update to go v1.26.0, changing recommended codeparts for new version

Niklas Burchhardt · Niklas Burchhardt · commit bd915d29b1a1 · 2026-03-04T15:05:27.000+01:00
leave out k8s dependencies, because they break it
diff --git a/deploy/stackit/README.md b/deploy/stackit/README.md
@@ -1,32 +1,37 @@
 # stackit-cert-manager-webhook
 
-![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square)
+![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![AppVersion: v0.4.1](https://img.shields.io/badge/AppVersion-v0.4.1-informational?style=flat-square)
 
-A Helm chart for Kubernetes
+A Helm chart for stackitcloud/stackit-cert-manager-webhook
 
 ## Values
 
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
+| additionalVolumeMounts | list | `[]` |  |
+| additionalVolumes | list | `[]` |  |
 | affinity | object | `{}` |  |
 | certManager | object | `{"namespace":"cert-manager","serviceAccountName":"cert-manager"}` | Meta information of the cert-manager itself. |
 | certManager.namespace | string | `"cert-manager"` | namespace where the webhook should be installed. Cert-Manager and the webhook should be in the same namespace. |
 | certManager.serviceAccountName | string | `"cert-manager"` | service account name for the cert-manager. |
+| extraEnv | list | `[]` | delete the next line and add your variables as in the commented example below. |
 | fullnameOverride | string | `""` | Fullname override of the webhook. |
 | groupName | string | `"acme.stackit.de"` | The GroupName here is used to identify your company or business unit that created this webhook. Therefore, it should be acme.stackit.de. |
-| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/stackitcloud/stackit-cert-manager-webhook","tag":"latest"}` | Image information for the webhook. |
+| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/stackitcloud/stackit-cert-manager-webhook","tag":""}` | Image information for the webhook. |
 | image.pullPolicy | string | `"IfNotPresent"` | pull policy of the image. |
 | image.repository | string | `"ghcr.io/stackitcloud/stackit-cert-manager-webhook"` | repository of the image. |
-| image.tag | string | `"latest"` | tag of the image. |
+| imagePullSecrets | list | `[]` |  |
 | nameOverride | string | `""` | Webhook configuration. |
 | nodeSelector | object | `{}` | Node selector for the webhook. |
 | podSecurityContext.runAsGroup | int | `1000` |  |
 | podSecurityContext.runAsNonRoot | bool | `true` |  |
 | podSecurityContext.runAsUser | int | `1000` |  |
+| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | replicaCount | int | `1` | Replicas for the webhook. Since it is a stateless application server that sends requests you can increase the number as you want. Most of the time however, 1 replica is enough. |
 | resources | object | `{}` | Kubernetes resources for the webhook. Usually limits.cpu=100m, limits.memory=128Mi, requests.cpu=100m, requests.memory=128Mi is enough for the webhook. |
 | securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
 | service | object | `{"port":443,"type":"ClusterIP"}` | Configuration for the webhook service. |
 | service.port | int | `443` | port of the service. |
 | service.type | string | `"ClusterIP"` | type of the service. |
diff --git a/go.mod b/go.mod
@@ -1,8 +1,6 @@
 module github.com/stackitcloud/stackit-cert-manager-webhook
 
-go 1.25.0
-
-toolchain go1.26.0
+go 1.26.0
 
 // Do not remove this comment:
 // please place any replace statements here at the top for visibility and add a
diff --git a/internal/repository/dns_client.go b/internal/repository/dns_client.go
@@ -12,21 +12,17 @@ func newStackitDnsClient(
 }
 
 func newStackitDnsClientBearerToken(config Config) (*stackitdnsclient.APIClient, error) {
-	httpClient := *config.HttpClient
-
 	return newStackitDnsClient(
 		stackitconfig.WithToken(config.AuthToken),
-		stackitconfig.WithHTTPClient(&httpClient),
+		stackitconfig.WithHTTPClient(new(*config.HttpClient)),
 		stackitconfig.WithEndpoint(config.ApiBasePath),
 	)
 }
 
 func newStackitDnsClientKeyPath(config Config) (*stackitdnsclient.APIClient, error) {
-	httpClient := *config.HttpClient
-
 	return newStackitDnsClient(
 		stackitconfig.WithServiceAccountKeyPath(config.SaKeyPath),
-		stackitconfig.WithHTTPClient(&httpClient),
+		stackitconfig.WithHTTPClient(new(*config.HttpClient)),
 		stackitconfig.WithEndpoint(config.ApiBasePath),
 		stackitconfig.WithTokenEndpoint(config.ServiceAccountBaseUrl),
 	)
diff --git a/internal/repository/rrset_repository.go b/internal/repository/rrset_repository.go
@@ -135,8 +135,7 @@ func (r *rrSetRepository) UpdateRRSet(
 func (r *rrSetRepository) DeleteRRSet(ctx context.Context, rrSetId string) error {
 	_, err := r.apiClient.DeleteRecordSet(ctx, r.projectId, r.zoneId, rrSetId).Execute()
 	if err != nil {
-		var oapiError *oapierror.GenericOpenAPIError
-		if errors.As(err, &oapiError) {
+		if oapiError, ok := errors.AsType[*oapierror.GenericOpenAPIError](err); ok {
 			if oapiError.StatusCode == 404 || oapiError.StatusCode == 400 {
 				return ErrRRSetNotFound
 			}
diff --git a/internal/repository/rrset_repositry_test.go b/internal/repository/rrset_repositry_test.go
@@ -72,45 +72,33 @@ func TestRrSetRepository_UpdateRRSet(t *testing.T) {
 
 	t.Run("UpdateRRSet success", func(t *testing.T) {
 		t.Parallel()
-		comment := "comment1"
-		id := "0000"
-		name := "test.com."
-		ttl := int64(60)
-		content := "content1"
-
 		rrSetRepository, err := rrSetRepositoryFactory.NewRRSetRepository(config, "2222")
 		require.NoError(t, err)
 		err = rrSetRepository.UpdateRRSet(
 			ctx,
 			stackitdnsclient.RecordSet{
-				Comment: &comment,
-				Id:      &id,
-				Name:    &name,
-				Ttl:     &ttl,
-				Records: &[]stackitdnsclient.Record{{Content: &content}},
+				Comment: new("comment1"),
+				Id:      new("0000"),
+				Name:    new("test.com."),
+				Ttl:     new(int64(60)),
+				Records: &[]stackitdnsclient.Record{{Content: new("content1")}},
 			},
 		)
 		require.NoError(t, err)
 	})
 
 	t.Run("UpdateRRSet failure", func(t *testing.T) {
 		t.Parallel()
-		comment := "comment2"
-		id := "2222"
-		name := "test.com."
-		ttl := int64(60)
-		content := "content2"
-
 		rrSetRepository, err := rrSetRepositoryFactory.NewRRSetRepository(config, "3333")
 		require.NoError(t, err)
 		err = rrSetRepository.UpdateRRSet(
 			ctx,
 			stackitdnsclient.RecordSet{
-				Comment: &comment,
-				Id:      &id,
-				Name:    &name,
-				Ttl:     &ttl,
-				Records: &[]stackitdnsclient.Record{{Content: &content}},
+				Comment: new("comment2"),
+				Id:      new("2222"),
+				Name:    new("test.com."),
+				Ttl:     new(int64(60)),
+				Records: &[]stackitdnsclient.Record{{Content: new("content2")}},
 			},
 		)
 		require.Error(t, err)
diff --git a/internal/resolver/resolver.go b/internal/resolver/resolver.go
@@ -185,19 +185,16 @@ func (s *stackitDnsProviderResolver) initializeResolverContext(
 func (s *stackitDnsProviderResolver) createRRSet(
 	initResolverRes *initResolverContextResult, key string,
 ) error {
-	comment := "This record set is managed by stackit-cert-manager-webhook"
-	rrSetType := typeTxtRecord
-
 	rrSet := stackitdnsclient.RecordSet{
-		Comment: &comment,
+		Comment: new("This record set is managed by stackit-cert-manager-webhook"),
 		Name:    &initResolverRes.rrSetName,
 		Records: &[]stackitdnsclient.Record{
 			{
 				Content: &key,
 			},
 		},
 		Ttl:  &initResolverRes.acmeTxtDefaultTTL,
-		Type: stackitdnsclient.RecordSetGetTypeAttributeType(&rrSetType),
+		Type: stackitdnsclient.RecordSetGetTypeAttributeType(new(typeTxtRecord)),
 	}
 
 	s.logger.Info("Creating RRSet", zap.String("rrSet", fmt.Sprintf("%+v", rrSet)))

Original file line number	Diff line number	Diff line change
`@@ -12,21 +12,17 @@ func newStackitDnsClient(`
`12`	`12`	`}`
`13`	`13`
`14`	`14`	`func newStackitDnsClientBearerToken(config Config) (*stackitdnsclient.APIClient, error) {`
`15`		`- httpClient := *config.HttpClient`
`16`		`-`
`17`	`15`	`return newStackitDnsClient(`
`18`	`16`	`stackitconfig.WithToken(config.AuthToken),`
`19`		`- stackitconfig.WithHTTPClient(&httpClient),`
	`17`	`+ stackitconfig.WithHTTPClient(new(*config.HttpClient)),`
`20`	`18`	`stackitconfig.WithEndpoint(config.ApiBasePath),`
`21`	`19`	`)`
`22`	`20`	`}`
`23`	`21`
`24`	`22`	`func newStackitDnsClientKeyPath(config Config) (*stackitdnsclient.APIClient, error) {`
`25`		`- httpClient := *config.HttpClient`
`26`		`-`
`27`	`23`	`return newStackitDnsClient(`
`28`	`24`	`stackitconfig.WithServiceAccountKeyPath(config.SaKeyPath),`
`29`		`- stackitconfig.WithHTTPClient(&httpClient),`
	`25`	`+ stackitconfig.WithHTTPClient(new(*config.HttpClient)),`
`30`	`26`	`stackitconfig.WithEndpoint(config.ApiBasePath),`
`31`	`27`	`stackitconfig.WithTokenEndpoint(config.ServiceAccountBaseUrl),`
`32`	`28`	`)`