhook name: akri-webhook-configuration - # base64-encoded CA certificate (PEM) used by Kubernetes to validate the Webhook's certificate + # base64-encoded CA certificate (PEM) used by Kubernetes to validate the Webhook's certificate, if + # unset, will generate a self-signed certificate valid for 100y caBundle: null image: # repository is the Akri Webhook for Configurations image reference @@ -847,6 +848,13 @@ webhookConfiguration: tag: # pullPolicy is the Akri Webhook pull policy pullPolicy: Always + certImage: + # reference is the webhook-certgen image reference + reference: registry.k8s.io/ingress-nginx/kube-webhook-certgen + # tag is the webhook-certgen image tag + tag: v1.1.1 + # pullPolicy is the webhook-certgen pull policy + pullPolicy: IfNotPresent # onlyOnControlPlane dictates whether the Akri Webhook will only run on nodes with # the label with (key, value) of ("node-role.kubernetes.io/master", "") onlyOnControlPlane: false diff --git a/discovery-handler-modules/debug-echo-discovery-handler/Cargo.toml b/discovery-handler-modules/debug-echo-discovery-handler/Cargo.toml index 0e8d58e35..8309d401b 100644 --- a/discovery-handler-modules/debug-echo-discovery-handler/Cargo.toml +++ b/discovery-handler-modules/debug-echo-discovery-handler/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "debug-echo-discovery-handler" -version = "0.10.7" +version = "0.10.8" authors = ["Kate Goldenring "] edition = "2018" rust-version = "1.68.1" diff --git a/discovery-handler-modules/onvif-discovery-handler/Cargo.toml b/discovery-handler-modules/onvif-discovery-handler/Cargo.toml index dd499b385..69b1c09c0 100644 --- a/discovery-handler-modules/onvif-discovery-handler/Cargo.toml +++ b/discovery-handler-modules/onvif-discovery-handler/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "onvif-discovery-handler" -version = "0.10.7" +version = "0.10.8" authors = ["Kate Goldenring "] edition = "2018" rust-version = "1.68.1" diff --git a/discovery-handler-modules/opcua-discovery-handler/Cargo.toml b/discovery-handler-modules/opcua-discovery-handler/Cargo.toml index cf09a358a..cf4649d87 100644 --- a/discovery-handler-modules/opcua-discovery-handler/Cargo.toml +++ b/discovery-handler-modules/opcua-discovery-handler/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "opcua-discovery-handler" -version = "0.10.7" +version = "0.10.8" authors = ["Kate Goldenring "] edition = "2018" rust-version = "1.68.1" diff --git a/discovery-handler-modules/udev-discovery-handler/Cargo.toml b/discovery-handler-modules/udev-discovery-handler/Cargo.toml index cfe4f7b7b..81306603a 100644 --- a/discovery-handler-modules/udev-discovery-handler/Cargo.toml +++ b/discovery-handler-modules/udev-discovery-handler/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "udev-discovery-handler" -version = "0.10.7" +version = "0.10.8" authors = ["Kate Goldenring "] edition = "2018" rust-version = "1.68.1" diff --git a/discovery-handlers/debug-echo/Cargo.toml b/discovery-handlers/debug-echo/Cargo.toml index 45ac4fd38..2887009c7 100644 --- a/discovery-handlers/debug-echo/Cargo.toml +++ b/discovery-handlers/debug-echo/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "akri-debug-echo" -version = "0.10.7" +version = "0.10.8" authors = ["Kate Goldenring "] edition = "2018" rust-version = "1.68.1" diff --git a/discovery-handlers/onvif/Cargo.toml b/discovery-handlers/onvif/Cargo.toml index f397c4c6c..e6be81690 100644 --- a/discovery-handlers/onvif/Cargo.toml +++ b/discovery-handlers/onvif/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "akri-onvif" -version = "0.10.7" +version = "0.10.8" authors = ["Kate Goldenring "] edition = "2018" rust-version = "1.68.1" diff --git a/discovery-handlers/opcua/Cargo.toml b/discovery-handlers/opcua/Cargo.toml index 5e6a9fe56..0a0e5cbd0 100644 --- a/discovery-handlers/opcua/Cargo.toml +++ b/discovery-handlers/opcua/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "akri-opcua" -version = "0.10.7" +version = "0.10.8" authors = ["Kate Goldenring "] edition = "2018" rust-version = "1.68.1" diff --git a/discovery-handlers/udev/Cargo.toml b/discovery-handlers/udev/Cargo.toml index c4fc31a22..b09e0f602 100644 --- a/discovery-handlers/udev/Cargo.toml +++ b/discovery-handlers/udev/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "akri-udev" -version = "0.10.7" +version = "0.10.8" authors = ["Kate Goldenring "] edition = "2018" rust-version = "1.68.1" diff --git a/discovery-utils/Cargo.toml b/discovery-utils/Cargo.toml index b35ada25c..c1c48e315 100644 --- a/discovery-utils/Cargo.toml +++ b/discovery-utils/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "akri-discovery-utils" -version = "0.10.7" +version = "0.10.8" authors = ["Kate Goldenring "] edition = "2018" rust-version = "1.68.1" diff --git a/samples/brokers/udev-video-broker/Cargo.toml b/samples/brokers/udev-video-broker/Cargo.toml index 81837538a..c08332a50 100644 --- a/samples/brokers/udev-video-broker/Cargo.toml +++ b/samples/brokers/udev-video-broker/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "udev-video-broker" -version = "0.10.7" +version = "0.10.8" authors = ["Kate Goldenring ", ""] edition = "2018" rust-version = "1.68.1" diff --git a/shared/Cargo.toml b/shared/Cargo.toml index 46b78d5c5..000d75060 100644 --- a/shared/Cargo.toml +++ b/shared/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "akri-shared" -version = "0.10.7" +version = "0.10.8" authors = [""] edition = "2018" rust-version = "1.68.1" diff --git a/version.txt b/version.txt index 2d993c425..1a46c7f13 100644 --- a/version.txt +++ b/version.txt @@ -1 +1 @@ -0.10.7 +0.10.8 diff --git a/webhooks/validating/configuration/Cargo.toml b/webhooks/validating/configuration/Cargo.toml index f70357598..3c8d8d92c 100644 --- a/webhooks/validating/configuration/Cargo.toml +++ b/webhooks/validating/configuration/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "webhook-configuration" -version = "0.10.7" +version = "0.10.8" authors = ["DazWilkin "] edition = "2018" rust-version = "1.68.1"