diff --git a/Makefile b/Makefile index 828a38f61..878ba3a06 100644 --- a/Makefile +++ b/Makefile @@ -63,7 +63,7 @@ manifests: controller-gen kustomize yq ## Generate WebhookConfiguration, Cluster mkdir -p charts/moco/templates/generated/crds/ $(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases $(KUSTOMIZE) build config/crd -o config/crd/tests # Outputs static CRDs for use with Envtest. - $(KUSTOMIZE) build config/kustomize-to-helm/overlays/templates | $(YQ) e ". | del(select(.kind==\"ValidatingAdmissionPolicy\" or .kind==\"ValidatingAdmissionPolicyBinding\").metadata.namespace)" - > charts/moco/templates/generated/generated.yaml # Manually remove namespaces because the API version supported by kustomize is out of date. + $(KUSTOMIZE) build config/kustomize-to-helm/overlays/templates | $(YQ) e "." - > charts/moco/templates/generated/generated.yaml echo '{{- if .Values.crds.enabled }}' > charts/moco/templates/generated/crds/moco_crds.yaml $(KUSTOMIZE) build config/kustomize-to-helm/overlays/crds | $(YQ) e "." - >> charts/moco/templates/generated/crds/moco_crds.yaml echo '{{- end }}' >> charts/moco/templates/generated/crds/moco_crds.yaml diff --git a/charts/moco/templates/_helpers.tpl b/charts/moco/templates/_helpers.tpl index 58dddc5af..e98b299b6 100644 --- a/charts/moco/templates/_helpers.tpl +++ b/charts/moco/templates/_helpers.tpl @@ -23,14 +23,3 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} - -{{/* -Return the appropriate apiVersion for admissionregistration. -*/}} -{{- define "admissionregistration.apiVersion" -}} -{{- if (lt (int .Capabilities.KubeVersion.Minor) 30) -}} -admissionregistration.k8s.io/v1beta1 -{{- else -}} -admissionregistration.k8s.io/v1 -{{- end }} -{{- end }} diff --git a/charts/moco/templates/generated/generated.yaml b/charts/moco/templates/generated/generated.yaml index a51b0cbd2..c37055d1b 100644 --- a/charts/moco/templates/generated/generated.yaml +++ b/charts/moco/templates/generated/generated.yaml @@ -372,7 +372,7 @@ spec: app.kubernetes.io/component: moco-controller app.kubernetes.io/name: '{{ include "moco.name" . }}' --- -apiVersion: '{{ include "admissionregistration.apiVersion" . }}' +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingAdmissionPolicy metadata: labels: @@ -381,6 +381,7 @@ metadata: app.kubernetes.io/version: '{{ .Chart.AppVersion }}' helm.sh/chart: '{{ include "moco.chart" . }}' name: moco-delete-validator + namespace: '{{ .Release.Namespace }}' spec: failurePolicy: Fail matchConstraints: @@ -400,7 +401,7 @@ spec: !(oldObject.metadata.annotations["moco.cybozu.com/prevent-delete"] == "true") messageExpression: oldObject.metadata.name + ' is protected from deletion' --- -apiVersion: '{{ include "admissionregistration.apiVersion" . }}' +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingAdmissionPolicyBinding metadata: labels: @@ -409,6 +410,7 @@ metadata: app.kubernetes.io/version: '{{ .Chart.AppVersion }}' helm.sh/chart: '{{ include "moco.chart" . }}' name: moco-delete-validator + namespace: '{{ .Release.Namespace }}' spec: policyName: moco-delete-validator validationActions: diff --git a/config/kustomize-to-helm/overlays/templates/kustomization.yaml b/config/kustomize-to-helm/overlays/templates/kustomization.yaml index 2943a26b8..296f59960 100644 --- a/config/kustomize-to-helm/overlays/templates/kustomization.yaml +++ b/config/kustomize-to-helm/overlays/templates/kustomization.yaml @@ -14,14 +14,3 @@ patchesStrategicMerge: transformers: - label-transformer.yaml - -patches: - - target: - group: admissionregistration.k8s.io - version: v1beta1 - kind: 'ValidatingAdmissionPolicy|ValidatingAdmissionPolicyBinding' - name: '.*' - patch: |- - - op: replace - path: "/apiVersion" - value: '{{ include "admissionregistration.apiVersion" . }}' diff --git a/config/webhook/validate_preventdelete.yaml b/config/webhook/validate_preventdelete.yaml index a5ab99aa4..5af93557d 100644 --- a/config/webhook/validate_preventdelete.yaml +++ b/config/webhook/validate_preventdelete.yaml @@ -1,4 +1,4 @@ -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingAdmissionPolicy metadata: name: delete-validator @@ -17,7 +17,7 @@ spec: !(oldObject.metadata.annotations["moco.cybozu.com/prevent-delete"] == "true") messageExpression: oldObject.metadata.name + ' is protected from deletion' --- -apiVersion: admissionregistration.k8s.io/v1beta1 +apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingAdmissionPolicyBinding metadata: name: delete-validator diff --git a/e2e/kind-config.yaml b/e2e/kind-config.yaml index b6dc40763..c61aead9f 100644 --- a/e2e/kind-config.yaml +++ b/e2e/kind-config.yaml @@ -1,9 +1,5 @@ apiVersion: kind.x-k8s.io/v1alpha4 kind: Cluster -featureGates: - ValidatingAdmissionPolicy: true -runtimeConfig: - admissionregistration.k8s.io/v1beta1: true nodes: - role: control-plane - role: worker diff --git a/e2e/kind-config_actions.yaml b/e2e/kind-config_actions.yaml index 7cde60a85..1c7ee2e24 100644 --- a/e2e/kind-config_actions.yaml +++ b/e2e/kind-config_actions.yaml @@ -1,9 +1,5 @@ apiVersion: kind.x-k8s.io/v1alpha4 kind: Cluster -featureGates: - ValidatingAdmissionPolicy: true -runtimeConfig: - admissionregistration.k8s.io/v1beta1: true nodes: - role: control-plane - role: worker