Use admission webhooks v1

Signed-off-by: Quique Llorente <[email protected]>
qinqon · Feb 23, 2021 · 1503faa · 1503faa
1 parent fe1aab8
commit 1503faa
Show file tree

Hide file tree

Showing 12 changed files with 50 additions and 351 deletions.
diff --git a/Makefile b/Makefile
@@ -53,9 +53,6 @@ testenv:
 test: $(GO) testenv
 	KUBEBUILDER_ASSETS=$(BIN_DIR) $(GO) test $(WHAT) -timeout 2m -ginkgo.v -ginkgo.noColor=false  -test.v
 
-pod:
-	$(GO) build -o $(BIN_DIR) ./pkg/... ./test/pod
-
 build:
 	$(GO) build ./pkg/...
 

diff --git a/pkg/certificate/certificate_suite_test.go b/pkg/certificate/certificate_suite_test.go
@@ -9,7 +9,7 @@ import (
 
 	"github.com/onsi/ginkgo/reporters"
 
-	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/klog"
@@ -24,6 +24,8 @@ var (
 	//      KUBECONFIG env var
 	useCluster = false
 
+	sideEffects = admissionregistrationv1.SideEffectClassNone
+
 	expectedNamespace = corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "foowebhook",
@@ -37,23 +39,25 @@ var (
 		},
 		Spec: corev1.ServiceSpec{
 			Ports: []corev1.ServicePort{
-				corev1.ServicePort{
+				{
 					Name: "https",
 					Port: 8443,
 				},
 			},
 		},
 	}
 
-	expectedMutatingWebhookConfiguration = admissionregistrationv1beta1.MutatingWebhookConfiguration{
+	expectedMutatingWebhookConfiguration = admissionregistrationv1.MutatingWebhookConfiguration{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "foowebhook",
 		},
-		Webhooks: []admissionregistrationv1beta1.MutatingWebhook{
-			admissionregistrationv1beta1.MutatingWebhook{
-				Name: "foowebhook.qinqon.io",
-				ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
-					Service: &admissionregistrationv1beta1.ServiceReference{
+		Webhooks: []admissionregistrationv1.MutatingWebhook{
+			{
+				SideEffects:             &sideEffects,
+				AdmissionReviewVersions: []string{"v1"},
+				Name:                    "foowebhook.qinqon.io",
+				ClientConfig: admissionregistrationv1.WebhookClientConfig{
+					Service: &admissionregistrationv1.ServiceReference{
 						Name:      expectedService.Name,
 						Namespace: expectedService.Namespace,
 					},

diff --git a/pkg/certificate/configuration.go b/pkg/certificate/configuration.go
@@ -10,7 +10,7 @@ import (
 
 	"github.com/pkg/errors"
 
-	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/wait"
@@ -20,12 +20,12 @@ import (
 	"github.com/qinqon/kube-admission-webhook/pkg/certificate/triple"
 )
 
-func mutatingWebhookConfig(webhook client.Object) *admissionregistrationv1beta1.MutatingWebhookConfiguration {
-	return webhook.(*admissionregistrationv1beta1.MutatingWebhookConfiguration)
+func mutatingWebhookConfig(webhook client.Object) *admissionregistrationv1.MutatingWebhookConfiguration {
+	return webhook.(*admissionregistrationv1.MutatingWebhookConfiguration)
 }
 
-func validatingWebhookConfig(webhook client.Object) *admissionregistrationv1beta1.ValidatingWebhookConfiguration {
-	return webhook.(*admissionregistrationv1beta1.ValidatingWebhookConfiguration)
+func validatingWebhookConfig(webhook client.Object) *admissionregistrationv1.ValidatingWebhookConfiguration {
+	return webhook.(*admissionregistrationv1.ValidatingWebhookConfiguration)
 }
 
 // clientConfigList returns the the list of webhooks's mutation or validating WebhookClientConfig
@@ -34,8 +34,8 @@ func validatingWebhookConfig(webhook client.Object) *admissionregistrationv1beta
 // that uses the interface client.Object and do some type checking to access it [1].
 //
 // [1] https://godoc.org/k8s.io/kubernetes/pkg/apis/admissionregistration#WebhookClientConfig
-func (m *Manager) clientConfigList(webhook client.Object) []*admissionregistrationv1beta1.WebhookClientConfig {
-	clientConfigList := []*admissionregistrationv1beta1.WebhookClientConfig{}
+func (m *Manager) clientConfigList(webhook client.Object) []*admissionregistrationv1.WebhookClientConfig {
+	clientConfigList := []*admissionregistrationv1.WebhookClientConfig{}
 	if m.webhookType == MutatingWebhook {
 		mutatingWebhookConfig := mutatingWebhookConfig(webhook)
 		for i, _ := range mutatingWebhookConfig.Webhooks {
@@ -55,9 +55,9 @@ func (m *Manager) clientConfigList(webhook client.Object) []*admissionregistrati
 func (m *Manager) readyWebhookConfiguration() (client.Object, error) {
 	var webhook client.Object
 	if m.webhookType == MutatingWebhook {
-		webhook = &admissionregistrationv1beta1.MutatingWebhookConfiguration{}
+		webhook = &admissionregistrationv1.MutatingWebhookConfiguration{}
 	} else if m.webhookType == ValidatingWebhook {
-		webhook = &admissionregistrationv1beta1.ValidatingWebhookConfiguration{}
+		webhook = &admissionregistrationv1.ValidatingWebhookConfiguration{}
 	} else {
 		return nil, fmt.Errorf("Unknown webhook type %s", m.webhookType)
 	}

diff --git a/pkg/certificate/controller.go b/pkg/certificate/controller.go
@@ -7,7 +7,7 @@ import (
 
 	"github.com/pkg/errors"
 
-	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller"
@@ -66,13 +66,13 @@ func (m *Manager) add(mgr manager.Manager, r reconcile.Reconciler) error {
 	}
 
 	logger.Info("Starting to watch validatingwebhookconfiguration")
-	err = c.Watch(&source.Kind{Type: &admissionregistrationv1beta1.ValidatingWebhookConfiguration{}}, &handler.EnqueueRequestForObject{}, onEventForThisWebhook)
+	err = c.Watch(&source.Kind{Type: &admissionregistrationv1.ValidatingWebhookConfiguration{}}, &handler.EnqueueRequestForObject{}, onEventForThisWebhook)
 	if err != nil {
 		return errors.Wrap(err, "failed watching ValidatingWebhookConfiguration")
 	}
 
 	logger.Info("Starting to watch mutatingwebhookconfiguration")
-	err = c.Watch(&source.Kind{Type: &admissionregistrationv1beta1.MutatingWebhookConfiguration{}}, &handler.EnqueueRequestForObject{}, onEventForThisWebhook)
+	err = c.Watch(&source.Kind{Type: &admissionregistrationv1.MutatingWebhookConfiguration{}}, &handler.EnqueueRequestForObject{}, onEventForThisWebhook)
 	if err != nil {
 		return errors.Wrap(err, "failed watching MutatingWebhookConfiguration")
 	}

diff --git a/pkg/certificate/controller_test.go b/pkg/certificate/controller_test.go
@@ -8,7 +8,7 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/gomega"
 
-	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/types"
@@ -94,7 +94,7 @@ var _ = Describe("Certificates controller", func() {
 	}
 
 	getTLS := func() TLS {
-		obtainedWebhookConfiguration := admissionregistrationv1beta1.MutatingWebhookConfiguration{}
+		obtainedWebhookConfiguration := admissionregistrationv1.MutatingWebhookConfiguration{}
 		err := cli.Get(context.TODO(), types.NamespacedName{Name: "foowebhook"}, &obtainedWebhookConfiguration)
 		Expect(err).To(Succeed(), "should success getting mutatingwebhookconfiguration")
 
@@ -363,8 +363,8 @@ func getSecret() corev1.Secret {
 	return obtainedSecret
 }
 
-func getWebhookConfiguration() admissionregistrationv1beta1.MutatingWebhookConfiguration {
-	obtainedWebhookConfiguration := admissionregistrationv1beta1.MutatingWebhookConfiguration{}
+func getWebhookConfiguration() admissionregistrationv1.MutatingWebhookConfiguration {
+	obtainedWebhookConfiguration := admissionregistrationv1.MutatingWebhookConfiguration{}
 	err := cli.Get(context.TODO(), types.NamespacedName{
 		Namespace: expectedMutatingWebhookConfiguration.Namespace,
 		Name:      expectedMutatingWebhookConfiguration.Name,
@@ -373,7 +373,7 @@ func getWebhookConfiguration() admissionregistrationv1beta1.MutatingWebhookConfi
 	return obtainedWebhookConfiguration
 }
 
-func updateWebhookConfiguration(webhookConfiguration admissionregistrationv1beta1.MutatingWebhookConfiguration) {
+func updateWebhookConfiguration(webhookConfiguration admissionregistrationv1.MutatingWebhookConfiguration) {
 	err := cli.Update(context.TODO(), &webhookConfiguration)
 	Expect(err).To(Succeed(), "should succeed update mutatingwebhookconfiguration")
 }
diff --git a/pkg/certificate/manager_test.go b/pkg/certificate/manager_test.go
@@ -9,7 +9,7 @@ import (
 	. "github.com/onsi/ginkgo"
 	. "github.com/onsi/ginkgo/extensions/table"
 	. "github.com/onsi/gomega"
-	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
@@ -141,18 +141,18 @@ var _ = Describe("certificate manager", func() {
 		ExpectWithOffset(1, err).To(Succeed(), "should success deleting secret")
 	}
 
-	loadMutatingWebhook := func(manager *Manager) admissionregistrationv1beta1.MutatingWebhookConfiguration {
+	loadMutatingWebhook := func(manager *Manager) admissionregistrationv1.MutatingWebhookConfiguration {
 		webhookKey := types.NamespacedName{
 			Namespace: expectedMutatingWebhookConfiguration.ObjectMeta.Namespace,
 			Name:      expectedMutatingWebhookConfiguration.ObjectMeta.Name,
 		}
-		obtainedMutatingWebhookConfiguration := admissionregistrationv1beta1.MutatingWebhookConfiguration{}
+		obtainedMutatingWebhookConfiguration := admissionregistrationv1.MutatingWebhookConfiguration{}
 		err := manager.client.Get(context.TODO(), webhookKey, &obtainedMutatingWebhookConfiguration)
 		ExpectWithOffset(1, err).To(Succeed(), "should success getting mutatingwebhookconfiguration")
 		return obtainedMutatingWebhookConfiguration
 	}
 
-	updateMutatingWebhook := func(manager *Manager, mutatingWebhookConfigurationToUpdate *admissionregistrationv1beta1.MutatingWebhookConfiguration) {
+	updateMutatingWebhook := func(manager *Manager, mutatingWebhookConfigurationToUpdate *admissionregistrationv1.MutatingWebhookConfiguration) {
 		err := manager.client.Update(context.TODO(), mutatingWebhookConfigurationToUpdate)
 		ExpectWithOffset(1, err).To(Succeed(), "should success updating mutatingwebhookconfiguration")
 	}

diff --git a/pkg/webhook/server/server_suite_test.go b/pkg/webhook/server/server_suite_test.go
@@ -9,7 +9,7 @@ import (
 
 	"github.com/onsi/ginkgo/reporters"
 
-	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -29,32 +29,35 @@ var (
 			Name: "foowebhook",
 		},
 	}
-	selectedScope = admissionregistrationv1beta1.NamespacedScope
+	selectedScope = admissionregistrationv1.NamespacedScope
 	servicePath   = "/mutatepod"
-	failurePolicy = admissionregistrationv1beta1.Fail
+	failurePolicy = admissionregistrationv1.Fail
+	sideEffects   = admissionregistrationv1.SideEffectClassNone
 	mutatepodURL  = "https://localhost:8443/mutatepod"
 
-	expectedMutatingWebhookConfiguration = admissionregistrationv1beta1.MutatingWebhookConfiguration{
+	expectedMutatingWebhookConfiguration = admissionregistrationv1.MutatingWebhookConfiguration{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: "foowebhook",
 		},
-		Webhooks: []admissionregistrationv1beta1.MutatingWebhook{
-			admissionregistrationv1beta1.MutatingWebhook{
+		Webhooks: []admissionregistrationv1.MutatingWebhook{
+			{
 				Name: "foowebhook.qinqon.io",
-				ClientConfig: admissionregistrationv1beta1.WebhookClientConfig{
+				ClientConfig: admissionregistrationv1.WebhookClientConfig{
 					URL: &mutatepodURL,
 				},
-				FailurePolicy: &failurePolicy,
-				Rules: []admissionregistrationv1beta1.RuleWithOperations{
+				FailurePolicy:           &failurePolicy,
+				SideEffects:             &sideEffects,
+				AdmissionReviewVersions: []string{"v1"},
+				Rules: []admissionregistrationv1.RuleWithOperations{
 					{
-						Rule: admissionregistrationv1beta1.Rule{
+						Rule: admissionregistrationv1.Rule{
 							APIGroups:   []string{""},
 							APIVersions: []string{"v1"},
 							Resources:   []string{"pods"},
 							Scope:       &selectedScope,
 						},
-						Operations: []admissionregistrationv1beta1.OperationType{
-							admissionregistrationv1beta1.Create,
+						Operations: []admissionregistrationv1.OperationType{
+							admissionregistrationv1.Create,
 						},
 					},
 				},

diff --git a/pkg/webhook/server/server_test.go b/pkg/webhook/server/server_test.go
@@ -16,7 +16,7 @@ import (
 
 	"github.com/phayes/freeport"
 
-	admissionregistrationv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	admissionregistrationv1 "k8s.io/api/admissionregistration/v1"
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -52,7 +52,7 @@ var _ = Describe("Webhook server", func() {
 			Expect(err).To(Succeed(), "should succeed selectiong a free port")
 
 			freeportURL := strings.ReplaceAll(mutatepodURL, "8443", strconv.Itoa(freePort))
-			obtainedMutatingWebhookConfiguration := admissionregistrationv1beta1.MutatingWebhookConfiguration{}
+			obtainedMutatingWebhookConfiguration := admissionregistrationv1.MutatingWebhookConfiguration{}
 
 			err = cli.Get(context.TODO(), types.NamespacedName{Name: expectedMutatingWebhookConfiguration.Name}, &obtainedMutatingWebhookConfiguration)
 			Expect(err).To(Succeed(), "should succeed getting mutatingwebhookconfiguration")

diff --git a/test/pod/controller.go b/test/pod/controller.go