Dockerize and upgrade controller-gen to v0.5.0

frameworks/constraint had previously been reliant on an outdated version of the controller-gen library for generating CRDs with embedded JSONSchemas. The older version of the library wasn't built to detect a nested JSONSchema, and thus would not refuse it. With the requirement of v1 CRDs around the corner in k8s 1.22, framework/constraint requires the newer controller-gen v0.5.0. This library version can output v1 CRD. This PR _does not_ output a v1 CRD for Constraint Template. That will be left for a future PR. This PR brings the library up-to-date and dockerizes it, isolating the dependency from the developer machine. Signed-off-by: juliankatz <juliankatz@google.com>
open-policy-agent · Apr 27, 2021 · 56ce6ad · 56ce6ad
1 parent 804ff2e
commit 56ce6ad
Show file tree

Hide file tree

Showing 16 changed files with 97 additions and 543 deletions.
diff --git a/constraint/Makefile b/constraint/Makefile
@@ -29,23 +29,23 @@ install: manifests
 	kubectl apply -f config/crds
 
 # Generate manifests e.g. CRD, RBAC etc.
-manifests: buildutils
-	controller-gen all
+manifests: __controller-gen
+	$(CONTROLLER_GEN) crd:crdVersions="v1beta1",allowDangerousTypes="true" paths="./pkg/..." output:crd:artifacts:config=config/crds
 	kustomize build config -o deploy/crds.yaml
 
 lint:
 	golangci-lint -v run ./... --timeout 5m
 
+TOOLING_IMAGE := gatekeeper-tooling
+__tooling-image:
+	docker build . \
+		--tag $(TOOLING_IMAGE) \
+		--file buildutils/Dockerfile
+
+__controller-gen: __tooling-image
+# __controller-gen:
+CONTROLLER_GEN=docker run -v $(shell pwd):/constraint $(TOOLING_IMAGE) controller-gen
+
 # Generate code
-generate: buildutils
-ifndef GOPATH
-	$(error GOPATH not defined, please define GOPATH. Run "go help gopath" to learn more about GOPATH)
-endif
-	export GOROOT=$(go env root)
-	GO111MODULE=off go generate ./pkg/...
-
-# find or download controller-gen
-# download controller-gen if necessary
-.PHONY: buildutils
-buildutils:
-	cd buildutils && ./buildutils.sh
+generate: __controller-gen
+	$(CONTROLLER_GEN) object:headerFile=./hack/boilerplate.go.txt paths="./pkg/..."
diff --git a/constraint/buildutils/Dockerfile b/constraint/buildutils/Dockerfile
@@ -0,0 +1,9 @@
+FROM golang:1.16.3-alpine
+
+RUN apk add build-base
+
+# Create a folder in which to mount the code
+RUN mkdir /constraint
+WORKDIR /constraint
+
+RUN GO111MODULE=on go get sigs.k8s.io/controller-tools/cmd/controller-gen@v0.5.0
diff --git a/constraint/buildutils/buildutils.sh b/constraint/buildutils/buildutils.sh
diff --git a/constraint/buildutils/go.mod b/constraint/buildutils/go.mod
diff --git a/constraint/buildutils/go.sum b/constraint/buildutils/go.sum
diff --git a/constraint/config/crd_patch.yaml b/constraint/config/crd_patch.yaml
diff --git a/...emplates_v1alpha1_constrainttemplate.yaml → ...es.gatekeeper.sh_constrainttemplates.yaml b/...emplates_v1alpha1_constrainttemplate.yaml → ...es.gatekeeper.sh_constrainttemplates.yaml
@@ -1,32 +1,36 @@
+
+---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.5.0
   creationTimestamp: null
-  labels:
-    controller-tools.k8s.io: "1.0"
   name: constrainttemplates.templates.gatekeeper.sh
 spec:
   group: templates.gatekeeper.sh
   names:
     kind: ConstraintTemplate
+    listKind: ConstraintTemplateList
     plural: constrainttemplates
+    singular: constrainttemplate
   scope: Cluster
+  subresources:
+    status: {}
   validation:
     openAPIV3Schema:
+      description: ConstraintTemplate is the Schema for the constrainttemplates API
       properties:
         apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+          description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
           type: string
         kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+          description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
           type: string
         metadata:
           type: object
         spec:
+          description: ConstraintTemplateSpec defines the desired state of ConstraintTemplate
           properties:
             crd:
               properties:
@@ -42,6 +46,9 @@ spec:
                           type: array
                       type: object
                     validation:
+                      properties:
+                        openAPIV3Schema:
+                          type: object
                       type: object
                   type: object
               type: object
@@ -60,12 +67,15 @@ spec:
               type: array
           type: object
         status:
+          description: ConstraintTemplateStatus defines the observed state of ConstraintTemplate
           properties:
             byPod:
               items:
+                description: ByPodStatus defines the observed state of ConstraintTemplate as seen by an individual controller
                 properties:
                   errors:
                     items:
+                      description: CreateCRDError represents a single error caught during parsing, compiling, etc.
                       properties:
                         code:
                           type: string
@@ -89,7 +99,15 @@ spec:
             created:
               type: boolean
           type: object
+      type: object
   version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: false
+  - name: v1beta1
+    served: true
+    storage: true
 status:
   acceptedNames:
     kind: ""

diff --git a/constraint/config/crds/templates_v1beta1_constrainttemplate.yaml b/constraint/config/crds/templates_v1beta1_constrainttemplate.yaml
diff --git a/constraint/config/kustomization.yaml b/constraint/config/kustomization.yaml
@@ -1,9 +1,15 @@
-# create a multi-version CRD via kustomize because Kubebuilder v1 doesn't support multi-version
-# CRDs
+# Sets the version: field to `v1beta1`.
+# It's not obvious how to do this with kubebuilder annotations.
 
 resources:
-- crds/templates_v1beta1_constrainttemplate.yaml
-
-patchesStrategicMerge:
-- crd_patch.yaml
+- crds/templates.gatekeeper.sh_constrainttemplates.yaml
 
+patches:
+- target:
+    group: apiextensions.k8s.io
+    version: v1beta1
+    kind: CustomResourceDefinition
+    name: constrainttemplates.templates.gatekeeper.sh
+  patch: |-
+    - op: remove
+      path: /spec/version