Azure · Porges · Dec 18, 2020 · Nov 18, 2020 · Nov 19, 2020 · Nov 20, 2020
@@ -54,6 +54,7 @@ echo "Installing Go tools…"
 # go tools for vscode are preinstalled by base image (see first comment in Dockerfile)
 go get \
     github.com/jandelgado/[email protected] \
+    github.com/mikefarah/yq/[email protected] \
     github.com/mitchellh/[email protected] \
     k8s.io/code-generator/cmd/[email protected] \
     sigs.k8s.io/controller-tools/cmd/[email protected] \
@@ -67,11 +68,6 @@ if [ "$1" != "devcontainer" ]; then
     curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "$TOOL_DEST" 2>&1 
 fi
 
-echo "Installing kubectl…"
-curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.19.0/bin/linux/amd64/kubectl \
-    && chmod +x ./kubectl \
-    && mv ./kubectl "$TOOL_DEST/kubectl"
-
 # Install go-task (task runner)
 echo "Installing go-task…"
 curl -sL "https://github.com/go-task/task/releases/download/v3.0.0/task_linux_amd64.tar.gz" | tar xz -C "$TOOL_DEST" task
@@ -84,3 +80,13 @@ curl -L "https://go.kubebuilder.io/dl/2.3.1/${os}/${arch}" | tar -xz -C /tmp/
 mv "/tmp/kubebuilder_2.3.1_${os}_${arch}" "$KUBEBUILDER_DEST"
 
 echo "Installed tools: $(ls "$TOOL_DEST")"
+
+
+if [ "$1" = "devcontainer" ]; then 
+    echo "Setting up k8s webhook certificates"
+
+    mkdir -p /tmp/k8s-webhook-server/serving-certs
+    openssl genrsa 2048 > tls.key
+    openssl req -new -x509 -nodes -sha256 -days 3650 -key tls.key -subj '/' -out tls.crt
+    mv tls.key tls.crt /tmp/k8s-webhook-server/serving-certs
+fi
@@ -178,18 +178,43 @@ tasks:
     - cp config/crd/bases/microsoft.storage.infra.azure.com_storageaccountsblobservicescontainers.yaml config/crd/bases/valid
     - cp config/crd/bases/microsoft.resources.infra.azure.com_resourcegroups.yaml config/crd/bases/valid
 
+  controller:copy-valid-webhooks:
+    dir: "{{.CONTROLLER_ROOT}}"
+    deps: [generate-crds]
+    cmds:
+    # the webhook configuration file, as it stands, is too big to load into k8s 😊
+    # instead, for now, we will pull out the bits we want
+    - mkdir -p config/webhook/valid
+    - yq delete {{.IN}} 'webhooks[*]' > {{.OUT}}
+    - yq read -c {{.IN}} 'webhooks.(rules[*].resources[*]. == batchaccounts)' | yq prefix - webhooks | yq merge -a append - {{.OUT}} > {{.OUT}}_2 && mv {{.OUT}}_2 {{.OUT}}
+    - yq read -c {{.IN}} 'webhooks.(rules[*].resources[*]. == storageaccounts)' | yq prefix - webhooks | yq merge -a append - {{.OUT}} > {{.OUT}}_2 && mv {{.OUT}}_2 {{.OUT}}
+    - yq read -c {{.IN}} 'webhooks.(rules[*].resources[*]. == storageaccountsblobservicescontainers)' | yq prefix - webhooks | yq merge -a append - {{.OUT}} > {{.OUT}}_2 && mv {{.OUT}}_2 {{.OUT}}
+    # need to remove v1 from the manifest as it doesn't work with controller-runtime currently: https://github.com/kubernetes-sigs/controller-runtime/issues/1272
+    - yq delete -i {{.OUT}} 'webhooks[*].admissionReviewVersions(. == v1)' 
+    vars:
+      IN: config/webhook/manifests.yaml 
+      OUT: config/webhook/valid/manifests.yaml
+
+
+  controller:prep-integration-tests:
+    # this just exists to serialize execution of these dependencies,
+    # since go-task won't dedupe _their_ shared dependencies
+    cmds:
+    - task controller:copy-valid-crds
+    - task controller:copy-valid-webhooks
+
   controller:test-integration-envtest:
     desc: Run integration tests with envtest using record/replay.
     dir: "{{.CONTROLLER_ROOT}}"
-    deps: [controller:copy-valid-crds]
+    deps: [controller:prep-integration-tests]
     cmds:
     # -race fails at the moment in controller-runtime
     - ENVTEST=1 RECORD_REPLAY=1 go test -v $({{.GENERATED_DIRS_TO_LINT_CMD}})
 
   controller:test-integration-envtest-cover:
     desc: Run integration tests with envtest using record/replay and output coverage.
     dir: "{{.CONTROLLER_ROOT}}"
-    deps: [controller:copy-valid-crds]
+    deps: [controller:prep-integration-tests]
     cmds:
     # -race fails at the moment in controller-runtime
     - ENVTEST=1 RECORD_REPLAY=1 go test -covermode atomic -coverprofile=cover-integration-envtest.out -coverpkg="./..." -v $({{.GENERATED_DIRS_TO_LINT_CMD}})
@@ -198,7 +223,7 @@ tasks:
   controller:test-integration-envtest-live:
     desc: Run integration tests with envtest against live data and output coverage.
     dir: "{{.CONTROLLER_ROOT}}"
-    deps: [controller:copy-valid-crds, cleanup-azure-resources]
+    deps: [controller:prep-integration-tests, cleanup-azure-resources]
     cmds:
     # -race fails at the moment in controller-runtime
     - ENVTEST=1 go test -covermode atomic -coverprofile=cover-integration-envtest.out -coverpkg="./..." -v $({{.GENERATED_DIRS_TO_LINT_CMD}})
@@ -212,8 +237,8 @@ tasks:
     - "apis/**/*_gen.go" # depends on all generated types
     cmds:
     - find ./apis -type f -name "zz_generated.*" -delete
-    - controller-gen object:headerFile=../boilerplate.go.txt paths="./..."
     - if [ -d "./config/crd/bases" ]; then find "./config/crd/bases" -type f -delete; fi
+    - controller-gen object:headerFile=../boilerplate.go.txt paths="./..." || true
     - controller-gen {{.CRD_OPTIONS}} rbac:roleName=manager-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
     vars:
       CRD_OPTIONS: "crd:crdVersions=v1,allowDangerousTypes=true"

@@ -1,2 +1,3 @@
 apis/
 config/crd/bases/
+config/webhook
@@ -15,7 +15,6 @@ import (
 	storage "github.com/Azure/k8s-infra/hack/generated/apis/microsoft.storage/v20190401"
 	"github.com/Azure/k8s-infra/hack/generated/pkg/armclient"
 	"github.com/Azure/k8s-infra/hack/generated/pkg/testcommon"
-	ctrl "sigs.k8s.io/controller-runtime"
 )
 
 func Test_ResourceGroup_CRUD(t *testing.T) {
@@ -123,10 +122,7 @@ func StorageAccount_BlobServices_CRUD(t *testing.T, testContext testcommon.KubeP
 	g := NewGomegaWithT(t)
 
 	blobService := &storage.StorageAccountsBlobService{
-		ObjectMeta: ctrl.ObjectMeta{
-			Name:      "default", // MUST be 'default'
-			Namespace: testContext.Namespace(),
-		},
+		ObjectMeta: testContext.MakeObjectMeta("blobservice"),
 		Spec: storage.StorageAccountsBlobServices_Spec{
 			ApiVersion: "2019-04-01", // TODO [apiversion]: to be removed eventually
 			Owner:      testcommon.AsOwner(storageAccount),

@@ -109,7 +109,6 @@ func (options *Options) setDefaults() {
 }
 
 func RegisterAll(mgr ctrl.Manager, applier armclient.Applier, objs []runtime.Object, log logr.Logger, options Options) []error {
-
 	options.setDefaults()
 
 	var errs []error
@@ -118,6 +117,7 @@ func RegisterAll(mgr ctrl.Manager, applier armclient.Applier, objs []runtime.Obj
 			errs = append(errs, err)
 		}
 	}
+
 	return errs
 }
 
@@ -155,11 +155,11 @@ func register(mgr ctrl.Manager, applier armclient.Applier, obj runtime.Object, l
 		CreateDeploymentName: options.CreateDeploymentName,
 	}
 
-	ctrlBuilder := ctrl.NewControllerManagedBy(mgr).
+	c, err := ctrl.NewControllerManagedBy(mgr).
 		For(obj).
-		WithOptions(options.Options)
+		WithOptions(options.Options).
+		Build(reconciler)
 
-	c, err := ctrlBuilder.Build(reconciler)
 	if err != nil {
 		return errors.Wrap(err, "unable to build controllers / reconciler")
 	}