webhooks: move to admissionregistration.k8s.io/v1

Makefile

@@ -62,10 +62,10 @@ checks: lint go-mod-tidy
 
 generate:
 	$(CONTROLLER_GEN) object:headerFile="build/boilerplate/boilerplate.go.txt" paths="./pkg/apis/..."
-	$(CONTROLLER_GEN) crd:trivialVersions=true \
+	$(CONTROLLER_GEN) crd:crdVersions=v1beta1,trivialVersions=true \
 		paths="./pkg/apis/..." \
 		output:crd:artifacts:config=deployments/operator/crd/bases
-	$(CONTROLLER_GEN) crd:trivialVersions=true \
+	$(CONTROLLER_GEN) crd:crdVersions=v1beta1,trivialVersions=true \
 		paths="./pkg/apis/fpga.intel.com/..." \
 		output:crd:artifacts:config=deployments/fpga_admissionwebhook/crd/bases
 	$(CONTROLLER_GEN) webhook \

deployments/fpga_admissionwebhook/base/webhookcainjection_patch.yaml

@@ -1,6 +1,6 @@
 # This patch adds an annotation to admission webhook config and
 # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
-apiVersion: admissionregistration.k8s.io/v1beta1
+apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   name: mutating-webhook-configuration

deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_acceleratorfunctions.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.3.0
+    controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
   name: acceleratorfunctions.fpga.intel.com
 spec:

deployments/fpga_admissionwebhook/crd/bases/fpga.intel.com_fpgaregions.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.3.0
+    controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
   name: fpgaregions.fpga.intel.com
 spec:

deployments/fpga_admissionwebhook/webhook/manifests.yaml

@@ -1,12 +1,14 @@
 
 ---
-apiVersion: admissionregistration.k8s.io/v1beta1
+apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   creationTimestamp: null
   name: mutating-webhook-configuration
 webhooks:
-- clientConfig:
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
     caBundle: Cg==
     service:
       name: webhook-service
@@ -24,3 +26,4 @@ webhooks:
     - UPDATE
     resources:
     - pods
+  sideEffects: None

deployments/operator/crd/bases/deviceplugin.intel.com_fpgadeviceplugins.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.3.0
+    controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
   name: fpgadeviceplugins.deviceplugin.intel.com
 spec:

deployments/operator/crd/bases/deviceplugin.intel.com_gpudeviceplugins.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.3.0
+    controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
   name: gpudeviceplugins.deviceplugin.intel.com
 spec:

deployments/operator/crd/bases/deviceplugin.intel.com_qatdeviceplugins.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.3.0
+    controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
   name: qatdeviceplugins.deviceplugin.intel.com
 spec:

deployments/operator/crd/bases/deviceplugin.intel.com_sgxdeviceplugins.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.3.0
+    controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
   name: sgxdeviceplugins.deviceplugin.intel.com
 spec:

deployments/operator/crd/bases/fpga.intel.com_acceleratorfunctions.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.3.0
+    controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
   name: acceleratorfunctions.fpga.intel.com
 spec:

deployments/operator/crd/bases/fpga.intel.com_fpgaregions.yaml

@@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.3.0
+    controller-gen.kubebuilder.io/version: v0.4.0
   creationTimestamp: null
   name: fpgaregions.fpga.intel.com
 spec:

deployments/operator/crd/kustomization.yaml

@@ -13,16 +13,16 @@ resources:
 patchesStrategicMerge:
 # [WEBHOOK] To enable webhook, uncomment all the sections with [WEBHOOK] prefix.
 # patches here are for enabling the conversion webhook for each CRD
-- patches/webhook_in_gpudeviceplugins.yaml
-- patches/webhook_in_qatdeviceplugins.yaml
-- patches/webhook_in_fpgadeviceplugins.yaml
+#- patches/webhook_in_gpudeviceplugins.yaml
+#- patches/webhook_in_qatdeviceplugins.yaml
+#- patches/webhook_in_fpgadeviceplugins.yaml
 # +kubebuilder:scaffold:crdkustomizewebhookpatch
 
 # [CERTMANAGER] To enable webhook, uncomment all the sections with [CERTMANAGER] prefix.
 # patches here are for enabling the CA injection for each CRD
-- patches/cainjection_in_gpudeviceplugins.yaml
-- patches/cainjection_in_qatdeviceplugins.yaml
-- patches/cainjection_in_fpgadeviceplugins.yaml
+#- patches/cainjection_in_gpudeviceplugins.yaml
+#- patches/cainjection_in_qatdeviceplugins.yaml
+#- patches/cainjection_in_fpgadeviceplugins.yaml
 # +kubebuilder:scaffold:crdkustomizecainjectionpatch
 
 # TODO(rojkov): enable Prometheus

deployments/operator/default/webhookcainjection_patch.yaml

@@ -1,13 +1,13 @@
 # This patch add annotation to admission webhook config and
 # the variables $(CERTIFICATE_NAMESPACE) and $(CERTIFICATE_NAME) will be substituted by kustomize.
-apiVersion: admissionregistration.k8s.io/v1beta1
+apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   name: mutating-webhook-configuration
   annotations:
     cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
 ---
-apiVersion: admissionregistration.k8s.io/v1beta1
+apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: validating-webhook-configuration

deployments/operator/webhook/manifests.yaml

@@ -1,12 +1,14 @@
 
 ---
-apiVersion: admissionregistration.k8s.io/v1beta1
+apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
 metadata:
   creationTimestamp: null
   name: mutating-webhook-configuration
 webhooks:
-- clientConfig:
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
     caBundle: Cg==
     service:
       name: webhook-service
@@ -24,7 +26,10 @@ webhooks:
     - UPDATE
     resources:
     - fpgadeviceplugins
-- clientConfig:
+  sideEffects: None
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
     caBundle: Cg==
     service:
       name: webhook-service
@@ -42,7 +47,10 @@ webhooks:
     - UPDATE
     resources:
     - gpudeviceplugins
-- clientConfig:
+  sideEffects: None
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
     caBundle: Cg==
     service:
       name: webhook-service
@@ -60,7 +68,10 @@ webhooks:
     - UPDATE
     resources:
     - qatdeviceplugins
-- clientConfig:
+  sideEffects: None
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
     caBundle: Cg==
     service:
       name: webhook-service
@@ -79,7 +90,9 @@ webhooks:
     resources:
     - sgxdeviceplugins
   sideEffects: None
-- clientConfig:
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
     caBundle: Cg==
     service:
       name: webhook-service
@@ -97,7 +110,10 @@ webhooks:
     - UPDATE
     resources:
     - pods
-- clientConfig:
+  sideEffects: None
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
     caBundle: Cg==
     service:
       name: webhook-service
@@ -115,16 +131,18 @@ webhooks:
     - UPDATE
     resources:
     - pods
-  sideEffects: NoneOnDryRun
+  sideEffects: None
 
 ---
-apiVersion: admissionregistration.k8s.io/v1beta1
+apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   creationTimestamp: null
   name: validating-webhook-configuration
 webhooks:
-- clientConfig:
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
     caBundle: Cg==
     service:
       name: webhook-service
@@ -142,7 +160,10 @@ webhooks:
     - UPDATE
     resources:
     - fpgadeviceplugins
-- clientConfig:
+  sideEffects: None
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
     caBundle: Cg==
     service:
       name: webhook-service
@@ -160,7 +181,10 @@ webhooks:
     - UPDATE
     resources:
     - gpudeviceplugins
-- clientConfig:
+  sideEffects: None
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
     caBundle: Cg==
     service:
       name: webhook-service
@@ -178,7 +202,10 @@ webhooks:
     - UPDATE
     resources:
     - qatdeviceplugins
-- clientConfig:
+  sideEffects: None
+- admissionReviewVersions:
+  - v1beta1
+  clientConfig:
     caBundle: Cg==
     service:
       name: webhook-service
@@ -196,4 +223,4 @@ webhooks:
     - UPDATE
     resources:
     - sgxdeviceplugins
-  sideEffects: NoneOnDryRun
+  sideEffects: None

pkg/apis/deviceplugin/v1/fpgadeviceplugin_webhook.go

@@ -45,7 +45,7 @@ func (r *FpgaDevicePlugin) SetupWebhookWithManager(mgr ctrl.Manager) error {
 		Complete()
 }
 
-// +kubebuilder:webhook:path=/mutate-deviceplugin-intel-com-v1-fpgadeviceplugin,mutating=true,failurePolicy=fail,groups=deviceplugin.intel.com,resources=fpgadeviceplugins,verbs=create;update,versions=v1,name=mfpgadeviceplugin.kb.io
+// +kubebuilder:webhook:path=/mutate-deviceplugin-intel-com-v1-fpgadeviceplugin,mutating=true,failurePolicy=fail,groups=deviceplugin.intel.com,resources=fpgadeviceplugins,verbs=create;update,versions=v1,name=mfpgadeviceplugin.kb.io,sideEffects=None
 
 var _ webhook.Defaulter = &FpgaDevicePlugin{}
 
@@ -62,7 +62,7 @@ func (r *FpgaDevicePlugin) Default() {
 	}
 }
 
-// +kubebuilder:webhook:verbs=create;update,path=/validate-deviceplugin-intel-com-v1-fpgadeviceplugin,mutating=false,failurePolicy=fail,groups=deviceplugin.intel.com,resources=fpgadeviceplugins,versions=v1,name=vfpgadeviceplugin.kb.io
+// +kubebuilder:webhook:verbs=create;update,path=/validate-deviceplugin-intel-com-v1-fpgadeviceplugin,mutating=false,failurePolicy=fail,groups=deviceplugin.intel.com,resources=fpgadeviceplugins,versions=v1,name=vfpgadeviceplugin.kb.io,sideEffects=None
 
 var _ webhook.Validator = &FpgaDevicePlugin{}
 

pkg/apis/deviceplugin/v1/gpudeviceplugin_webhook.go

@@ -45,7 +45,7 @@ func (r *GpuDevicePlugin) SetupWebhookWithManager(mgr ctrl.Manager) error {
 		Complete()
 }
 
-// +kubebuilder:webhook:path=/mutate-deviceplugin-intel-com-v1-gpudeviceplugin,mutating=true,failurePolicy=fail,groups=deviceplugin.intel.com,resources=gpudeviceplugins,verbs=create;update,versions=v1,name=mgpudeviceplugin.kb.io
+// +kubebuilder:webhook:path=/mutate-deviceplugin-intel-com-v1-gpudeviceplugin,mutating=true,failurePolicy=fail,groups=deviceplugin.intel.com,resources=gpudeviceplugins,verbs=create;update,versions=v1,name=mgpudeviceplugin.kb.io,sideEffects=None
 
 var _ webhook.Defaulter = &GpuDevicePlugin{}
 
@@ -58,7 +58,7 @@ func (r *GpuDevicePlugin) Default() {
 	}
 }
 
-// +kubebuilder:webhook:verbs=create;update,path=/validate-deviceplugin-intel-com-v1-gpudeviceplugin,mutating=false,failurePolicy=fail,groups=deviceplugin.intel.com,resources=gpudeviceplugins,versions=v1,name=vgpudeviceplugin.kb.io
+// +kubebuilder:webhook:verbs=create;update,path=/validate-deviceplugin-intel-com-v1-gpudeviceplugin,mutating=false,failurePolicy=fail,groups=deviceplugin.intel.com,resources=gpudeviceplugins,versions=v1,name=vgpudeviceplugin.kb.io,sideEffects=None
 
 var _ webhook.Validator = &GpuDevicePlugin{}
 

pkg/apis/deviceplugin/v1/qatdeviceplugin_webhook.go

@@ -45,7 +45,7 @@ func (r *QatDevicePlugin) SetupWebhookWithManager(mgr ctrl.Manager) error {
 		Complete()
 }
 
-// +kubebuilder:webhook:path=/mutate-deviceplugin-intel-com-v1-qatdeviceplugin,mutating=true,failurePolicy=fail,groups=deviceplugin.intel.com,resources=qatdeviceplugins,verbs=create;update,versions=v1,name=mqatdeviceplugin.kb.io
+// +kubebuilder:webhook:path=/mutate-deviceplugin-intel-com-v1-qatdeviceplugin,mutating=true,failurePolicy=fail,groups=deviceplugin.intel.com,resources=qatdeviceplugins,verbs=create;update,versions=v1,name=mqatdeviceplugin.kb.io,sideEffects=None
 
 var _ webhook.Defaulter = &QatDevicePlugin{}
 
@@ -58,7 +58,7 @@ func (r *QatDevicePlugin) Default() {
 	}
 }
 
-// +kubebuilder:webhook:verbs=create;update,path=/validate-deviceplugin-intel-com-v1-qatdeviceplugin,mutating=false,failurePolicy=fail,groups=deviceplugin.intel.com,resources=qatdeviceplugins,versions=v1,name=vqatdeviceplugin.kb.io
+// +kubebuilder:webhook:verbs=create;update,path=/validate-deviceplugin-intel-com-v1-qatdeviceplugin,mutating=false,failurePolicy=fail,groups=deviceplugin.intel.com,resources=qatdeviceplugins,versions=v1,name=vqatdeviceplugin.kb.io,sideEffects=None
 
 var _ webhook.Validator = &QatDevicePlugin{}
 

pkg/apis/deviceplugin/v1/sgxdeviceplugin_webhook.go

@@ -60,7 +60,7 @@ func (r *SgxDevicePlugin) Default() {
 	}
 }
 
-// +kubebuilder:webhook:verbs=create;update,path=/validate-deviceplugin-intel-com-v1-sgxdeviceplugin,mutating=false,failurePolicy=fail,groups=deviceplugin.intel.com,resources=sgxdeviceplugins,versions=v1,name=vsgxdeviceplugin.kb.io,sideEffects=NoneOnDryRun
+// +kubebuilder:webhook:verbs=create;update,path=/validate-deviceplugin-intel-com-v1-sgxdeviceplugin,mutating=false,failurePolicy=fail,groups=deviceplugin.intel.com,resources=sgxdeviceplugins,versions=v1,name=vsgxdeviceplugin.kb.io,sideEffects=None
 
 var _ webhook.Validator = &SgxDevicePlugin{}
 

pkg/fpgacontroller/patcher/patchermanager.go

@@ -71,7 +71,7 @@ func (pm *PatcherManager) GetPodMutator() func(ctx context.Context, req webhook.
 	return pm.mutate
 }
 
-// +kubebuilder:webhook:verbs=create;update,path=/pods,mutating=true,failurePolicy=Ignore,groups="",resources=pods,versions=v1,name=fpga.mutator.webhooks.intel.com
+// +kubebuilder:webhook:verbs=create;update,path=/pods,mutating=true,failurePolicy=Ignore,groups="",resources=pods,versions=v1,name=fpga.mutator.webhooks.intel.com,sideEffects=None
 
 func (pm *PatcherManager) mutate(ctx context.Context, req webhook.AdmissionRequest) webhook.AdmissionResponse {
 	podResource := metav1.GroupVersionResource{Group: "", Version: "v1", Resource: "pods"}