feat: add kimup admission controller operator (#47)

orange-cloudavenue · Oct 15, 2024 · ef9fda6 · ef9fda6
1 parent 129ab6a
commit ef9fda6
Show file tree

Hide file tree

Showing 21 changed files with 963 additions and 440 deletions.
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
@@ -1,4 +1,4 @@
-project_name: kube-image-updater
+project_name: kimup
 version: 2
 before:
   hooks:
@@ -9,7 +9,7 @@ release:
   prerelease: auto
 
 snapshot:
-  name_template: "{{ .Tag }}"
+  version_template: "{{ .Tag }}"
 
 checksum:
   name_template: '{{ .ProjectName }}-{{ .Version }}-checksums.txt'
@@ -37,9 +37,9 @@ builds:
       - arm64
     env:
       - CGO_ENABLED=0
-  - id: "kimup-webhook"
-    binary: kimup-webhook
-    main: ./cmd/webhook
+  - id: "kimup-admission-controller"
+    binary: kimup-admission-controller
+    main: ./cmd/admission-controller
     goos:
       - linux
       - darwin
@@ -128,41 +128,41 @@ dockers:
     - --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}
     - --label=org.opencontainers.image.revision={{ .FullCommit }}
 
-  # * KIMUP-WEBHOOK
+  # * KIMUP-ADMISSION-CONTROLLER
   - goarch: amd64
     image_templates:
-    - "ghcr.io/orange-cloudavenue/{{.ProjectName}}-webhook:{{ .Version }}-amd64"
+    - "ghcr.io/orange-cloudavenue/{{.ProjectName}}-admission-controller:{{ .Version }}-amd64"
     dockerfile: Dockerfile
     use: buildx
     ids:
-      - kimup-webhook
+      - kimup-admission-controller
     build_flag_templates:
     - --platform=linux/amd64
-    - "--build-arg=BINNAME=kimup-webhook"
+    - "--build-arg=BINNAME=kimup-admission-controller"
     - --pull
-    - --label=org.opencontainers.image.title="kimup-webhook"
-    - --label=org.opencontainers.image.description="kube-image-updater-webhook"
-    - --label=org.opencontainers.image.url=https://github.com/orange-cloudavenue/{{ .ProjectName }}-webhook
-    - --label=org.opencontainers.image.source=https://github.com/orange-cloudavenue/{{ .ProjectName }}-webhook
+    - --label=org.opencontainers.image.title="kimup-admission-controller"
+    - --label=org.opencontainers.image.description="kube-image-updater-admission-controller"
+    - --label=org.opencontainers.image.url=https://github.com/orange-cloudavenue/{{ .ProjectName }}-admission-controller
+    - --label=org.opencontainers.image.source=https://github.com/orange-cloudavenue/{{ .ProjectName }}-admission-controller
     - --label=org.opencontainers.image.version={{ .Version }}
     - --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}
     - --label=org.opencontainers.image.revision={{ .FullCommit }}
 
   - goarch: arm64
     image_templates:
-    - "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-webhook:{{ .Version }}-arm64v8"
+    - "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-admission-controller:{{ .Version }}-arm64v8"
     dockerfile: Dockerfile
     use: buildx
     ids:
-      - kimup-webhook
+      - kimup-admission-controller
     build_flag_templates:
     - --platform=linux/arm64/v8
-    - "--build-arg=BINNAME=kimup-webhook"
+    - "--build-arg=BINNAME=kimup-admission-controller"
     - --pull
-    - --label=org.opencontainers.image.title="kimup-webhook"
-    - --label=org.opencontainers.image.description="kube-image-updater-webhook"
-    - --label=org.opencontainers.image.url=https://github.com/orange-cloudavenue/{{ .ProjectName }}-webhook
-    - --label=org.opencontainers.image.source=https://github.com/orange-cloudavenue/{{ .ProjectName }}-webhook
+    - --label=org.opencontainers.image.title="kimup-admission-controller"
+    - --label=org.opencontainers.image.description="kube-image-updater-admission-controller"
+    - --label=org.opencontainers.image.url=https://github.com/orange-cloudavenue/{{ .ProjectName }}-admission-controller
+    - --label=org.opencontainers.image.source=https://github.com/orange-cloudavenue/{{ .ProjectName }}-admission-controller
     - --label=org.opencontainers.image.version={{ .Version }}
     - --label=org.opencontainers.image.created={{ time "2006-01-02T15:04:05Z07:00" }}
     - --label=org.opencontainers.image.revision={{ .FullCommit }}
@@ -188,12 +188,12 @@ docker_manifests:
   - "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-operator:v{{ .Version }}-amd64"
   - "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-operator:v{{ .Version }}-arm64v8"
 
-# * KIMUP-WEBHOOK
-- name_template: "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-webhook:v{{ .Version }}"
+# * KIMUP-ADMISSION-CONTROLLER
+- name_template: "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-admission-controller:v{{ .Version }}"
   image_templates:
-  - "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-webhook:v{{ .Version }}-amd64"
-  - "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-webhook:v{{ .Version }}-arm64v8"
-- name_template: "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-webhook:latest"
+  - "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-admission-controller:v{{ .Version }}-amd64"
+  - "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-admission-controller:v{{ .Version }}-arm64v8"
+- name_template: "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-admission-controller:latest"
   image_templates:
-  - "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-webhook:v{{ .Version }}-amd64"
-  - "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-webhook:v{{ .Version }}-arm64v8"
+  - "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-admission-controller:v{{ .Version }}-amd64"
+  - "ghcr.io/orange-cloudavenue/{{ .ProjectName }}-admission-controller:v{{ .Version }}-arm64v8"
diff --git a/Makefile b/Makefile
@@ -82,11 +82,11 @@ lint-fix: golangci-lint ## Run golangci-lint linter and perform fixes
 build: manifests generate fmt vet ## Build manager binary.
 	go build -o bin/operator cmd/operator/main.go
 	go build -o bin/kimup cmd/kimup/*
-	go build -o bin/webhook cmd/webhook/*
+	go build -o bin/admission-controller cmd/admission-controller/*
 
 .PHONY: build
-build-webhook: manifests generate fmt vet
-	go build -o bin/webhook cmd/webhook/*
+build-admission-controller: manifests generate fmt vet
+	go build -o bin/admission-controller cmd/admission-controller/*
 
 .PHONY: build-kimup
 build-kimup: manifests generate fmt vet
@@ -100,9 +100,9 @@ run-operator: manifests generate fmt vet ## Run a controller from your host.
 run-kimup: manifests generate fmt vet ## Run the image updater from your host.
 	go run ./cmd/kimup
 
-.PHONY: run-webhook
-run-webhook: manifests generate fmt vet ## Run the webhook from your host.
-	go run ./cmd/webhook/
+.PHONY: run-admission-controller
+run-admission-controller: manifests generate fmt vet ## Run the admission-controller from your host.
+	go run ./cmd/admission-controller/
 
 .PHONY: run-mkdocs
 run-mkdocs: ## Run mkdocs to serve the documentation locally.

diff --git a/api/v1alpha1/kimup_types.go b/api/v1alpha1/kimup_types.go
@@ -27,11 +27,13 @@ import (
 type (
 	// KimupSpec defines the desired state of Kimup
 	KimupSpec struct {
+		// TODO add namespace and serviceaccount settings
+
 		// +kubebuilder:validation:Optional
 		Controller *KimupControllerSpec `json:"controller"`
 
 		// +kubebuilder:validation:Optional
-		Webhook *KimupWebhookSpec `json:"webhook"`
+		AdmissionController *KimupAdmissionControllerSpec `json:"admissionController"`
 	}
 
 	// ! Controller
@@ -44,17 +46,17 @@ type (
 		// Service *KimupServiceSpec `json:"service,omitempty"`
 	}
 
-	// ! Webhook
+	// ! AdmissionController
 
-	KimupWebhookSpec struct {
+	KimupAdmissionControllerSpec struct {
 		// +kubebuilder:validation:Optional
 		// +kubebuilder:default:=Deployment
 		// +kubebuilder:validation:Enum=Deployment;DaemonSet
 		DeploymentType string `json:"deploymentType,omitempty"`
 
 		// +kubebuilder:validation:Optional
 		// +kubebuilder:default:=3
-		// +kubebuilder:description: Number of replicas for the webhook deployment. (Only for Deployment)
+		// +kubebuilder:description: Number of replicas (default: 3) for the admissionController deployment. (Only for Deployment)
 		Replicas int32 `json:"replicas,omitempty"`
 
 		KimupInstanceSpec `json:",inline"`
@@ -135,6 +137,7 @@ type (
 
 		// +kubebuilder:validation:Optional
 		// +kubebuilder:description: Service account name for the Kimup pods.
+		// +kubebuilder:default:=kimup
 		ServiceAccountName string `json:"serviceAccountName,omitempty"`
 
 		// +kubebuilder:validation:Optional
@@ -170,15 +173,15 @@ type (
 	KimupStatus struct {
 		Controller KimupInstanceStatus `json:"controller,omitempty"`
 
-		Webhook KimupInstanceStatus `json:"webhook,omitempty"`
+		AdmissionController KimupInstanceStatus `json:"admissionController,omitempty"`
 	}
 
 	KimupInstanceStatus struct {
 		// Status of the Kimup Instance
 		// It can be one of the following:
 		// - "ready": The kimup instance is ready to serve requests
 		// - "resources-created": The Kimup instance resources were created but not yet configured
-		Phase string `json:"phase,omitempty"`
+		State string `json:"state,omitempty"`
 
 		// IsRollingUpdate is true if the kimup instance is being updated
 		IsRollingUpdate bool `json:"isRollingUpdate,omitempty"`
@@ -189,8 +192,8 @@ type (
 // +kubebuilder:subresource:status
 
 // Kimup is the Schema for the kimups API
-// +kubebuilder:printcolumn:name="Controller",type=string,JSONPath=`.status.controller.phase`
-// +kubebuilder:printcolumn:name="Webhook",type=string,JSONPath=`.status.webhook.phase`
+// +kubebuilder:printcolumn:name="Controller",type=string,JSONPath=`.status.controller.state`
+// +kubebuilder:printcolumn:name="AdmissionController",type=string,JSONPath=`.status.admissionController.state`
 type Kimup struct {
 	metav1.TypeMeta   `json:",inline"`
 	metav1.ObjectMeta `json:"metadata,omitempty"`

diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go
diff --git a/cmd/webhook/certificate.go → cmd/admission-controller/certificate.go b/cmd/webhook/certificate.go → cmd/admission-controller/certificate.go
diff --git a/cmd/webhook/main.go → cmd/admission-controller/main.go b/cmd/webhook/main.go → cmd/admission-controller/main.go
@@ -79,14 +79,10 @@ func main() {
 	signalChan := make(chan os.Signal, 1)
 	signal.Notify(signalChan, syscall.SIGINT, syscall.SIGTERM, syscall.SIGQUIT, syscall.SIGKILL)
 
-	// homedir for kubeconfig
-	homedir, err := os.UserHomeDir()
+	// kubernetes golang library provide flag "kubeconfig" to specify the path to the kubeconfig file
+	kubeClient, err = client.New(flag.Lookup("kubeconfig").Value.String())
 	if err != nil {
-		panic(err)
-	}
-	kubeClient, err = client.New(homedir + "/.kube/config")
-	if err != nil {
-		panic(err)
+		log.Panicf("Error creating kubeclient: %v", err)
 	}
 
 	// * Webhook server

diff --git a/cmd/webhook/webhook-configuration.go → ...ssion-controller/webhook-configuration.go b/cmd/webhook/webhook-configuration.go → ...ssion-controller/webhook-configuration.go
diff --git a/cmd/webhook/webhook.go → cmd/admission-controller/webhook.go b/cmd/webhook/webhook.go → cmd/admission-controller/webhook.go
diff --git a/cmd/kimup/main.go b/cmd/kimup/main.go
@@ -3,6 +3,7 @@ package main
 import (
 	"context"
 	"flag"
+	"net"
 	"os"
 	"os/signal"
 	"syscall"
@@ -11,7 +12,9 @@ import (
 	log "github.com/sirupsen/logrus"
 
 	"github.com/orange-cloudavenue/kube-image-updater/internal/annotations"
+	"github.com/orange-cloudavenue/kube-image-updater/internal/httpserver"
 	"github.com/orange-cloudavenue/kube-image-updater/internal/kubeclient"
+	"github.com/orange-cloudavenue/kube-image-updater/internal/models"
 	"github.com/orange-cloudavenue/kube-image-updater/internal/triggers"
 	"github.com/orange-cloudavenue/kube-image-updater/internal/utils"
 )
@@ -45,6 +48,23 @@ func main() {
 	ctx, cancel := context.WithCancel(context.Background())
 	defer cancel()
 
+	// * Config the metrics and healthz server
+	a, waitHTTP := httpserver.Init(ctx, httpserver.WithCustomHandlerForHealth(
+		func() (bool, error) {
+			// TODO improve
+			_, err := net.DialTimeout("tcp", models.HealthzDefaultAddr, 5*time.Second)
+			if err != nil {
+				return false, err
+			}
+			return true, nil
+		}))
+
+	if err := a.Run(); err != nil {
+		log.Errorf("Failed to start HTTP servers: %v", err)
+		// send signal to stop the program
+		c <- syscall.SIGINT
+	}
+
 	initScheduler(ctx, k)
 
 	go func() {
@@ -117,4 +137,5 @@ func main() {
 
 	<-c
 	cancel()
+	waitHTTP()
 }