refactor: remove the controller code and use the webhook code in the …

…runtime manager.
kcl-lang · Aug 30, 2023 · d272e22 · d272e22
1 parent 9f34c3c
commit d272e22
Show file tree

Hide file tree

Showing 7 changed files with 20 additions and 155 deletions.
diff --git a/Makefile b/Makefile
@@ -49,7 +49,7 @@ endif
 # Image URL to use all building/pushing image targets
 IMG ?= controller:latest
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
-ENVTEST_K8S_VERSION = 1.26.0
+ENVTEST_K8S_VERSION = 1.28.0
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))

diff --git a/config/all.yaml b/config/all.yaml
@@ -315,20 +315,21 @@ spec:
             memory: 64Mi
       terminationGracePeriodSeconds: 10
 ---
-apiVersion: admissionregistration.k8s.io/v1beta1
+apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   creationTimestamp: null
-  name: kcl-operator-prometheus-rule-validating-webhook
+  name: kcl-operator-validating-webhook-configuration
 webhooks:
-- clientConfig:
-    caBundle: Cg==
+- admissionReviewVersions:
+  - v1
+  clientConfig:
     service:
       name: kcl-operator-webhook-service
       namespace: kcl-operator-system
-      path: /validate-v1-prometheusrule
+      path: /validate-v1alpha1-kcl-run
   failurePolicy: Fail
-  name: prometheusrule-validating-webhook.example.com
+  name: kcl-run-validating-webhook.kcl-lang.io
   rules:
   - apiGroups:
     - ""
@@ -339,3 +340,4 @@ webhooks:
     - UPDATE
     resources:
     - pods
+  sideEffects: None
diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml
@@ -13,7 +13,7 @@ webhooks:
       namespace: system
       path: /validate-v1alpha1-kcl-run
   failurePolicy: Fail
-  name: kcl-run-validating-webhook.kcl-lang.io
+  name: kcl-run-validating-webhook
   rules:
   - apiGroups:
     - ""

diff --git a/controllers/kclrun_controller.go b/controllers/kclrun_controller.go
diff --git a/controllers/suite_test.go b/controllers/suite_test.go
diff --git a/main.go b/main.go
@@ -45,7 +45,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	// +kubebuilder:scaffold:builder
+	//+kubebuilder:scaffold:builder
 
 	setupLog.Info("setting up webhook server")
 	hookServer := mgr.GetWebhookServer()

diff --git a/pkg/webhook/handler/validation.go b/pkg/webhook/handler/validation.go
@@ -15,18 +15,21 @@ import (
 	"sigs.k8s.io/yaml"
 )
 
-// +kubebuilder:webhook:admissionReviewVersions=v1,path=/validate-v1alpha1-kcl-run,mutating=false,failurePolicy=fail,groups="",resources=pods,verbs=create;update,versions=v1,sideEffects=none,name=kcl-run-validating-webhook.kcl-lang.io
+//+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns,verbs=get;list;watch;create;update;patch;delete
+//+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns/status,verbs=get;update;patch
+//+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns/finalizers,verbs=update
+//+kubebuilder:webhook:admissionReviewVersions=v1,path=/validate-v1alpha1-kcl-run,mutating=false,failurePolicy=fail,groups="",resources=pods,verbs=create;update,versions=v1,sideEffects=none,name=kcl-run-validating-webhook
 
-// ValidationHandler validates PrometheusRules
+// ValidationHandler validates Kubernetes resources using the KCL source.
 type ValidationHandler struct {
 	Client  client.Client
 	Reader  client.Reader
 	Scheme  *runtime.Scheme
 	decoder *admission.Decoder
 }
 
-// ValidationHandler admits a PrometheusRule if a specific set of Rule labels exist
 func (v *ValidationHandler) Handle(ctx context.Context, req admission.Request) admission.Response {
+	// Get the KCL source
 	kclRun := &krmkcldevv1alpha1.KCLRun{}
 	err := v.Client.Get(ctx, types.NamespacedName{Name: req.AdmissionRequest.Namespace}, kclRun)
 	if err != nil {
@@ -36,14 +39,16 @@ func (v *ValidationHandler) Handle(ctx context.Context, req admission.Request) a
 	if err != nil {
 		return admission.Errored(http.StatusBadRequest, err)
 	}
+	// Input Example: https://github.com/kcl-lang/krm-kcl/blob/main/examples/mutation/set-annotations/suite/good.yaml
 	in, out := bytes.NewBuffer([]byte{}), bytes.NewBuffer([]byte{})
 	in.WriteString("\n---\n")
 	in.Write(kclRunBytes)
+	// Run pipeline to get the result mutated or validated by the KCL source.
 	pipeline := kio.NewPipeline(in, out, false)
 	if err := pipeline.Execute(); err != nil {
 		return admission.Errored(http.StatusBadRequest, err)
 	}
-	// the actual mutation is done by a string in JSONPatch style, i.e. we don't _actually_ modify the object, but
+	// The actual mutation is done by a string in JSONPatch style, i.e. we don't _actually_ modify the object, but
 	// tell K8S how it should modifiy it
 	jsonBytes, err := yaml.YAMLToJSON(out.Bytes())
 	if err != nil {