More missing webhooks

Author: dprince

.ci-operator.yaml

@@ -1,4 +1,4 @@
 build_root_image:
   name: tools
   namespace: openstack-k8s-operators
-  tag: ci-build-root-golang-1.24-sdk-1.31
+  tag: ci-build-root-golang-1.24-sdk-1.41.1

Makefile

@@ -270,6 +270,12 @@ docker-buildx:  ## Build and push docker image for the manager for cross-platfor
 	- docker buildx rm project-v3-builder
 	rm Dockerfile.cross
 
+.PHONY: build-installer
+build-installer: manifests generate kustomize ## Generate a consolidated YAML with CRDs and deployment.
+	mkdir -p dist
+	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
+	$(KUSTOMIZE) build config/default > dist/install.yaml
+
 ##@ Deployment
 
 ifndef ignore-not-found

bindata/operator/operator.yaml

@@ -184,13 +184,68 @@ metadata:
 spec:
   selfSigned: {}
 ---
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  labels:
+    app.kubernetes.io/managed-by: kustomize
+    app.kubernetes.io/name: openstack-operator
+    control-plane: controller-manager
+  name: openstack-operator-controller-manager-metrics-monitor
+  namespace: '{{ .OperatorNamespace }}'
+spec:
+  endpoints:
+  - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token
+    path: /metrics
+    port: https
+    scheme: https
+    tlsConfig:
+      ca:
+        secret:
+          key: ca.crt
+          name: metrics-server-cert
+      cert:
+        secret:
+          key: tls.crt
+          name: metrics-server-cert
+      insecureSkipVerify: false
+      keySecret:
+        key: tls.key
+        name: metrics-server-cert
+      serverName: openstack-operator-controller-manager-metrics-service.{{ .OperatorNamespace
+        }}.svc
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: openstack-operator
+      control-plane: controller-manager
+---
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   annotations:
     cert-manager.io/inject-ca-from: '{{ .OperatorNamespace }}/openstack-operator-serving-cert'
   name: openstack-operator-mutating-webhook-configuration
 webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: openstack-operator-webhook-service
+      namespace: '{{ .OperatorNamespace }}'
+      path: /mutate-client-openstack-org-v1beta1-openstackclient
+  failurePolicy: Fail
+  name: mopenstackclient-v1beta1.kb.io
+  rules:
+  - apiGroups:
+    - client.openstack.org
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackclients
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   clientConfig:
@@ -231,6 +286,26 @@ webhooks:
     resources:
     - openstackversions
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: openstack-operator-webhook-service
+      namespace: '{{ .OperatorNamespace }}'
+      path: /mutate-dataplane-openstack-org-v1beta1-openstackdataplanedeployment
+  failurePolicy: Fail
+  name: mopenstackdataplanedeployment-v1beta1.kb.io
+  rules:
+  - apiGroups:
+    - dataplane.openstack.org
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackdataplanedeployments
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   clientConfig:
@@ -251,6 +326,26 @@ webhooks:
     resources:
     - openstackdataplanenodesets
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: openstack-operator-webhook-service
+      namespace: '{{ .OperatorNamespace }}'
+      path: /mutate-dataplane-openstack-org-v1beta1-openstackdataplaneservice
+  failurePolicy: Fail
+  name: mopenstackdataplaneservice-v1beta1.kb.io
+  rules:
+  - apiGroups:
+    - dataplane.openstack.org
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackdataplaneservices
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   clientConfig:
@@ -319,6 +414,26 @@ metadata:
     cert-manager.io/inject-ca-from: '{{ .OperatorNamespace }}/openstack-operator-serving-cert'
   name: openstack-operator-validating-webhook-configuration
 webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: openstack-operator-webhook-service
+      namespace: '{{ .OperatorNamespace }}'
+      path: /validate-client-openstack-org-v1beta1-openstackclient
+  failurePolicy: Fail
+  name: vopenstackclient-v1beta1.kb.io
+  rules:
+  - apiGroups:
+    - client.openstack.org
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackclients
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   clientConfig:
@@ -359,6 +474,26 @@ webhooks:
     resources:
     - openstackversions
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: openstack-operator-webhook-service
+      namespace: '{{ .OperatorNamespace }}'
+      path: /validate-dataplane-openstack-org-v1beta1-openstackdataplanedeployment
+  failurePolicy: Fail
+  name: vopenstackdataplanedeployment-v1beta1.kb.io
+  rules:
+  - apiGroups:
+    - dataplane.openstack.org
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackdataplanedeployments
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   clientConfig:
@@ -379,6 +514,26 @@ webhooks:
     resources:
     - openstackdataplanenodesets
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: openstack-operator-webhook-service
+      namespace: '{{ .OperatorNamespace }}'
+      path: /validate-dataplane-openstack-org-v1beta1-openstackdataplaneservice
+  failurePolicy: Fail
+  name: vopenstackdataplaneservice-v1beta1.kb.io
+  rules:
+  - apiGroups:
+    - dataplane.openstack.org
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - openstackdataplaneservices
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   clientConfig:

cmd/main.go

@@ -41,6 +41,7 @@ import (
 	clientcontroller "github.com/openstack-k8s-operators/openstack-operator/internal/controller/client"
 	corecontroller "github.com/openstack-k8s-operators/openstack-operator/internal/controller/core"
 	dataplanecontroller "github.com/openstack-k8s-operators/openstack-operator/internal/controller/dataplane"
+	webhookclientv1beta1 "github.com/openstack-k8s-operators/openstack-operator/internal/webhook/client/v1beta1"
 	webhookcorev1beta1 "github.com/openstack-k8s-operators/openstack-operator/internal/webhook/core/v1beta1"
 	webhookdataplanev1beta1 "github.com/openstack-k8s-operators/openstack-operator/internal/webhook/dataplane/v1beta1"
 
@@ -382,10 +383,25 @@ func main() {
 			os.Exit(1)
 		}
 		// nolint:goconst
+		if err := webhookclientv1beta1.SetupOpenStackClientWebhookWithManager(mgr); err != nil {
+			setupLog.Error(err, "unable to create webhook", "webhook", "OpenStackClient")
+			os.Exit(1)
+		}
+		// nolint:goconst
 		if err := webhookdataplanev1beta1.SetupOpenStackDataPlaneNodeSetWebhookWithManager(mgr); err != nil {
 			setupLog.Error(err, "unable to create webhook", "webhook", "OpenStackDataPlaneNodeSet")
 			os.Exit(1)
 		}
+		// nolint:goconst
+		if err := webhookdataplanev1beta1.SetupOpenStackDataPlaneDeploymentWebhookWithManager(mgr); err != nil {
+			setupLog.Error(err, "unable to create webhook", "webhook", "OpenStackDataPlaneDeployment")
+			os.Exit(1)
+		}
+		// nolint:goconst
+		if err := webhookdataplanev1beta1.SetupOpenStackDataPlaneServiceWebhookWithManager(mgr); err != nil {
+			setupLog.Error(err, "unable to create webhook", "webhook", "OpenStackDataPlaneService")
+			os.Exit(1)
+		}
 	}
 	// +kubebuilder:scaffold:builder
 

config/default/kustomization.yaml

@@ -24,7 +24,7 @@ resources:
 # [CERTMANAGER] To enable cert-manager, uncomment all sections with 'CERTMANAGER'. 'WEBHOOK' components are required.
 - ../certmanager
 # [PROMETHEUS] To enable prometheus monitor, uncomment all sections with 'PROMETHEUS'.
-#- ../prometheus
+- ../prometheus
 # [METRICS] Expose the controller manager metrics service.
 - metrics_service.yaml
 # [NETWORK POLICY] Protect the /metrics endpoint and Webhook Server with NetworkPolicy.

config/prometheus/kustomization.yaml

@@ -5,7 +5,7 @@ resources:
 # to securely reference certificates created and managed by cert-manager.
 # Additionally, ensure that you uncomment the [METRICS WITH CERTMANAGER] patch under config/default/kustomization.yaml
 # to mount the "metrics-server-cert" secret in the Manager Deployment.
-#patches:
-#  - path: monitor_tls_patch.yaml
-#    target:
-#      kind: ServiceMonitor
+patches:
+  - path: monitor_tls_patch.yaml
+    target:
+      kind: ServiceMonitor