📖 update webhooks for core types to match controller-runtime v0.15

[mythi]

Fixes: #3393

[k8s-ci-robot]

Hi @mythi. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[camilamacedo86]

@mythi,

I am not sure if I understand this changes.
See that the Handler still existing for 0.15.0: https://pkg.go.dev/sigs.k8s.io/controller-runtime/pkg/webhook/admission#Handler

The only breaking change that I saw is that now we have admission.Warnings in the method signature, see:

https://github.com/kubernetes-sigs/kubebuilder/pull/3444/files#diff-c157b03fcfe4b2116022e44c782e84f45db09e5e1488e2061c9007e37e634c48R119-R124

This change should be in placed in the docs as well for master since after we do the changes we must to run make generate and then the docs are updated.

So, do we still needing this PR?

[mythi]

@camilamacedo86 I believe it's still needed. pkg/inject is also removed so the example makes the webhook to crash. This moves the book to use the builder approach following the CR change and my fixes

[mythi]

@camilamacedo86 anything I can/need to do here?

[camilamacedo86]

Hi @mythi,

@camilamacedo86 anything I can/need to do here?

By using the master branch and checking the samples code in the master, what issues are you still face?
Can you list them out and let us know what changes are required then, I can help you with where then should be made.

I believe it's still needed. pkg/inject is also removed so the example makes the webhook to crash.

We do not use sigs.k8s.io/controller-runtime/pkg/runtime/inject.
However, if we need to change something it seems that it must be done in. the default scaffolds.
So, can you let us know when you create a project, then api and a webhook what is wrong?

[mythi]

So, can you let us know when you create a project, then api and a webhook what is wrong?

@camilamacedo86 hmm but this PR is not about the scaffolding process but this page https://book.kubebuilder.io/reference/webhook-for-core-types.html which is wrong.

[camilamacedo86]

Hi @mythi,

@camilamacedo86 hmm but this PR is not about the scaffolding process but this page https://book.kubebuilder.io/reference/webhook-for-core-types.html which is wrong.

It seems make sense. When it no longer be a draft could you please either ping in the slack so that we won a help from the community in the review?

[camilamacedo86]

@erikgb

I think you are very skilled in this area, could you please give a hand in the review of this PR?

[erikgb]

Thanks @mythi! This looks good! A couple of suggestions/nits, but none of them should block this PR from being merged.

[erikgb]

Maybe we should add a func to podAnnotator to set it up with Manager - as we do for controllers?

func (r *podAnnotator) SetupWithManager(mgr ctrl.Manager) error

IMO the code will be easier to read. An advanced user can always in-line it...

[mythi]

AFAIU, the same is covered by the new snippet. That is used with:

mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{})
...
if err := builder.WebhookManagedBy(mgr).
...

[erikgb]

Ok, but if using kubebuilder to create the webhook, I think it will generate a SetupWithManager func.

[everettraven]

Ok, but if using kubebuilder to create the webhook, I think it will generate a SetupWithManager func.

@erikgb is correct. For example, see: https://github.com/kubernetes-sigs/kubebuilder/blob/master/testdata/project-v4/api/v1/captain_webhook.go

Even though they do the same thing, I agree that for the Kubebuilder documentation we should ensure we are accurately reflecting what is scaffolded by default by Kubebuilder.

[mythi]

ack, will look into it

[mythi]

this should be covered now. apologies for the silence!

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: mythi
Once this PR has been reviewed and has the lgtm label, please assign varshaprasad96 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[mythi]

@erikgb @camilamacedo86 the review comments are addressed, and this is ready for another review

[erikgb]

/ok-to-test
/lgtm

[everettraven]

Overall the changes look good, just had a couple comments:

[everettraven]

Ok, but if using kubebuilder to create the webhook, I think it will generate a SetupWithManager func.

@erikgb is correct. For example, see: https://github.com/kubernetes-sigs/kubebuilder/blob/master/testdata/project-v4/api/v1/captain_webhook.go

Even though they do the same thing, I agree that for the Kubebuilder documentation we should ensure we are accurately reflecting what is scaffolded by default by Kubebuilder.

[camilamacedo86]

Requested changes:

• Ensure that the changes in the doc are aligned with the default scaffold done by KB

From @erikgb and @everettraven :

@erikgb is correct. For example, see: https://github.com/kubernetes-sigs/kubebuilder/blob/master/testdata/project-v4/api/v1/captain_webhook.go

Even though they do the same thing, I agree that for the Kubebuilder documentation we should ensure we are accurately reflecting what is scaffolded by default by Kubebuilder.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Mark this PR as fresh with /remove-lifecycle stale
• Close this PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Mark this PR as fresh with /remove-lifecycle rotten
• Close this PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[k8s-ci-robot]

New changes are detected. LGTM label has been removed.

[mythi]

/remove-lifecycle rotten

[camilamacedo86]

before it could return an error because it was patching the value
so, if an error were faced it will be returned now I am not sure if we we are patching the value.
Did you tested it out?

It seems that it is not doing the same.

[mythi]

Did you tested it out?

The code is same as in https://github.com/kubernetes-sigs/controller-runtime/blob/76d3d0826fa9dca267c70c68c706f6de40084043/examples/builtins/mutatingwebhook.go so I'm assuming it's tested by controller-runtime. FWIW, my own webhook follows the same flow also.

[camilamacedo86]

It is not the same
Before it was use the client to perform the changes on the cluster side and return its result (nil OR error)
Now, it adds the value to the pod, do nothing and return nil always

Also, we are changing how to do.
So, anyway, for any tutorial example we should test things out, ensure that it is right.
Could you please test this one?

[mythi]

It is not the same

I'm pretty sure it's the same. I just copied the Default() func and compared with what is in this file and there are no functional changes.

[camilamacedo86]

But the example that we have here does

marshaledPod, err := json.Marshal(pod)
	if err != nil {
		return admission.Errored(http.StatusInternalServerError, err)
	}
	return admission.PatchResponseFromRaw(req.Object.Raw, marshaledPod)

It would not add too much value just have the sample controller-runtime right?
Would still possible to do the same with the new changes?

[mythi]

It would not add too much value just have the sample controller-runtime right?

That's how it's been. I'm just a messenger and making the same changes that controller-runtime has between controller-runtime release-0.14 and release-0.15.

[camilamacedo86]

Hi @mythi

Sure, and we appreciate it a lot.
What I am trying to say is that we should update the doc to keep the same example that we have before but now addressing the controller-runtime changes. That would provide more value than change the current example to copy and paste an example from there.

So that we could ensure that we are able to do the same but in another way and that the example that we have is valid.

[mythi]

That would provide more value than change the current example to copy and paste an example from there.

What I tried to say was that the current example is also a copy and paste and that the diff here is how controller-runtime addressed their changes in the example. I kinda understand what you're asking me to change but the counterargument is why would we want to diverge from the example given elsewhere (especially since we used to be aligned).

[drewwells]

Would love to see docs updated. The example code works nicely, but the docs are misleading (to me). They don't align with the code example.

[mythi]

The example code works nicely, but the docs are misleading (to me). They don't align with the code example.

Just to clarify: when you say "example", you mean the controller-runtime example the book points to? This PR is exactly about getting those aligned.

[camilamacedo86]

HI @mythi

How, we should change this doc?

• Just ensure that the current example provided in the docs (same kubebuilder example) will be changed to address breakchanges
• Ensure that the example provide can properly work and matches with kubebuilder layout by creating a project and checking it out

We should not:

• Copy and paste the examples from controller-runtime (it does not bring value for the users, if we want to use their example we can just link it. Make no sense we duplicate things) Furthermore, just copy a controller-runtime in the doc does not mean that will work. We must to describe to users how to do the same with Kubebuilder layout, describe the steps, and ensure that the info provided is accurate.
• Change the example in away that it does not work with the default kubebuilder layout or not fits well on it.
• Change the logic of the example provided without any good reason to do so.

I hope that clarifies.

[mythi]

We should not:

I don't think the current example meets any of these bullets either. However, if that is desired, we could close this and someone can pick up re-writing this page according to the new ask.

[k8s-ci-robot]

@mythi: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-kubebuilder-e2e-k8s-1-27-10	7bbc5f5	link	true	/test pull-kubebuilder-e2e-k8s-1-27-10
pull-kubebuilder-e2e-k8s-1-28-6	7bbc5f5	link	true	/test pull-kubebuilder-e2e-k8s-1-28-6
pull-kubebuilder-e2e-k8s-1-29-0	7bbc5f5	link	true	/test pull-kubebuilder-e2e-k8s-1-29-0
pull-kubebuilder-e2e-k8s-1-28-0	3781a81	link	true	/test pull-kubebuilder-e2e-k8s-1-28-0
pull-kubebuilder-e2e-k8s-1-30-0	2db6ee6	link	true	/test pull-kubebuilder-e2e-k8s-1-30-0

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.