Merge pull request #96 from jcaamano/admissionv1

Switch to admission v1
k8snetworkplumbingwg · Jul 13, 2021 · b1714b3 · b1714b3
2 parents 54b1745 + 9de30ef
commit b1714b3
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 40 deletions.
diff --git a/deployments/webhook.yaml b/deployments/webhook.yaml
@@ -1,11 +1,13 @@
 ---
-apiVersion: admissionregistration.k8s.io/v1beta1
+apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   name: network-resources-injector-config
   namespace: kube-system
 webhooks:
   - name: network-resources-injector-config.k8s.io
+    sideEffects: None
+    admissionReviewVersions: ["v1"]
     clientConfig:
       service:
         name: network-resources-injector-service

diff --git a/pkg/installer/installer.go b/pkg/installer/installer.go
@@ -24,7 +24,7 @@ import (
 	"github.com/golang/glog"
 	"github.com/pkg/errors"
 
-	arv1beta1 "k8s.io/api/admissionregistration/v1beta1"
+	arv1 "k8s.io/api/admissionregistration/v1"
 	"k8s.io/api/certificates/v1beta1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -131,38 +131,41 @@ func createMutatingWebhookConfiguration(certificate []byte, failurePolicyStr str
 	configName := strings.Join([]string{prefix, "mutating-config"}, "-")
 	serviceName := strings.Join([]string{prefix, "service"}, "-")
 	removeMutatingWebhookIfExists(configName)
-	var failurePolicy arv1beta1.FailurePolicyType
+	var failurePolicy arv1.FailurePolicyType
 	if strings.EqualFold(strings.TrimSpace(failurePolicyStr), "Ignore") {
-		failurePolicy = arv1beta1.Ignore
+		failurePolicy = arv1.Ignore
 	} else if strings.EqualFold(strings.TrimSpace(failurePolicyStr), "Fail") {
-		failurePolicy = arv1beta1.Fail
+		failurePolicy = arv1.Fail
 	} else {
 		return errors.New("unknown failure policy type")
 	}
+	sideEffects := arv1.SideEffectClassNone
 	path := "/mutate"
-	configuration := &arv1beta1.MutatingWebhookConfiguration{
+	configuration := &arv1.MutatingWebhookConfiguration{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: configName,
 			Labels: map[string]string{
 				"app": prefix,
 			},
 		},
-		Webhooks: []arv1beta1.MutatingWebhook{
-			arv1beta1.MutatingWebhook{
+		Webhooks: []arv1.MutatingWebhook{
+			arv1.MutatingWebhook{
 				Name: configName + ".k8s.cni.cncf.io",
-				ClientConfig: arv1beta1.WebhookClientConfig{
+				ClientConfig: arv1.WebhookClientConfig{
 					CABundle: certificate,
-					Service: &arv1beta1.ServiceReference{
+					Service: &arv1.ServiceReference{
 						Namespace: namespace,
 						Name:      serviceName,
 						Path:      &path,
 					},
 				},
-				FailurePolicy: &failurePolicy,
-				Rules: []arv1beta1.RuleWithOperations{
-					arv1beta1.RuleWithOperations{
-						Operations: []arv1beta1.OperationType{arv1beta1.Create},
-						Rule: arv1beta1.Rule{
+				FailurePolicy:           &failurePolicy,
+				AdmissionReviewVersions: []string{"v1"},
+				SideEffects:             &sideEffects,
+				Rules: []arv1.RuleWithOperations{
+					arv1.RuleWithOperations{
+						Operations: []arv1.OperationType{arv1.Create},
+						Rule: arv1.Rule{
 							APIGroups:   []string{""},
 							APIVersions: []string{"v1"},
 							Resources:   []string{"pods"},
@@ -172,7 +175,7 @@ func createMutatingWebhookConfiguration(certificate []byte, failurePolicyStr str
 			},
 		},
 	}
-	_, err := clientset.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Create(context.TODO(), configuration, metav1.CreateOptions{})
+	_, err := clientset.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), configuration, metav1.CreateOptions{})
 	return err
 }
 
@@ -215,10 +218,10 @@ func removeServiceIfExists(serviceName string) {
 }
 
 func removeMutatingWebhookIfExists(configName string) {
-	config, err := clientset.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Get(context.TODO(), configName, metav1.GetOptions{})
+	config, err := clientset.AdmissionregistrationV1().MutatingWebhookConfigurations().Get(context.TODO(), configName, metav1.GetOptions{})
 	if config != nil && err == nil {
 		glog.Infof("mutating webhook %s already exists, removing it first", configName)
-		err := clientset.AdmissionregistrationV1beta1().MutatingWebhookConfigurations().Delete(context.TODO(), configName, metav1.DeleteOptions{})
+		err := clientset.AdmissionregistrationV1().MutatingWebhookConfigurations().Delete(context.TODO(), configName, metav1.DeleteOptions{})
 		if err != nil {
 			glog.Errorf("error trying to remove mutating webhook configuration: %s", err)
 		}

diff --git a/pkg/webhook/webhook.go b/pkg/webhook/webhook.go
@@ -34,7 +34,7 @@ import (
 	"github.com/k8snetworkplumbingwg/network-resources-injector/pkg/controlswitches"
 	netcache "github.com/k8snetworkplumbingwg/network-resources-injector/pkg/tools"
 	"github.com/k8snetworkplumbingwg/network-resources-injector/pkg/types"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	v1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -79,9 +79,9 @@ func SetControlSwitches(activeConfiguration *controlswitches.ControlSwitches) {
 	controlSwitches = activeConfiguration
 }
 
-func prepareAdmissionReviewResponse(allowed bool, message string, ar *v1beta1.AdmissionReview) error {
+func prepareAdmissionReviewResponse(allowed bool, message string, ar *admissionv1.AdmissionReview) error {
 	if ar.Request != nil {
-		ar.Response = &v1beta1.AdmissionResponse{
+		ar.Response = &admissionv1.AdmissionResponse{
 			UID:     ar.Request.UID,
 			Allowed: allowed,
 		}
@@ -95,7 +95,7 @@ func prepareAdmissionReviewResponse(allowed bool, message string, ar *v1beta1.Ad
 	return errors.New("received empty AdmissionReview request")
 }
 
-func readAdmissionReview(req *http.Request, w http.ResponseWriter) (*v1beta1.AdmissionReview, int, error) {
+func readAdmissionReview(req *http.Request, w http.ResponseWriter) (*admissionv1.AdmissionReview, int, error) {
 	var body []byte
 
 	if req.Body != nil {
@@ -130,8 +130,8 @@ func readAdmissionReview(req *http.Request, w http.ResponseWriter) (*v1beta1.Adm
 	return ar, http.StatusOK, nil
 }
 
-func deserializeAdmissionReview(body []byte) (*v1beta1.AdmissionReview, error) {
-	ar := &v1beta1.AdmissionReview{}
+func deserializeAdmissionReview(body []byte) (*admissionv1.AdmissionReview, error) {
+	ar := &admissionv1.AdmissionReview{}
 	runtimeScheme := runtime.NewScheme()
 	codecs := serializer.NewCodecFactory(runtimeScheme)
 	deserializer := codecs.UniversalDeserializer()
@@ -145,14 +145,14 @@ func deserializeAdmissionReview(body []byte) (*v1beta1.AdmissionReview, error) {
 	return ar, err
 }
 
-func deserializeNetworkAttachmentDefinition(ar *v1beta1.AdmissionReview) (cniv1.NetworkAttachmentDefinition, error) {
+func deserializeNetworkAttachmentDefinition(ar *admissionv1.AdmissionReview) (cniv1.NetworkAttachmentDefinition, error) {
 	/* unmarshal NetworkAttachmentDefinition from AdmissionReview request */
 	netAttachDef := cniv1.NetworkAttachmentDefinition{}
 	err := json.Unmarshal(ar.Request.Object.Raw, &netAttachDef)
 	return netAttachDef, err
 }
 
-func deserializePod(ar *v1beta1.AdmissionReview) (corev1.Pod, error) {
+func deserializePod(ar *admissionv1.AdmissionReview) (corev1.Pod, error) {
 	/* unmarshal Pod from AdmissionReview request */
 	pod := corev1.Pod{}
 	err := json.Unmarshal(ar.Request.Object.Raw, &pod)
@@ -415,7 +415,7 @@ func parseNetworkAttachDefinition(net *multus.NetworkSelectionElement, reqs map[
 	return reqs, nsMap, nil
 }
 
-func handleValidationError(w http.ResponseWriter, ar *v1beta1.AdmissionReview, orgErr error) {
+func handleValidationError(w http.ResponseWriter, ar *admissionv1.AdmissionReview, orgErr error) {
 	err := prepareAdmissionReviewResponse(false, orgErr.Error(), ar)
 	if err != nil {
 		err := errors.Wrap(err, "error preparing AdmissionResponse")
@@ -425,7 +425,7 @@ func handleValidationError(w http.ResponseWriter, ar *v1beta1.AdmissionReview, o
 	writeResponse(w, ar)
 }
 
-func writeResponse(w http.ResponseWriter, ar *v1beta1.AdmissionReview) {
+func writeResponse(w http.ResponseWriter, ar *admissionv1.AdmissionReview) {
 	glog.Infof("sending response to the Kubernetes API server")
 	resp, _ := json.Marshal(ar)
 	w.Write(resp)
@@ -932,8 +932,8 @@ func MutateHandler(w http.ResponseWriter, req *http.Request) {
 
 		patchBytes, _ := json.Marshal(patch)
 		ar.Response.Patch = patchBytes
-		ar.Response.PatchType = func() *v1beta1.PatchType {
-			pt := v1beta1.PatchTypeJSONPatch
+		ar.Response.PatchType = func() *admissionv1.PatchType {
+			pt := admissionv1.PatchTypeJSONPatch
 			return &pt
 		}()
 	} else {

diff --git a/pkg/webhook/webhook_test.go b/pkg/webhook/webhook_test.go
@@ -21,7 +21,7 @@ import (
 	"net/http/httptest"
 
 	"gopkg.in/intel/multus-cni.v3/pkg/types"
-	"k8s.io/api/admission/v1beta1"
+	admissionv1 "k8s.io/api/admission/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
@@ -44,15 +44,15 @@ var _ = Describe("Webhook", func() {
 	Describe("Preparing Admission Review Response", func() {
 		Context("Admission Review Request is nil", func() {
 			It("should return error", func() {
-				ar := &v1beta1.AdmissionReview{}
+				ar := &admissionv1.AdmissionReview{}
 				ar.Request = nil
 				Expect(prepareAdmissionReviewResponse(false, "", ar)).To(HaveOccurred())
 			})
 		})
 		Context("Message is not empty", func() {
 			It("should set message in the response", func() {
-				ar := &v1beta1.AdmissionReview{}
-				ar.Request = &v1beta1.AdmissionRequest{
+				ar := &admissionv1.AdmissionReview{}
+				ar.Request = &admissionv1.AdmissionRequest{
 					UID: "fake-uid",
 				}
 				err := prepareAdmissionReviewResponse(false, "some message", ar)
@@ -75,8 +75,8 @@ var _ = Describe("Webhook", func() {
 	Describe("Deserializing Network Attachment Definition", func() {
 		Context("It's not an Network Attachment Definition", func() {
 			It("should return an error", func() {
-				ar := &v1beta1.AdmissionReview{}
-				ar.Request = &v1beta1.AdmissionRequest{}
+				ar := &admissionv1.AdmissionReview{}
+				ar.Request = &admissionv1.AdmissionRequest{}
 				_, err := deserializeNetworkAttachmentDefinition(ar)
 				Expect(err).To(HaveOccurred())
 			})
@@ -86,8 +86,8 @@ var _ = Describe("Webhook", func() {
 	Describe("Deserializing Pod", func() {
 		Context("It's not a Pod", func() {
 			It("should return an error", func() {
-				ar := &v1beta1.AdmissionReview{}
-				ar.Request = &v1beta1.AdmissionRequest{}
+				ar := &admissionv1.AdmissionReview{}
+				ar.Request = &admissionv1.AdmissionRequest{}
 				_, err := deserializePod(ar)
 				Expect(err).To(HaveOccurred())
 			})
@@ -98,8 +98,8 @@ var _ = Describe("Webhook", func() {
 		Context("with an AdmissionReview", func() {
 			It("should be marshalled and written to a HTTP Response Writer", func() {
 				w := httptest.NewRecorder()
-				ar := &v1beta1.AdmissionReview{}
-				ar.Response = &v1beta1.AdmissionResponse{
+				ar := &admissionv1.AdmissionReview{}
+				ar.Response = &admissionv1.AdmissionResponse{
 					UID:     "fake-uid",
 					Allowed: true,
 					Result: &metav1.Status{