Merge pull request #36 from vincepri/update-kcp-011

Update example to work against latest kcp main (next 0.11)

Dockerfile

@@ -1,5 +1,5 @@
 # Build the manager binary
-FROM golang:1.17 as builder
+FROM golang:1.18 as builder
 
 WORKDIR /workspace
 # Copy the Go Modules manifests

Makefile

@@ -31,7 +31,7 @@ YQ ?= $(LOCALBIN)/yq
 ## Tool Versions
 KUSTOMIZE_VERSION ?= v3.8.7
 CONTROLLER_TOOLS_VERSION ?= v0.8.0
-KCP_VERSION ?= 0.9.1
+KCP_VERSION ?= 0.11.0-alpha.0
 YQ_VERSION ?= v4.27.2
 
 KUSTOMIZE_INSTALL_SCRIPT ?= "https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh"
@@ -123,14 +123,18 @@ test-e2e: $(ARTIFACT_DIR)/kind.kubeconfig kcp-synctarget ready-deployment run-te
 
 .PHONY: run-test-e2e
 run-test-e2e: ## Run end-to-end tests on a cluster.
-	go test ./test/e2e/... --kubeconfig $(abspath $(ARTIFACT_DIR)/kcp.kubeconfig) --workspace $(shell $(KCP_KUBECTL) kcp workspace . --short)
+	go test -v ./test/e2e/... --kubeconfig $(abspath $(ARTIFACT_DIR)/kcp.kubeconfig) --workspace $(shell $(KCP_KUBECTL) get logicalcluster cluster -o jsonpath="{.metadata.annotations.kcp\.io/path}")
 
 .PHONY: ready-deployment
 ready-deployment: KUBECONFIG = $(ARTIFACT_DIR)/kcp.kubeconfig
-ready-deployment: kind-image install deploy apibinding ## Deploy the controller-manager and wait for it to be ready.
+ready-deployment: kind-image install bindcompute deploy apibinding  ## Deploy the controller-manager and wait for it to be ready.
 	$(KCP_KUBECTL) --namespace "controller-runtime-example-system" rollout status deployment/controller-runtime-example-controller-manager
 
-# TODO(skuznets|ncdc): this APIBinding is not needed, but here only to work around https://github.com/kcp-dev/kcp/issues/1183 - remove it once that is fixed
+.PHONY: bindcompute
+bindcompute:
+	$(KCP_KUBECTL) kcp bind compute $(shell $(KCP_KUBECTL) get logicalcluster cluster -o jsonpath="{.metadata.annotations.kcp\.io/path}")
+
+# TODO(skuznets|ncdc): this APIBinding is not needed, but here only to work around https://github.com/kcp-dev/kcp/issues/2663 - remove it once that is fixed
 .PHONY: apibinding
 apibinding:
 	$( eval WORKSPACE = $(shell $(KCP_KUBECTL) kcp workspace . --short))
@@ -184,6 +188,10 @@ test-e2e-cleanup: ## Clean up processes and directories from an end-to-end test
 	pkill -sigterm kcp || true
 	pkill -sigterm kubectl || true
 
+.PHONY: clean-bins
+clean-bins: ## Remove binaries.
+	rm -rf $(ARTIFACT_DIR) || true
+
 ##@ Build
 
 .PHONY: build

config/default/kustomization.yaml

@@ -13,9 +13,9 @@ namePrefix: controller-runtime-example-
 #  someName: someValue
 
 bases:
-- ../kcp
-- ../rbac
-- ../manager
+  - ../kcp
+  - ../rbac
+  - ../manager
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix including the one in
 # crd/kustomization.yaml
 #- ../webhook
@@ -25,10 +25,10 @@ bases:
 #- ../prometheus
 
 patchesStrategicMerge:
-# Protect the /metrics endpoint by putting it behind auth.
-# If you want your controller-manager to expose the /metrics
-# endpoint w/o any authn/z, please comment the following line.
-- manager_auth_proxy_patch.yaml
+  # Protect the /metrics endpoint by putting it behind auth.
+  # If you want your controller-manager to expose the /metrics
+  # endpoint w/o any authn/z, please comment the following line.
+  - manager_auth_proxy_patch.yaml
 
 # Mount the controller config file for loading manager configurations
 # through a ComponentConfig type
@@ -45,37 +45,37 @@ patchesStrategicMerge:
 
 # the following config is for teaching kustomize how to do var substitution
 vars:
-# [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
-#- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
-#  objref:
-#    kind: Certificate
-#    group: cert-manager.io
-#    version: v1
-#    name: serving-cert # this name should match the one in certificate.yaml
-#  fieldref:
-#    fieldpath: metadata.namespace
-#- name: CERTIFICATE_NAME
-#  objref:
-#    kind: Certificate
-#    group: cert-manager.io
-#    version: v1
-#    name: serving-cert # this name should match the one in certificate.yaml
-#- name: SERVICE_NAMESPACE # namespace of the service
-#  objref:
-#    kind: Service
-#    version: v1
-#    name: webhook-service
-#  fieldref:
-#    fieldpath: metadata.namespace
-#- name: SERVICE_NAME
-#  objref:
-#    kind: Service
-#    version: v1
-#    name: webhook-service
-- name: API_EXPORT_NAME
-  objref:
-    apiVersion: apis.kcp.dev/v1alpha1
-    kind: APIExport
-    name: data.my.domain
-  fieldref:
-    fieldPath: metadata.name
+  # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER' prefix.
+  #- name: CERTIFICATE_NAMESPACE # namespace of the certificate CR
+  #  objref:
+  #    kind: Certificate
+  #    group: cert-manager.io
+  #    version: v1
+  #    name: serving-cert # this name should match the one in certificate.yaml
+  #  fieldref:
+  #    fieldpath: metadata.namespace
+  #- name: CERTIFICATE_NAME
+  #  objref:
+  #    kind: Certificate
+  #    group: cert-manager.io
+  #    version: v1
+  #    name: serving-cert # this name should match the one in certificate.yaml
+  #- name: SERVICE_NAMESPACE # namespace of the service
+  #  objref:
+  #    kind: Service
+  #    version: v1
+  #    name: webhook-service
+  #  fieldref:
+  #    fieldpath: metadata.namespace
+  #- name: SERVICE_NAME
+  #  objref:
+  #    kind: Service
+  #    version: v1
+  #    name: webhook-service
+  - name: API_EXPORT_NAME
+    objref:
+      apiVersion: apis.kcp.io/v1alpha1
+      kind: APIExport
+      name: data.my.domain
+    fieldref:
+      fieldPath: metadata.name

config/kcp/apiexport.yaml

@@ -1,4 +1,4 @@
-apiVersion: apis.kcp.dev/v1alpha1
+apiVersion: apis.kcp.io/v1alpha1
 kind: APIExport
 metadata:
   name: data.my.domain
@@ -8,7 +8,10 @@ spec:
   permissionClaims:
     - group: ""
       resource: "secrets"
+      all: true
     - group: ""
       resource: "configmaps"
+      all: true
     - group: ""
       resource: "namespaces"
+      all: true

config/kcp/clusterrole.yaml

@@ -5,17 +5,17 @@ metadata:
   creationTimestamp: null
   name: kcp-manager-role
 rules:
-- apiGroups:
-  - apis.kcp.dev
-  resources:
-  - apiexports
-  verbs:
-  - get
-  - list
-  - watch
-- apiGroups:
-  - apis.kcp.dev
-  resources:
-  - apiexports/content
-  verbs:
-  - '*'
+  - apiGroups:
+      - apis.kcp.io
+    resources:
+      - apiexports
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - apis.kcp.io
+    resources:
+      - apiexports/content
+    verbs:
+      - "*"

config/kcp/clusterroles-apiexport-bind.yaml

@@ -0,0 +1,24 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: controller-runtime-example
+rules:
+  - apiGroups: ["apis.kcp.io"]
+    resources:
+      - "apiexports"
+    resourceNames:
+      - "data.my.domain"
+    verbs: ["bind"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: controller-runtime-example
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: controller-runtime-example
+subjects:
+  - apiGroup: rbac.authorization.k8s.io
+    kind: Group
+    name: system:authenticated

config/kcp/kustomization.yaml

@@ -3,6 +3,7 @@ resources:
   - apiexport.yaml
   - clusterrole.yaml
   - clusterrolebinding.yaml
+  - clusterroles-apiexport-bind.yaml
 
 configurations:
   - kustomizeconfig.yaml

config/kcp/kustomizeconfig.yaml

@@ -1,5 +1,9 @@
 nameReference:
-- kind: APIResourceSchema
-  fieldSpecs:
+  - kind: APIResourceSchema
+    fieldSpecs:
+      - kind: APIExport
+        path: spec/latestResourceSchemas
   - kind: APIExport
-    path: spec/latestResourceSchemas
+    fieldSpecs:
+      - kind: ClusterRole
+        path: rules/resourceNames

config/kcp/today.apiresourceschemas.yaml

@@ -1,4 +1,4 @@
-apiVersion: apis.kcp.dev/v1alpha1
+apiVersion: apis.kcp.io/v1alpha1
 kind: APIResourceSchema
 metadata:
   creationTimestamp: null
@@ -12,38 +12,41 @@ spec:
     singular: widget
   scope: Namespaced
   versions:
-  - name: v1alpha1
-    schema:
-      description: Widget is the Schema for the widgets API
-      properties:
-        apiVersion:
-          description: 'APIVersion defines the versioned schema of this representation
-            of an object. Servers should convert recognized schemas to the latest
-            internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
-          type: string
-        kind:
-          description: 'Kind is a string value representing the REST resource this
-            object represents. Servers may infer this from the endpoint the client
-            submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-          type: string
-        metadata:
-          type: object
-        spec:
-          description: WidgetSpec defines the desired state of Widget
-          properties:
-            foo:
-              type: string
-          type: object
-        status:
-          description: WidgetStatus defines the observed state of Widget
-          properties:
-            total:
-              type: integer
-          type: object
-      type: object
-    served: true
-    storage: true
-    subresources:
-      status: {}
+    - name: v1alpha1
+      schema:
+        description: Widget is the Schema for the widgets API
+        properties:
+          apiVersion:
+            description:
+              "APIVersion defines the versioned schema of this representation
+              of an object. Servers should convert recognized schemas to the latest
+              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources"
+            type: string
+          kind:
+            description:
+              "Kind is a string value representing the REST resource this
+              object represents. Servers may infer this from the endpoint the client
+              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds"
+            type: string
+          metadata:
+            type: object
+          spec:
+            description: WidgetSpec defines the desired state of Widget
+            properties:
+              foo:
+                type: string
+            type: object
+          status:
+            description: WidgetStatus defines the observed state of Widget
+            properties:
+              total:
+                type: integer
+            type: object
+        type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}
 
 ---
+

config/rbac/role.yaml

@@ -84,7 +84,7 @@ rules:
   - patch
   - update
 - apiGroups:
-  - apis.kcp.dev
+  - apis.kcp.io
   resources:
   - apiexports
   verbs:

controllers/configmap_controller.go

@@ -26,11 +26,11 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/types"
 
-	"github.com/kcp-dev/logicalcluster/v2"
-
+	"github.com/kcp-dev/logicalcluster/v3"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
+	"sigs.k8s.io/controller-runtime/pkg/kontext"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 )
 
@@ -53,7 +53,7 @@ type ConfigMapReconciler struct {
 func (r *ConfigMapReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	log := log.FromContext(ctx).WithValues("cluster", req.ClusterName)
 
-	ctx = logicalcluster.WithCluster(ctx, logicalcluster.New(req.ClusterName))
+	ctx = kontext.WithCluster(ctx, logicalcluster.Name(req.ClusterName))
 
 	// Test get
 	var configMap corev1.ConfigMap
@@ -135,7 +135,7 @@ func (r *ConfigMapReconciler) Reconcile(ctx context.Context, req ctrl.Request) (
 
 		secret.SetName(configMap.GetName())
 		secret.SetNamespace(configMap.GetNamespace())
-		secret.SetOwnerReferences([]metav1.OwnerReference{metav1.OwnerReference{
+		secret.SetOwnerReferences([]metav1.OwnerReference{{
 			Name:       configMap.GetName(),
 			UID:        configMap.GetUID(),
 			APIVersion: "v1",

controllers/widget_controller.go

@@ -19,11 +19,12 @@ package controllers
 import (
 	"context"
 
-	"github.com/kcp-dev/logicalcluster/v2"
+	"github.com/kcp-dev/logicalcluster/v3"
 	"k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/client"
+	"sigs.k8s.io/controller-runtime/pkg/kontext"
 	"sigs.k8s.io/controller-runtime/pkg/log"
 
 	datav1alpha1 "github.com/kcp-dev/controller-runtime-example/api/v1alpha1"
@@ -56,7 +57,7 @@ func (r *WidgetReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr
 	logger.Info("Listed all widgets across all workspaces", "count", len(allWidgets.Items))
 
 	// Add the logical cluster to the context
-	ctx = logicalcluster.WithCluster(ctx, logicalcluster.New(req.ClusterName))
+	ctx = kontext.WithCluster(ctx, logicalcluster.Name(req.ClusterName))
 
 	logger.Info("Getting widget")
 	var w datav1alpha1.Widget