diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 3be14dc..a2d48d2 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -1,8 +1,5 @@ name: CI -env: - VERSION_GO: '1.22' - on: pull_request: push: @@ -18,14 +15,22 @@ jobs: - uses: actions/checkout@v2 - uses: actions/setup-go@v5 with: - go-version: ${{ env.VERSION_GO }} + go-version-file: go.mod - - uses: actions/cache@v4 + - uses: engineerd/setup-kind@v0.5.0 with: - path: ~/go/pkg/mod - key: ${{ runner.os }}-go-${{ hashFiles('**/go.sum') }} - restore-keys: | - ${{ runner.os }}-go- + version: "v0.11.1" + + - name: Kubernetes Testing + run: | + kubectl cluster-info + kubectl get pods -n kube-system + echo "current-context:" $(kubectl config current-context) + echo "environment-kubeconfig:" ${KUBECONFIG} + + - name: Project Build & Check + run: make - - name: Run unit tests - run: make \ No newline at end of file + - name: Run e2e tests + run: | + make deploy diff --git a/.github/workflows/cla.yaml b/.github/workflows/cla.yaml deleted file mode 100644 index 063d4a7..0000000 --- a/.github/workflows/cla.yaml +++ /dev/null @@ -1,38 +0,0 @@ -name: "CLA Assistant" -on: - issue_comment: - types: [created] - pull_request_target: - types: [opened,closed,synchronize] -jobs: - CLAssistant: - runs-on: ubuntu-latest - steps: - - name: "CLA Assistant" - if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target' - uses: contributor-assistant/github-action@v2.4.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - # the below token should have repo scope and must be manually added by you in the repository's secret - PERSONAL_ACCESS_TOKEN : ${{ secrets.KCL_LANG_BOT_TOKEN }} - with: - path-to-document: 'https://github.com/kcl-lang/.github/blob/main/CLA.md' # e.g. a CLA or a DCO document - - # branch should not be protected - lock-pullrequest-aftermerge: True - path-to-signatures: 'signatures/version1/cla.json' - remote-organization-name: kcl-lang - remote-repository-name: cla.db - branch: 'main' - allowlist: bot* - - #below are the optional inputs - If the optional inputs are not given, then default values will be taken - #remote-organization-name: enter the remote organization name where the signatures should be stored (Default is storing the signatures in the same repository) - #remote-repository-name: enter the remote repository name where the signatures should be stored (Default is storing the signatures in the same repository) - #create-file-commit-message: 'For example: Creating file for storing CLA Signatures' - #signed-commit-message: 'For example: $contributorName has signed the CLA in #$pullRequestNo' - #custom-notsigned-prcomment: 'pull request comment with Introductory message to ask new contributors to sign' - #custom-pr-sign-comment: 'The signature to be committed in order to sign the CLA' - #custom-allsigned-prcomment: 'pull request comment when all contributors has signed, defaults to **CLA Assistant Lite bot** All Contributors have signed the CLA.' - #lock-pullrequest-aftermerge: false - if you don't want this bot to automatically lock the pull request after merging (default - true) - #use-dco-flag: true - If you are using DCO instead of CLA diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..27d3eb9 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,97 @@ +# Reference from: +# https://goreleaser.com/ci/actions/ +name: Release +on: + push: + tags: + - "v*" +permissions: + contents: write +jobs: + image-amd64: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + version: v0.11.2 + install: true + + # <--- Login, build and push image to Docker Hub ---> + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: kcllang/webhookserver + - name: Build and push Docker image + uses: docker/build-push-action@v6 + with: + context: . + platforms: linux/amd64 + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + + image-arm64: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Set up Go + uses: actions/setup-go@v5 + with: + go-version-file: go.mod + + - name: Setup QEMU + uses: docker/setup-qemu-action@v3 + with: + platforms: all + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + with: + version: v0.11.2 + install: true + + # <--- Login, build and push image to Docker Hub ---> + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + - name: Edit arm64 arch for Dockerfile + run: | + sed -i 's/ubuntu:22.04/arm64v8\/ubuntu:20.04/g' Dockerfile + sed -i 's/kcllang/kcl-arm64\/kcllang/kcl/g' Dockerfile + echo "ENV KCL_FAST_EVAL=1" >> Dockerfile + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: kcllang/webhookserver-arm64 + - name: Build and push Docker image + uses: docker/build-push-action@v6 + with: + context: . + platforms: linux/arm64 + push: ${{ github.event_name != 'pull_request' }} + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} diff --git a/Dockerfile b/Dockerfile index 46f5469..cec3d3c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,11 @@ -FROM golang:1.19 as builder +FROM --platform=${BUILDPLATFORM} golang:1.22 AS build + +# The TARGETOS and TARGETARCH args are set by docker. We set GOOS and GOARCH to +# these values to ask Go to compile a binary for these architectures. If +# TARGETOS and TARGETOS are different from BUILDPLATFORM, Go will cross compile +# for us (e.g. compile a linux/amd64 binary on a linux/arm64 build machine). +ARG TARGETOS +ARG TARGETARCH ENV GO111MODULE=on \ GOPROXY=https://goproxy.cn,direct @@ -14,7 +21,7 @@ FROM kcllang/kcl WORKDIR / COPY --from=builder /manager . -ENV KCL_GO_DISABLE_ARTIFACT=on +ENV KCL_FAST_EVAL=1 ENV LANG="en_US.UTF-8" ENTRYPOINT ["/manager"] diff --git a/Makefile b/Makefile index a5c1a97..c361e54 100644 --- a/Makefile +++ b/Makefile @@ -3,53 +3,12 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 0.0.1 - -# CHANNELS define the bundle channels used in the bundle. -# Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") -# To re-generate a bundle for other specific channels without changing the standard setup, you can: -# - use the CHANNELS as arg of the bundle target (e.g make bundle CHANNELS=candidate,fast,stable) -# - use environment variables to overwrite this value (e.g export CHANNELS="candidate,fast,stable") -ifneq ($(origin CHANNELS), undefined) -BUNDLE_CHANNELS := --channels=$(CHANNELS) -endif - -# DEFAULT_CHANNEL defines the default channel used in the bundle. -# Add a new line here if you would like to change its default config. (E.g DEFAULT_CHANNEL = "stable") -# To re-generate a bundle for any other default channel without changing the default setup, you can: -# - use the DEFAULT_CHANNEL as arg of the bundle target (e.g make bundle DEFAULT_CHANNEL=stable) -# - use environment variables to overwrite this value (e.g export DEFAULT_CHANNEL="stable") -ifneq ($(origin DEFAULT_CHANNEL), undefined) -BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) -endif -BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) - -# IMAGE_TAG_BASE defines the docker.io namespace and part of the image name for remote images. -# This variable is used to construct full image tags for bundle and catalog images. -# -# For example, running 'make bundle-build bundle-push catalog-build catalog-push' will build and push both -# my.domain/kcl-operator-bundle:$VERSION and my.domain/kcl-operator-catalog:$VERSION. -IMAGE_TAG_BASE ?= my.domain/kcl-operator - -# BUNDLE_IMG defines the image:tag used for the bundle. -# You can use it as an arg. (E.g make bundle-build BUNDLE_IMG=/:) -BUNDLE_IMG ?= $(IMAGE_TAG_BASE)-bundle:v$(VERSION) - -# BUNDLE_GEN_FLAGS are the flags passed to the operator-sdk generate bundle command -BUNDLE_GEN_FLAGS ?= -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS) - -# USE_IMAGE_DIGESTS defines if images are resolved via tags or digests -# You can enable this value if you would like to use SHA Based Digests -# To enable set flag to true -USE_IMAGE_DIGESTS ?= false -ifeq ($(USE_IMAGE_DIGESTS), true) - BUNDLE_GEN_FLAGS += --use-image-digests -endif +VERSION ?= 0.2.0 # Image URL to use all building/pushing image targets IMG ?= kcllang/webhookserver # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. -ENVTEST_K8S_VERSION = 1.28.0 +ENVTEST_K8S_VERSION = 1.30.0 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) ifeq (,$(shell go env GOBIN)) @@ -76,9 +35,6 @@ BUNDLE_DEFAULT_CHANNEL := --default-channel=$(DEFAULT_CHANNEL) endif BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL) -# Image URL to use all building/pushing image targets -IMG ?= controller:latest - WEBHOOK_NAME ?=$(shell basename -z `pwd`) # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set) @@ -186,17 +142,8 @@ ifndef ignore-not-found ignore-not-found = false endif -.PHONY: install -install: manifests kustomize ## Install CRDs into the K8s cluster specified in ~/.kube/config. - $(KUSTOMIZE) build config/crd > config/all.yaml - kubectl apply -f config/all.yaml - -.PHONY: uninstall -uninstall: manifests kustomize ## Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. - $(KUSTOMIZE) build config/crd | kubectl delete -f - - .PHONY: deploy -deploy: #manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. +deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config. cd config/webhook && $(KUSTOMIZE) edit set image controller=${IMG} $(KUSTOMIZE) build config/default > config/all.yaml kubectl apply -f config/all.yaml @@ -205,12 +152,6 @@ deploy: #manifests kustomize ## Deploy controller to the K8s cluster specified undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion. $(KUSTOMIZE) build config/default | kubectl delete --ignore-not-found=$(ignore-not-found) -f - -##@ Build Dependencies - -## Location to install dependencies to - -## Location to install dependencies and Tool Binaries - ######################################################################### # TOOLS Reference: https://github.com/kyverno/kyverno/blob/main/Makefile ######################################################################### @@ -241,6 +182,8 @@ GO_ACC := $(TOOLS_DIR)/go-acc GO_ACC_VERSION := latest GOIMPORTS := $(TOOLS_DIR)/goimports GOIMPORTS_VERSION := latest +KUSTOMIZE_VERSION := v5.4.3 +CONTROLLER_TOOLS_VERSION := v0.15.0 HELM := $(TOOLS_DIR)/helm HELM_VERSION := v3.12.3 HELM_DOCS := $(TOOLS_DIR)/helm-docs @@ -309,26 +252,11 @@ $(HELM_DOCS): @echo Install helm-docs... >&2 @GOBIN=$(TOOLS_DIR) go install github.com/norwoodj/helm-docs/cmd/helm-docs@$(HELM_DOCS_VERSION) -## Tool Versions -KUSTOMIZE_VERSION ?= v3.8.7 -CONTROLLER_TOOLS_VERSION ?= v0.15.0 - -KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh" .PHONY: kustomize -kustomize: -ifeq (, $(shell which kustomize)) - @{ \ - set -e ;\ - KUSTOMIZE_GEN_TMP_DIR=$$(mktemp -d) ;\ - cd $$KUSTOMIZE_GEN_TMP_DIR ;\ - go mod init tmp ;\ - go get sigs.k8s.io/kustomize/kustomize/v3@v3.5.4 ;\ - rm -rf $$KUSTOMIZE_GEN_TMP_DIR ;\ - } -KUSTOMIZE=$(GOBIN)/kustomize -else -KUSTOMIZE=$(shell which kustomize) -endif +kustomize: $(KUSTOMIZE) +$(KUSTOMIZE): $(LOCALBIN) + test -s $(LOCALBIN)/kustomize && $(LOCALBIN)/kustomize version | grep -q $(KUSTOMIZE_VERSION) || \ + GOBIN=$(LOCALBIN) go install sigs.k8s.io/kustomize/kustomize/v5@$(KUSTOMIZE_VERSION) .PHONY: controller-gen controller-gen: $(CONTROLLER_GEN) ## Download controller-gen locally if necessary. If wrong version is installed, it will be overwritten. diff --git a/api/kclrun/v1alpha1/zz_generated.deepcopy.go b/api/kclrun/v1alpha1/zz_generated.deepcopy.go index c5447e1..36d7cfb 100644 --- a/api/kclrun/v1alpha1/zz_generated.deepcopy.go +++ b/api/kclrun/v1alpha1/zz_generated.deepcopy.go @@ -1,5 +1,4 @@ //go:build !ignore_autogenerated -// +build !ignore_autogenerated /* Copyright 2023. diff --git a/config/all.yaml b/config/all.yaml index 9f161d1..1a77914 100644 --- a/config/all.yaml +++ b/config/all.yaml @@ -125,15 +125,15 @@ data: kind: Secret metadata: creationTimestamp: null - name: pod-annotate-webhook-certs + name: kcl-operator-webhook-certs namespace: default --- apiVersion: v1 kind: Service metadata: labels: - app: pod-annotate-webhook - name: pod-annotate-webhook + app: kcl-operator-webhook + name: kcl-operator-webhook namespace: default spec: ports: @@ -141,24 +141,24 @@ spec: protocol: TCP targetPort: 8081 selector: - app: pod-annotate-webhook + app: kcl-operator-webhook --- apiVersion: apps/v1 kind: Deployment metadata: labels: - app: pod-annotate-webhook - name: pod-annotate-webhook + app: kcl-operator-webhook + name: kcl-operator-webhook namespace: default spec: replicas: 1 selector: matchLabels: - app: pod-annotate-webhook + app: kcl-operator-webhook template: metadata: labels: - app: pod-annotate-webhook + app: kcl-operator-webhook spec: containers: - args: @@ -167,7 +167,7 @@ spec: - -addr=:8081 image: kcllang/webhookserver imagePullPolicy: Always - name: pod-annotate-webhook + name: kcl-operator-webhook volumeMounts: - mountPath: /etc/webhook/certs name: webhook-certs @@ -175,25 +175,25 @@ spec: volumes: - name: webhook-certs secret: - secretName: pod-annotate-webhook-certs + secretName: kcl-operator-webhook-certs --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: labels: - app: pod-annotate-webhook + app: kcl-operator-webhook kind: mutator - name: pod-annotate-webhook + name: kcl-operator-webhook webhooks: - admissionReviewVersions: - v1beta1 clientConfig: caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ1akNDQXM2Z0F3SUJBZ0lVSk03UjJPZ1JpcUN4dGZpaDRhZHpMbnF3aTVJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZTXhDekFKQmdOVkJBWVRBa05PTVJBd0RnWURWUVFJRXdkQ1pXbHFhVzVuTVJBd0RnWURWUVFIRXdkQwpaV2xxYVc1bk1SUXdFZ1lEVlFRS0V3dFZibWwwWldSVGRHRmphekVQTUEwR0ExVUVDeE1HUkdWMmIzQnpNU2t3Ckp3WURWUVFERXlCd2IyUXRZVzV1YjNSaGRHVXRkMlZpYUc5dmF5NWtaV1poZFd4MExuTjJZekFnRncweU16QTQKTXpFd01qVXdNemRhR0E4ek1ESXpNREV3TVRBeU5UQXpOMW93Z1lNeEN6QUpCZ05WQkFZVEFrTk9NUkF3RGdZRApWUVFJRXdkQ1pXbHFhVzVuTVJBd0RnWURWUVFIRXdkQ1pXbHFhVzVuTVJRd0VnWURWUVFLRXd0VmJtbDBaV1JUCmRHRmphekVQTUEwR0ExVUVDeE1HUkdWMmIzQnpNU2t3SndZRFZRUURFeUJ3YjJRdFlXNXViM1JoZEdVdGQyVmkKYUc5dmF5NWtaV1poZFd4MExuTjJZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQgpBTXVrYTFBS0tYNko2UWhrQmQ2clNyRzh0a3ZsbG5lcW5PTE5ya0FZMGV0VXNtS3hlZnJoYUhjNlhjdTJYcGFZCitGRWxTeEU0ZGNKa09YWmpGTDg4c3RleXRqOWFHaG5uOHN3WnozMWFNUU5iMWJERjIvTTdVWm16bjVKdG1IV2MKKzdnUUJORDN5Myt6SFZyaWNYVnNxb2ppSFhoN0huUC8vVlRNellrTUhtUk9ER0ZZTUlRVmowcDl3VFVYMnE3NQphSS9zMTY2Vi9CRURIbHNlc29SbnVjU0h4R2JtMzF3TnNQSFQzOWpIRHEvV3AvNytzNnpjT3hZekt1MzdIOWN1CkIycDhRNUp6NWdtazFuU01JZU1rUGhveStWUXYrRHR2TnNnN2tWOGhvTERKOWdBdW5obDFUbVNLQmU2elM1SUsKS3RaWFNENE1NQjc3VC9CTXBmU3VLQ01DQXdFQUFhTk9NRXd3S3dZRFZSMFJCQ1F3SW9JZ2NHOWtMV0Z1Ym05MApZWFJsTFhkbFltaHZiMnN1WkdWbVlYVnNkQzV6ZG1Nd0hRWURWUjBPQkJZRUZMZGgycnVhYjAxSERSN2xGWlBHClRUbEU1ZXg0TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFESEJONmNNdmZ1OTJpWjZEM1ZLUDdFbnIzWHF4cXYKUE9CdTdMRnlxRVBySlZ4L2E0ME5zUXQzYlk4NWUzOXM5aERHRklYcTVwcXpQRFl3WUxnUW8za2IyVjJCVVVmcwpBZmtjVE9DbExsK3dDK2kzTm9mZzNLZC9CckUxelRhUGc1UmFkRU5HUVZmbjZ6a3NYNEVBaXJhUmdhVW9uQmFPCk5WdUFLZ1phSVovUXJjQ1RjSGZMNC9yeVNWT0hTSzRZa05RWFVWZnhscGJCaU9HRUg3N2NqS3g2eEpjSHZTYnoKVXJtZlFHQ25IS25aWUJhSVJ2ZTErWGtEbEllUkFlTlB1SWh2YjRKZm0yNmxYbnFVcXpoeEd4b29wQi81eHN6NwoyeEpmWFdwdzhVZWpudGYxRzRIYytyVStJL1dnRnM2WTRFb3pTUzVKOWtCVHNYSkdFb011cVFhbAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== service: - name: pod-annotate-webhook + name: kcl-operator-webhook namespace: default path: /mutate - name: pod-annotate-webhook.slok.dev + name: kcl-operator-webhook.slok.dev rules: - apiGroups: - "" diff --git a/config/webhook/manifests.yaml b/config/webhook/manifests.yaml index b3def97..d298a0c 100644 --- a/config/webhook/manifests.yaml +++ b/config/webhook/manifests.yaml @@ -12,7 +12,7 @@ webhooks: namespace: system path: /mutate failurePolicy: Fail - name: pod-annotate-webhook.slok.dev + name: kcl-operator-webhook.slok.dev rules: - apiGroups: - "" diff --git a/config/webhook/webhook-certs.yaml b/config/webhook/webhook-certs.yaml index bf9837e..72802a2 100644 --- a/config/webhook/webhook-certs.yaml +++ b/config/webhook/webhook-certs.yaml @@ -5,4 +5,4 @@ data: kind: Secret metadata: creationTimestamp: null - name: pod-annotate-webhook-certs + name: kcl-operator-webhook-certs diff --git a/config/webhook/webhook-registration.yaml b/config/webhook/webhook-registration.yaml index 7cffb75..761bed3 100644 --- a/config/webhook/webhook-registration.yaml +++ b/config/webhook/webhook-registration.yaml @@ -1,15 +1,15 @@ apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: - name: pod-annotate-webhook + name: kcl-operator-webhook labels: - app: pod-annotate-webhook + app: kcl-operator-webhook kind: mutator webhooks: - - name: pod-annotate-webhook.slok.dev + - name: kcl-operator-webhook.slok.dev clientConfig: service: - name: pod-annotate-webhook + name: kcl-operator-webhook namespace: default path: "/mutate" caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ1akNDQXM2Z0F3SUJBZ0lVSk03UjJPZ1JpcUN4dGZpaDRhZHpMbnF3aTVJd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2dZTXhDekFKQmdOVkJBWVRBa05PTVJBd0RnWURWUVFJRXdkQ1pXbHFhVzVuTVJBd0RnWURWUVFIRXdkQwpaV2xxYVc1bk1SUXdFZ1lEVlFRS0V3dFZibWwwWldSVGRHRmphekVQTUEwR0ExVUVDeE1HUkdWMmIzQnpNU2t3Ckp3WURWUVFERXlCd2IyUXRZVzV1YjNSaGRHVXRkMlZpYUc5dmF5NWtaV1poZFd4MExuTjJZekFnRncweU16QTQKTXpFd01qVXdNemRhR0E4ek1ESXpNREV3TVRBeU5UQXpOMW93Z1lNeEN6QUpCZ05WQkFZVEFrTk9NUkF3RGdZRApWUVFJRXdkQ1pXbHFhVzVuTVJBd0RnWURWUVFIRXdkQ1pXbHFhVzVuTVJRd0VnWURWUVFLRXd0VmJtbDBaV1JUCmRHRmphekVQTUEwR0ExVUVDeE1HUkdWMmIzQnpNU2t3SndZRFZRUURFeUJ3YjJRdFlXNXViM1JoZEdVdGQyVmkKYUc5dmF5NWtaV1poZFd4MExuTjJZekNDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQgpBTXVrYTFBS0tYNko2UWhrQmQ2clNyRzh0a3ZsbG5lcW5PTE5ya0FZMGV0VXNtS3hlZnJoYUhjNlhjdTJYcGFZCitGRWxTeEU0ZGNKa09YWmpGTDg4c3RleXRqOWFHaG5uOHN3WnozMWFNUU5iMWJERjIvTTdVWm16bjVKdG1IV2MKKzdnUUJORDN5Myt6SFZyaWNYVnNxb2ppSFhoN0huUC8vVlRNellrTUhtUk9ER0ZZTUlRVmowcDl3VFVYMnE3NQphSS9zMTY2Vi9CRURIbHNlc29SbnVjU0h4R2JtMzF3TnNQSFQzOWpIRHEvV3AvNytzNnpjT3hZekt1MzdIOWN1CkIycDhRNUp6NWdtazFuU01JZU1rUGhveStWUXYrRHR2TnNnN2tWOGhvTERKOWdBdW5obDFUbVNLQmU2elM1SUsKS3RaWFNENE1NQjc3VC9CTXBmU3VLQ01DQXdFQUFhTk9NRXd3S3dZRFZSMFJCQ1F3SW9JZ2NHOWtMV0Z1Ym05MApZWFJsTFhkbFltaHZiMnN1WkdWbVlYVnNkQzV6ZG1Nd0hRWURWUjBPQkJZRUZMZGgycnVhYjAxSERSN2xGWlBHClRUbEU1ZXg0TUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFESEJONmNNdmZ1OTJpWjZEM1ZLUDdFbnIzWHF4cXYKUE9CdTdMRnlxRVBySlZ4L2E0ME5zUXQzYlk4NWUzOXM5aERHRklYcTVwcXpQRFl3WUxnUW8za2IyVjJCVVVmcwpBZmtjVE9DbExsK3dDK2kzTm9mZzNLZC9CckUxelRhUGc1UmFkRU5HUVZmbjZ6a3NYNEVBaXJhUmdhVW9uQmFPCk5WdUFLZ1phSVovUXJjQ1RjSGZMNC9yeVNWT0hTSzRZa05RWFVWZnhscGJCaU9HRUg3N2NqS3g2eEpjSHZTYnoKVXJtZlFHQ25IS25aWUJhSVJ2ZTErWGtEbEllUkFlTlB1SWh2YjRKZm0yNmxYbnFVcXpoeEd4b29wQi81eHN6NwoyeEpmWFdwdzhVZWpudGYxRzRIYytyVStJL1dnRnM2WTRFb3pTUzVKOWtCVHNYSkdFb011cVFhbAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== diff --git a/config/webhook/webhook.yaml b/config/webhook/webhook.yaml index 459b8bc..ac1e115 100644 --- a/config/webhook/webhook.yaml +++ b/config/webhook/webhook.yaml @@ -1,21 +1,21 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: pod-annotate-webhook + name: kcl-operator-webhook labels: - app: pod-annotate-webhook + app: kcl-operator-webhook spec: replicas: 1 selector: matchLabels: - app: pod-annotate-webhook + app: kcl-operator-webhook template: metadata: labels: - app: pod-annotate-webhook + app: kcl-operator-webhook spec: containers: - - name: pod-annotate-webhook + - name: kcl-operator-webhook image: kcllang/webhookserver imagePullPolicy: Always args: @@ -29,18 +29,18 @@ spec: volumes: - name: webhook-certs secret: - secretName: pod-annotate-webhook-certs + secretName: kcl-operator-webhook-certs --- apiVersion: v1 kind: Service metadata: - name: pod-annotate-webhook + name: kcl-operator-webhook labels: - app: pod-annotate-webhook + app: kcl-operator-webhook spec: ports: - port: 443 protocol: TCP targetPort: 8081 selector: - app: pod-annotate-webhook + app: kcl-operator-webhook diff --git a/main.go b/main.go index c9cc9a2..30f6598 100644 --- a/main.go +++ b/main.go @@ -31,6 +31,7 @@ import ( clientconfig "sigs.k8s.io/controller-runtime/pkg/client/config" "sigs.k8s.io/controller-runtime/pkg/manager" + "kcl-lang.io/kcl-go/pkg/env" krmkcldevv1alpha1 "kcl-lang.io/kcl-operator/api/kclrun/v1alpha1" "kcl-lang.io/kcl-operator/pkg/webhook/handler" @@ -64,6 +65,9 @@ var ( ) func init() { + // Enable the KCL fast eval mode + env.EnableFastEvalMode() + // Register Kubernetes schemes utilruntime.Must(clientgoscheme.AddToScheme(scheme)) utilruntime.Must(krmkcldevv1alpha1.AddToScheme(scheme)) //+kubebuilder:scaffold:scheme diff --git a/pkg/webhook/handler/mutation.go b/pkg/webhook/handler/mutation.go index 8f04e94..079b4ed 100644 --- a/pkg/webhook/handler/mutation.go +++ b/pkg/webhook/handler/mutation.go @@ -22,7 +22,7 @@ import ( //+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns/status,verbs=get;update;patch //+kubebuilder:rbac:groups=krm.kcl.dev,resources=kclruns/finalizers,verbs=update -//+kubebuilder:webhook:admissionReviewVersions=v1beta1,path=/mutate,mutating=true,failurePolicy=fail,groups="",resources=pods,verbs=create;update,versions=v1,sideEffects=none,name=pod-annotate-webhook.slok.dev +//+kubebuilder:webhook:admissionReviewVersions=v1beta1,path=/mutate,mutating=true,failurePolicy=fail,groups="",resources=pods,verbs=create;update,versions=v1,sideEffects=none,name=kcl-operator-webhook.slok.dev // MutationHandler validates Kubernetes resources using the KCL source. type MutationHandler struct {