Upgrade controller-runtime to v0.15.0 and k8s api to v0.30.0 (#952)

Some small refactors were made to the manager setup logic to account for
breaking changes in controller-runtime, and to prepare for its upcoming
generic builder api.

controllers/ingress/controller.go

@@ -1,23 +1,23 @@
 package ingress
 
 import (
-	"fmt"
 	"time"
 
 	corev1 "k8s.io/api/core/v1"
 	networkingv1 "k8s.io/api/networking/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
-	"sigs.k8s.io/controller-runtime/pkg/source"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
 
 	icsv1 "github.com/pomerium/ingress-controller/apis/ingress/v1"
 	"github.com/pomerium/ingress-controller/controllers/reporter"
 	"github.com/pomerium/ingress-controller/model"
 	"github.com/pomerium/ingress-controller/pomerium"
+	"github.com/pomerium/ingress-controller/util/generic"
 )
 
 const (
@@ -121,44 +121,35 @@ func WithWatchSettings(name types.NamespacedName) Option {
 
 // SetupWithManager sets up the controller with the Manager
 func (r *ingressController) SetupWithManager(mgr ctrl.Manager) error {
-	c, err := ctrl.NewControllerManagedBy(mgr).
+	r.Client = mgr.GetClient()
+	r.Scheme = mgr.GetScheme()
+
+	// cache frequently used object kinds
+	r.secretKind = generic.GVKForType[*corev1.Secret](r.Scheme).Kind
+	r.ingressKind = generic.GVKForType[*networkingv1.Ingress](r.Scheme).Kind
+	r.serviceKind = generic.GVKForType[*corev1.Service](r.Scheme).Kind
+	r.settingsKind = generic.GVKForType[*icsv1.Pomerium](r.Scheme).Kind
+	r.endpointsKind = generic.GVKForType[*corev1.Endpoints](r.Scheme).Kind
+	r.ingressClassKind = generic.GVKForType[*networkingv1.IngressClass](r.Scheme).Kind
+
+	err := ctrl.NewControllerManagedBy(mgr).
 		Named(controllerName).
 		For(&networkingv1.Ingress{}).
-		Build(r)
+		Watches(
+			&networkingv1.IngressClass{},
+			handler.EnqueueRequestsFromMapFunc(r.watchIngressClass()),
+			builder.WithPredicates(generic.NewPredicateFuncs(func(ic *networkingv1.IngressClass) bool {
+				return ic.Spec.Controller == r.controllerName
+			})),
+		).
+		Watches(&corev1.Secret{}, handler.EnqueueRequestsFromMapFunc(r.getDependantIngressFn(r.secretKind))).
+		Watches(&corev1.Service{}, handler.EnqueueRequestsFromMapFunc(r.getDependantIngressFn(r.serviceKind))).
+		Watches(&corev1.Endpoints{}, handler.EnqueueRequestsFromMapFunc(r.getDependantIngressFn(r.endpointsKind))).
+		WithEventFilter(predicate.ResourceVersionChangedPredicate{}).
+		Complete(r)
 	if err != nil {
 		return err
 	}
-
-	r.Scheme = mgr.GetScheme()
-	for _, o := range []struct {
-		client.Object
-		kind  *string
-		mapFn func(string) handler.MapFunc
-	}{
-		{&networkingv1.Ingress{}, &r.ingressKind, nil},
-		{&networkingv1.IngressClass{}, &r.ingressClassKind, r.watchIngressClass},
-		{&corev1.Secret{}, &r.secretKind, r.getDependantIngressFn},
-		{&corev1.Service{}, &r.serviceKind, r.getDependantIngressFn},
-		{&corev1.Endpoints{}, &r.endpointsKind, r.getDependantIngressFn},
-		{&icsv1.Pomerium{}, &r.settingsKind, nil},
-	} {
-		gvk, err := apiutil.GVKForObject(o.Object, r.Scheme)
-		if err != nil {
-			return fmt.Errorf("cannot get kind: %w", err)
-		}
-		*o.kind = gvk.Kind
-
-		if nil == o.mapFn {
-			continue
-		}
-
-		if err := c.Watch(
-			source.Kind(mgr.GetCache(), o.Object),
-			handler.EnqueueRequestsFromMapFunc(o.mapFn(gvk.Kind))); err != nil {
-			return fmt.Errorf("watching %s: %w", gvk.String(), err)
-		}
-	}
-
 	return nil
 }
 

controllers/ingress/controller_integration_test.go

@@ -358,7 +358,8 @@ func (s *ControllerTestSuite) TestIngressClass() {
 			ObjectMeta: metav1.ObjectMeta{Name: "another", Namespace: "default"},
 			Spec: networkingv1.IngressClassSpec{
 				Controller: "example.com/ingress-controller",
-			}}
+			},
+		}
 		s.NoError(s.Client.Create(ctx, anotherIngressClass))
 		ingress.Spec.IngressClassName = &anotherIngressClass.Name
 		s.NoError(s.Client.Update(ctx, ingress))
@@ -563,8 +564,10 @@ func (s *ControllerTestSuite) TestIngressStatus() {
 		return cmp.Diff(ingress, ic.Ingress, cmpOpts...)
 	}, "ingress created")
 
+	vipMode := corev1.LoadBalancerIPModeVIP
 	lbIngress := []corev1.LoadBalancerIngress{{
-		IP: "10.10.10.10",
+		IP:     "10.10.10.10",
+		IPMode: &vipMode, // as of v1.30, this field is populated automatically with the default mode
 	}}
 	proxySvc.Status.LoadBalancer.Ingress = lbIngress
 	s.NoError(s.Client.Status().Update(ctx, proxySvc), proxySvc.Spec)
@@ -607,7 +610,8 @@ func (s *ControllerTestSuite) TestHttp01Solver() {
 	}
 
 	ingress := &networkingv1.Ingress{
-		ObjectMeta: metav1.ObjectMeta{Name: "ingress", Namespace: "default",
+		ObjectMeta: metav1.ObjectMeta{
+			Name: "ingress", Namespace: "default",
 			Annotations: map[string]string{
 				"kubernetes.io/ingress.class": ingressClass.Name,
 			},
@@ -628,7 +632,15 @@ func (s *ControllerTestSuite) TestHttp01Solver() {
 									Name: "service",
 									Port: networkingv1.ServiceBackendPort{
 										Number: 8089,
-									}}}}}}}}}}}
+									},
+								},
+							},
+						}},
+					},
+				},
+			}},
+		},
+	}
 
 	endpoints := &corev1.Endpoints{
 		ObjectMeta: metav1.ObjectMeta{

controllers/ingress/deps.go

@@ -36,7 +36,7 @@ func (r *ingressController) getDependantIngressFn(kind string) handler.MapFunc {
 	}
 }
 
-func (r *ingressController) watchIngressClass(string) handler.MapFunc {
+func (r *ingressController) watchIngressClass() handler.MapFunc {
 	return func(ctx context.Context, a client.Object) []reconcile.Request {
 		logger := log.FromContext(ctx)
 		ctx, cancel := context.WithTimeout(ctx, initialReconciliationTimeout)

controllers/settings/controller.go

@@ -8,11 +8,11 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
-	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
 	"sigs.k8s.io/controller-runtime/pkg/handler"
 	"sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/source"
+	"sigs.k8s.io/controller-runtime/pkg/predicate"
 
 	pom_cfg "github.com/pomerium/pomerium/config"
 
@@ -22,6 +22,7 @@ import (
 	"github.com/pomerium/ingress-controller/model"
 	"github.com/pomerium/ingress-controller/pomerium"
 	"github.com/pomerium/ingress-controller/util"
+	"github.com/pomerium/ingress-controller/util/generic"
 )
 
 type settingsController struct {
@@ -81,32 +82,20 @@ func NewSettingsController(
 		emitWarnings: emitWarnings,
 	}
 
-	c, err := ctrl.NewControllerManagedBy(mgr).
+	secretKind := generic.GVKForType[*corev1.Secret](mgr.GetScheme()).Kind
+	err := ctrl.NewControllerManagedBy(mgr).
 		Named(controllerName).
 		For(new(icsv1.Pomerium)).
-		Build(stc)
+		Watches(
+			&corev1.Secret{},
+			handler.EnqueueRequestsFromMapFunc(deps.GetDependantMapFunc(stc.Registry, secretKind)),
+			builder.WithPredicates(predicate.ResourceVersionChangedPredicate{}),
+		).
+		Complete(stc)
 	if err != nil {
 		return fmt.Errorf("build controller: %w", err)
 	}
 
-	cache := mgr.GetCache()
-	for _, o := range []struct {
-		client.Object
-		mapFn func(model.Registry, string) handler.MapFunc
-	}{
-		{new(corev1.Secret), deps.GetDependantMapFunc},
-	} {
-		gvk, err := apiutil.GVKForObject(o.Object, mgr.GetScheme())
-		if err != nil {
-			return fmt.Errorf("cannot get kind: %w", err)
-		}
-
-		err = c.Watch(source.Kind(cache, o.Object),
-			handler.EnqueueRequestsFromMapFunc(o.mapFn(stc.Registry, gvk.Kind)))
-		if err != nil {
-			return fmt.Errorf("watching %s: %w", gvk.String(), err)
-		}
-	}
 	return nil
 }
 

go.mod

@@ -16,7 +16,8 @@ require (
 	github.com/iancoleman/strcase v0.3.0
 	github.com/martinlindhe/base36 v1.1.1
 	github.com/open-policy-agent/opa v0.64.1
-	github.com/pomerium/pomerium v0.25.1-0.20240501190122-e30d90206df9
+	github.com/pomerium/csrf v1.7.0
+	github.com/pomerium/pomerium v0.25.2
 	github.com/rs/zerolog v1.32.0
 	github.com/sergi/go-diff v1.3.1
 	github.com/spf13/cobra v1.8.0
@@ -29,14 +30,14 @@ require (
 	google.golang.org/grpc v1.63.2
 	google.golang.org/protobuf v1.34.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.29.0
-	k8s.io/apiextensions-apiserver v0.29.0
-	k8s.io/apimachinery v0.29.2
-	k8s.io/apiserver v0.29.0
-	k8s.io/client-go v0.29.0
-	sigs.k8s.io/controller-runtime v0.17.2
-	sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240201105228-4000e996a202
-	sigs.k8s.io/controller-tools v0.11.4
+	k8s.io/api v0.30.0
+	k8s.io/apiextensions-apiserver v0.30.0
+	k8s.io/apimachinery v0.30.0
+	k8s.io/apiserver v0.30.0
+	k8s.io/client-go v0.30.0
+	sigs.k8s.io/controller-runtime v0.18.0
+	sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20240501194100-d9f479e0225c
+	sigs.k8s.io/controller-tools v0.15.0
 )
 
 require (
@@ -85,11 +86,11 @@ require (
 	github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/envoyproxy/protoc-gen-validate v1.0.4 // indirect
-	github.com/evanphx/json-patch/v5 v5.8.0 // indirect
-	github.com/fatih/color v1.15.0 // indirect
+	github.com/evanphx/json-patch/v5 v5.9.0 // indirect
+	github.com/fatih/color v1.16.0 // indirect
 	github.com/felixge/httpsnoop v1.0.4 // indirect
 	github.com/fsnotify/fsnotify v1.7.0 // indirect
-	github.com/fxamacker/cbor/v2 v2.4.0 // indirect
+	github.com/fxamacker/cbor/v2 v2.6.0 // indirect
 	github.com/gabriel-vasile/mimetype v1.4.3 // indirect
 	github.com/go-chi/chi/v5 v5.0.12 // indirect
 	github.com/go-ini/ini v1.67.0 // indirect
@@ -104,7 +105,7 @@ require (
 	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/gobuffalo/flect v0.3.0 // indirect
+	github.com/gobuffalo/flect v1.0.2 // indirect
 	github.com/gobwas/glob v0.2.3 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
@@ -154,7 +155,6 @@ require (
 	github.com/philhofer/fwd v1.0.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect
-	github.com/pomerium/csrf v1.7.0 // indirect
 	github.com/pomerium/datasource v0.18.2-0.20221108160055-c6134b5ed524 // indirect
 	github.com/pomerium/webauthn v0.0.0-20221118023040-00a9c430578b // indirect
 	github.com/power-devops/perfstat v0.0.0-20210106213030-5aafc221ea8c // indirect
@@ -194,18 +194,17 @@ require (
 	go.opentelemetry.io/otel/metric v1.26.0 // indirect
 	go.opentelemetry.io/otel/sdk v1.26.0 // indirect
 	go.opentelemetry.io/otel/trace v1.26.0 // indirect
-	go.uber.org/automaxprocs v1.5.3 // indirect
 	go.uber.org/multierr v1.11.0 // indirect
 	golang.org/x/crypto v0.22.0 // indirect
 	golang.org/x/exp v0.0.0-20231110203233-9a3e6036ecaa // indirect
-	golang.org/x/mod v0.14.0 // indirect
+	golang.org/x/mod v0.17.0 // indirect
 	golang.org/x/net v0.24.0 // indirect
 	golang.org/x/oauth2 v0.19.0 // indirect
 	golang.org/x/sys v0.19.0 // indirect
 	golang.org/x/term v0.19.0 // indirect
 	golang.org/x/text v0.14.0 // indirect
 	golang.org/x/time v0.5.0 // indirect
-	golang.org/x/tools v0.16.1 // indirect
+	golang.org/x/tools v0.20.0 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect
 	google.golang.org/api v0.177.0 // indirect
 	google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de // indirect
@@ -216,9 +215,9 @@ require (
 	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
-	k8s.io/component-base v0.29.0 // indirect
-	k8s.io/klog/v2 v2.110.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20231010175941-2dd684a91f00 // indirect
+	k8s.io/component-base v0.30.0 // indirect
+	k8s.io/klog/v2 v2.120.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
 	k8s.io/utils v0.0.0-20230726121419-3b25d923346b // indirect
 	namespacelabs.dev/go-filenotify v0.0.0-20220511192020-53ea11be7eaa // indirect
 	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect