stop to generate crd webhooks patches and cainjetions for any CRD/API…

… and projects without webhooks At present, we scaffold config/crd/patches, kustomizations, and CA injections for every CRD, irrespective of whether webhooks are enabled in the project or not. However, these configurations are only relevant and valid if the project has webhooks. Consequently, for projects without webhooks, this leads to failures as documented in kubebuilder pull request #3585. To address this, we are now introducing a test to ensure that projects without enabled webhooks function correctly and as anticipated. Signed-off-by: Camila Macedo <7708031+camilamacedo86@users.noreply.github.com> Co-authored-by: lowang-bh <lhui_wang@163.com>
kubernetes-sigs · Oct 1, 2023 · c8e81ac · c8e81ac
1 parent 87c2b2b
commit c8e81ac
Show file tree

Hide file tree

Showing 38 changed files with 163 additions and 404 deletions.
diff --git a/docs/book/src/component-config-tutorial/testdata/project/config/crd/kustomization.yaml b/docs/book/src/component-config-tutorial/testdata/project/config/crd/kustomization.yaml
@@ -16,6 +16,8 @@ patches:
 #- path: patches/cainjection_in_projectconfigs.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
+# [WEBHOOK] To enable webhook, uncomment the following section
 # the following config is for teaching kustomize how to do kustomization for CRDs.
-configurations:
-- kustomizeconfig.yaml
+
+#configurations:
+#- kustomizeconfig.yaml
diff --git a/...nt-config-tutorial/testdata/project/config/crd/patches/cainjection_in_projectconfigs.yaml b/...nt-config-tutorial/testdata/project/config/crd/patches/cainjection_in_projectconfigs.yaml
diff --git a/...ponent-config-tutorial/testdata/project/config/crd/patches/webhook_in_projectconfigs.yaml b/...ponent-config-tutorial/testdata/project/config/crd/patches/webhook_in_projectconfigs.yaml
diff --git a/docs/book/src/cronjob-tutorial/testdata/project/config/crd/kustomization.yaml b/docs/book/src/cronjob-tutorial/testdata/project/config/crd/kustomization.yaml
@@ -16,6 +16,8 @@ patches:
 - path: patches/cainjection_in_cronjobs.yaml
 #+kubebuilder:scaffold:crdkustomizecainjectionpatch
 
+# [WEBHOOK] To enable webhook, uncomment the following section
 # the following config is for teaching kustomize how to do kustomization for CRDs.
+
 configurations:
 - kustomizeconfig.yaml
diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/api.go b/pkg/plugins/common/kustomize/v2/scaffolds/api.go
@@ -19,14 +19,13 @@ package scaffolds
 import (
 	"fmt"
 
-	log "github.com/sirupsen/logrus"
+	"sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd"
 
+	log "github.com/sirupsen/logrus"
 	"sigs.k8s.io/kubebuilder/v3/pkg/config"
 	"sigs.k8s.io/kubebuilder/v3/pkg/machinery"
 	"sigs.k8s.io/kubebuilder/v3/pkg/model/resource"
 	"sigs.k8s.io/kubebuilder/v3/pkg/plugins"
-	"sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd"
-	"sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches"
 	"sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/rbac"
 	"sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/samples"
 )
@@ -76,8 +75,6 @@ func (s *apiScaffolder) Scaffold() error {
 			&samples.CRDSample{Force: s.force},
 			&rbac.CRDEditorRole{},
 			&rbac.CRDViewerRole{},
-			&patches.EnableWebhookPatch{},
-			&patches.EnableCAInjectionPatch{},
 			&crd.Kustomization{},
 			&crd.KustomizeConfig{},
 		); err != nil {

diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomization.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomization.go
@@ -125,7 +125,9 @@ patches:
 # patches here are for enabling the CA injection for each CRD
 %s
 
+# [WEBHOOK] To enable webhook, uncomment the following section
 # the following config is for teaching kustomize how to do kustomization for CRDs.
-configurations:
-- kustomizeconfig.yaml
+
+#configurations:
+#- kustomizeconfig.yaml
 `
diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomizeconfig.go b/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/kustomizeconfig.go
@@ -48,23 +48,15 @@ nameReference:
   version: v1
   fieldSpecs:
   - kind: CustomResourceDefinition
-    version: {{ .Resource.API.CRDVersion }}
+    version: v1
     group: apiextensions.k8s.io
-    {{- if ne .Resource.API.CRDVersion "v1" }}
-    path: spec/conversion/webhookClientConfig/service/name
-    {{- else }}
     path: spec/conversion/webhook/clientConfig/service/name
-    {{- end }}
 
 namespace:
 - kind: CustomResourceDefinition
-  version: {{ .Resource.API.CRDVersion }}
+  version: v1
   group: apiextensions.k8s.io
-  {{- if ne .Resource.API.CRDVersion "v1" }}
-  path: spec/conversion/webhookClientConfig/service/namespace
-  {{- else }}
   path: spec/conversion/webhook/clientConfig/service/namespace
-  {{- end }}
   create: false
 
 varReference:

diff --git a/...n/kustomize/v2/scaffolds/internal/templates/config/crd/patches/enablecainjection_patch.go b/...n/kustomize/v2/scaffolds/internal/templates/config/crd/patches/enablecainjection_patch.go
@@ -49,10 +49,7 @@ func (f *EnableCAInjectionPatch) SetTemplateDefaults() error {
 
 //nolint:lll
 const enableCAInjectionPatchTemplate = `# The following patch adds a directive for certmanager to inject CA into the CRD
-{{- if ne .Resource.API.CRDVersion "v1" }}
-# CRD conversion requires k8s 1.13 or later.
-{{- end }}
-apiVersion: apiextensions.k8s.io/{{ .Resource.API.CRDVersion }}
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:

diff --git a/...ommon/kustomize/v2/scaffolds/internal/templates/config/crd/patches/enablewebhook_patch.go b/...ommon/kustomize/v2/scaffolds/internal/templates/config/crd/patches/enablewebhook_patch.go
@@ -49,30 +49,19 @@ func (f *EnableWebhookPatch) SetTemplateDefaults() error {
 }
 
 const enableWebhookPatchTemplate = `# The following patch enables a conversion webhook for the CRD
-{{- if ne .Resource.API.CRDVersion "v1" }}
-# CRD conversion requires k8s 1.13 or later.
-{{- end }}
-apiVersion: apiextensions.k8s.io/{{ .Resource.API.CRDVersion }}
+apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   name: {{ .Resource.Plural }}.{{ .Resource.QualifiedGroup }}
 spec:
   conversion:
     strategy: Webhook
-    {{- if ne .Resource.API.CRDVersion "v1" }}
-    webhookClientConfig:
-      service:
-        namespace: system
-        name: webhook-service
-        path: /convert
-    {{- else }}
     webhook:
       clientConfig:
         service:
           namespace: system
           name: webhook-service
           path: /convert
       conversionReviewVersions:
-      - {{ .Resource.API.CRDVersion }}
-    {{- end }}
+      - v1
 `
diff --git a/pkg/plugins/common/kustomize/v2/scaffolds/webhook.go b/pkg/plugins/common/kustomize/v2/scaffolds/webhook.go
@@ -19,9 +19,9 @@ package scaffolds
 import (
 	"fmt"
 
-	pluginutil "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util"
-
 	log "github.com/sirupsen/logrus"
+	pluginutil "sigs.k8s.io/kubebuilder/v3/pkg/plugin/util"
+	"sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches"
 
 	"sigs.k8s.io/kubebuilder/v3/pkg/config"
 	"sigs.k8s.io/kubebuilder/v3/pkg/machinery"
@@ -71,6 +71,21 @@ func (s *webhookScaffolder) Scaffold() error {
 		return fmt.Errorf("error updating resource: %w", err)
 	}
 
+	if err := scaffold.Execute(
+		&kdefault.WebhookCAInjectionPatch{},
+		&kdefault.ManagerWebhookPatch{},
+		&webhook.Kustomization{Force: s.force},
+		&webhook.KustomizeConfig{},
+		&webhook.Service{},
+		&certmanager.Certificate{},
+		&certmanager.Kustomization{},
+		&certmanager.KustomizeConfig{},
+		&patches.EnableWebhookPatch{},
+		&patches.EnableCAInjectionPatch{},
+	); err != nil {
+		return fmt.Errorf("error scaffolding kustomize webhook manifests: %v", err)
+	}
+
 	kustomizeFilePath := "config/default/kustomization.yaml"
 	err := pluginutil.UncommentCode(kustomizeFilePath, "#- ../webhook", `#`)
 	if err != nil {
@@ -100,17 +115,13 @@ func (s *webhookScaffolder) Scaffold() error {
 		}
 	}
 
-	if err := scaffold.Execute(
-		&kdefault.WebhookCAInjectionPatch{},
-		&kdefault.ManagerWebhookPatch{},
-		&webhook.Kustomization{Force: s.force},
-		&webhook.KustomizeConfig{},
-		&webhook.Service{},
-		&certmanager.Certificate{},
-		&certmanager.Kustomization{},
-		&certmanager.KustomizeConfig{},
-	); err != nil {
-		return fmt.Errorf("error scaffolding kustomize webhook manifests: %v", err)
+	err = pluginutil.UncommentCode(crdKustomizationsFilePath, "#configurations:\n#- kustomizeconfig.yaml", `#`)
+	if err != nil {
+		hasWebHookUncommented, err := pluginutil.HasFragment(crdKustomizationsFilePath, "- kustomizeconfig.yaml")
+		if !hasWebHookUncommented || err != nil {
+			log.Errorf("Unable to find the target(s) #configurations:\n#- kustomizeconfig.yaml to uncomment in the file "+
+				"%s.", crdKustomizationsFilePath)
+		}
 	}
 
 	return nil

diff --git a/test/e2e/v4/generate_test.go b/test/e2e/v4/generate_test.go
@@ -33,20 +33,63 @@ import (
 	"sigs.k8s.io/kubebuilder/v3/test/e2e/utils"
 )
 
-// GenerateV4 implements a go/v4(-alpha) plugin project defined by a TestContext.
+// GenerateV4 implements a go/v4 plugin project defined by a TestContext.
 func GenerateV4(kbc *utils.TestContext) {
-	var err error
+	initingTheProject(kbc)
+	creatingAPI(kbc)
 
-	By("initializing a project")
-	err = kbc.Init(
-		"--plugins", "go/v4",
-		"--project-version", "3",
-		"--domain", kbc.Domain,
+	By("scaffolding mutating and validating webhooks")
+	err := kbc.CreateWebhook(
+		"--group", kbc.Group,
+		"--version", kbc.Version,
+		"--kind", kbc.Kind,
+		"--defaulting",
+		"--programmatic-validation",
 	)
 	ExpectWithOffset(1, err).NotTo(HaveOccurred())
 
+	By("implementing the mutating and validating webhooks")
+	err = pluginutil.ImplementWebhooks(filepath.Join(
+		kbc.Dir, "api", kbc.Version,
+		fmt.Sprintf("%s_webhook.go", strings.ToLower(kbc.Kind))))
+	ExpectWithOffset(1, err).NotTo(HaveOccurred())
+
+	ExpectWithOffset(1, pluginutil.UncommentCode(
+		filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
+		"#- ../certmanager", "#")).To(Succeed())
+	ExpectWithOffset(1, pluginutil.UncommentCode(
+		filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
+		"#- ../prometheus", "#")).To(Succeed())
+	ExpectWithOffset(1, pluginutil.UncommentCode(
+		filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
+		"#- webhookcainjection_patch.yaml", "#")).To(Succeed())
+	ExpectWithOffset(1, pluginutil.UncommentCode(filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
+		certManagerTarget, "#")).To(Succeed())
+
+	if kbc.IsRestricted {
+		By("uncomment kustomize files to ensure that pods are restricted")
+		uncommentPodStandards(kbc)
+	}
+}
+
+// GenerateV4WithoutWebhooks implements a go/v4 plugin with APIs and enable Prometheus and CertManager
+func GenerateV4WithoutWebhooks(kbc *utils.TestContext) {
+	initingTheProject(kbc)
+	creatingAPI(kbc)
+
+	ExpectWithOffset(1, pluginutil.UncommentCode(
+		filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
+		"#- ../prometheus", "#")).To(Succeed())
+
+	if kbc.IsRestricted {
+		By("uncomment kustomize files to ensure that pods are restricted")
+		uncommentPodStandards(kbc)
+	}
+}
+
+func creatingAPI(kbc *utils.TestContext) {
 	By("creating API definition")
-	err = kbc.CreateAPI(
+	err := kbc.CreateAPI(
 		"--group", kbc.Group,
 		"--version", kbc.Version,
 		"--kind", kbc.Kind,
@@ -65,34 +108,20 @@ func GenerateV4(kbc *utils.TestContext) {
 		`	// +optional
 Count int `+"`"+`json:"count,omitempty"`+"`"+`
 `)).Should(Succeed())
+}
 
-	By("scaffolding mutating and validating webhooks")
-	err = kbc.CreateWebhook(
-		"--group", kbc.Group,
-		"--version", kbc.Version,
-		"--kind", kbc.Kind,
-		"--defaulting",
-		"--programmatic-validation",
+func initingTheProject(kbc *utils.TestContext) {
+	By("initializing a project")
+	err := kbc.Init(
+		"--plugins", "go/v4",
+		"--project-version", "3",
+		"--domain", kbc.Domain,
 	)
 	ExpectWithOffset(1, err).NotTo(HaveOccurred())
+}
 
-	By("implementing the mutating and validating webhooks")
-	err = pluginutil.ImplementWebhooks(filepath.Join(
-		kbc.Dir, "api", kbc.Version,
-		fmt.Sprintf("%s_webhook.go", strings.ToLower(kbc.Kind))))
-	ExpectWithOffset(1, err).NotTo(HaveOccurred())
-
-	ExpectWithOffset(1, pluginutil.UncommentCode(
-		filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
-		"#- ../certmanager", "#")).To(Succeed())
-	ExpectWithOffset(1, pluginutil.UncommentCode(
-		filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
-		"#- ../prometheus", "#")).To(Succeed())
-	ExpectWithOffset(1, pluginutil.UncommentCode(
-		filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
-		"#- webhookcainjection_patch.yaml", "#")).To(Succeed())
-	ExpectWithOffset(1, pluginutil.UncommentCode(filepath.Join(kbc.Dir, "config", "default", "kustomization.yaml"),
-		`#replacements:
+//nolint:lll
+const certManagerTarget = `#replacements:
 #  - source: # Add cert-manager annotation to ValidatingWebhookConfiguration, MutatingWebhookConfiguration and CRDs
 #      kind: Certificate
 #      group: cert-manager.io
@@ -188,13 +217,7 @@ Count int `+"`"+`json:"count,omitempty"`+"`"+`
 #        options:
 #          delimiter: '.'
 #          index: 1
-#          create: true`, "#")).To(Succeed())
-
-	if kbc.IsRestricted {
-		By("uncomment kustomize files to ensure that pods are restricted")
-		uncommentPodStandards(kbc)
-	}
-}
+#          create: true`
 
 func uncommentPodStandards(kbc *utils.TestContext) {
 	configManager := filepath.Join(kbc.Dir, "config", "manager", "manager.yaml")