chore: migrate to kubebuilder v3 (aws#369)

Makefile

@@ -28,7 +28,7 @@ verify:
 	go generate ./...
 	go vet ./...
 	go fmt ./...
-	controller-gen crd:trivialVersions=true rbac:roleName=controller-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	controller-gen crd rbac:roleName=controller-role webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 	controller-gen object:headerFile="scripts/templates/boilerplate.go.txt" paths="./..."
 	@git diff --quiet ||\
 	{ echo "New file modification detected in the Git working tree. Please check in before commit."; git --no-pager diff --name-only | uniq | awk '{print "  - " $$0}'; \
@@ -50,7 +50,7 @@ toolchain: ## Install developer toolchain
 	./hack/toolchain.sh
 
 apply: image check-deployment-env check-env ## Deploy controller to ~/.kube/config
-	eksctl create iamserviceaccount vpc-resource-controller --namespace kube-system --cluster ${CLUSTER_NAME} \
+	eksctl create iamserviceaccount vpc-resource-controller --namespace kube-system --cluster ${CLUSTER_NAME} --region ${AWS_REGION} \
 		--role-name VPCResourceControllerRole \
 		--attach-policy-arn=arn:aws:iam::aws:policy/AdministratorAccess \
 		--override-existing-serviceaccounts \
@@ -63,7 +63,7 @@ apply: image check-deployment-env check-env ## Deploy controller to ~/.kube/conf
 
 delete: ## Delete controller from ~/.kube/config
 	kustomize build config/default | kubectl delete --ignore-not-found -f -
-	eksctl delete iamserviceaccount vpc-resource-controller --namespace kube-system --cluster ${CLUSTER_NAME}
+	eksctl delete iamserviceaccount vpc-resource-controller --namespace kube-system --cluster ${CLUSTER_NAME} --region ${AWS_REGION}
 	kubectl patch rolebinding eks-vpc-resource-controller-rolebinding -n kube-system --patch '{"subjects":[{"kind":"ServiceAccount","name":"eks-vpc-resource-controller","namespace":"kube-system"},{"apiGroup":"rbac.authorization.k8s.io","kind":"User","name":"eks:vpc-resource-controller"}]}'
 	kubectl create clusterrolebinding vpc-resource-controller-rolebinding --clusterrole vpc-resource-controller-role --serviceaccount kube-system:eks-vpc-resource-controller --user eks:vpc-resource-controller
 

PROJECT

@@ -1,8 +1,27 @@
+# Code generated by tool. DO NOT EDIT.
+# This file is used to track the info used to scaffold your project
+# and allow the plugins properly work.
+# More info: https://book.kubebuilder.io/reference/project-config.html
 domain: k8s.aws
+layout:
+- go.kubebuilder.io/v3
 multigroup: true
+projectName: amazon-vpc-resource-controller-k8s
 repo: github.com/aws/amazon-vpc-resource-controller-k8s
 resources:
-- group: vpcresources
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: k8s.aws
+  group: vpcresources
   kind: SecurityGroupPolicy
+  path: github.com/aws/amazon-vpc-resource-controller-k8s/apis/v1beta1
   version: v1beta1
-version: "2"
+- api:
+    crdVersion: v1
+  domain: k8s.aws
+  group: vpcresources
+  kind: CNINode
+  path: github.com/aws/amazon-vpc-resource-controller-k8s/apis/v1alpha1
+  version: v1alpha1
+version: "3"

apis/vpcresources/v1alpha1/cninode_types.go

@@ -39,8 +39,7 @@ type CNINodeSpec struct {
 
 // CNINodeStatus defines the managed VPC resources.
 type CNINodeStatus struct {
-	//TODO: add VPS resources which will be managed by this CRD and its finalizer
-
+	//TODO: add VPC resources which will be managed by this CRD and its finalizer
 }
 
 // +kubebuilder:object:root=true

config/controller/controller.yaml

@@ -31,8 +31,8 @@ spec:
       - args:
           - --cluster-name=CLUSTER_NAME
           - --role-arn=USER_ROLE_ARN
-          - --enable-leader-election
-          - --metrics-addr=:8443
+          - --leader-elect
+          - --metrics-bind-address=:8443
         image: controller:latest
         name: controller
         resources:

config/crd/bases/vpcresources.k8s.aws_cninodes.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.0
   creationTimestamp: null
   name: cninodes.vpcresources.k8s.aws
 spec:
@@ -65,9 +64,3 @@ spec:
     served: true
     storage: true
     subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

config/crd/bases/vpcresources.k8s.aws_securitygrouppolicies.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.6.2
+    controller-gen.kubebuilder.io/version: v0.9.0
   creationTimestamp: null
   name: securitygrouppolicies.vpcresources.k8s.aws
 spec:
@@ -156,9 +155,3 @@ spec:
     served: true
     storage: true
     subresources: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

config/default/controller_auth_proxy_patch.yaml

@@ -21,5 +21,5 @@ spec:
           name: https
       - name: controller
         args:
-        - "--metrics-addr=127.0.0.1:8080"
-        - "--enable-leader-election"
+        - "--metrics-bind-address=127.0.0.1:8080"
+        - "--leader-elect"

config/rbac/role.yaml

@@ -1,4 +1,3 @@
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
@@ -71,7 +70,6 @@ rules:
   - get
   - list
   - watch
-
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: Role

config/webhook/manifests.yaml

@@ -1,4 +1,3 @@
-
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: MutatingWebhookConfiguration
@@ -26,7 +25,6 @@ webhooks:
     resources:
     - pods
   sideEffects: None
-
 ---
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration

hack/toolchain.sh

@@ -10,8 +10,8 @@ main() {
 }
 
 tools() {
-    go install sigs.k8s.io/controller-runtime/tools/setup-envtest@v0.0.0-20220421205612-c162794a9b12
-    go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.6.2
+    go install sigs.k8s.io/controller-runtime/tools/setup-envtest@latest
+    go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.9.0
     go install github.com/google/ko@latest
 
     if ! echo "$PATH" | grep -q "${GOPATH:-undefined}/bin\|$HOME/go/bin"; then

main.go

@@ -108,15 +108,15 @@ func main() {
 	var enableWindowsPrefixDelegation bool
 	var region string
 
-	flag.StringVar(&metricsAddr, "metrics-addr", ":8080",
+	flag.StringVar(&metricsAddr, "metrics-bind-address", ":8080",
 		"The address the metric endpoint binds to.")
 	flag.StringVar(&roleARN, "role-arn", "",
 		"Role ARN that will be assumed to make EC2 API calls "+
 			"to perform operations on the user's VPC. This parameter is not required if running the "+
 			"controller on your worker node.")
 	flag.StringVar(&logLevel, "log-level", "info",
 		"Set the controller log level - info(default), debug")
-	flag.BoolVar(&enableLeaderElection, "enable-leader-election", false,
+	flag.BoolVar(&enableLeaderElection, "leader-elect", false,
 		"Enable leader election for controller manager. "+
 			"Enabling this will ensure there is only one active controller manager.")
 	flag.IntVar(&leaderLeaseDurationSeconds, "leader-lease-duration-seconds", 30,

test/integration/metrics/metrics_suite_test.go

@@ -95,7 +95,7 @@ func ensureControllerReadyTobeScraped() error {
 		// If the metrics endpoint is not created, we should create it for following tests.
 		newController := deployment.DeepCopy()
 		newController.Spec.Template.Spec.Containers[0].Args = append(
-			newController.Spec.Template.Spec.Containers[0].Args, "--metrics-addr=:8443")
+			newController.Spec.Template.Spec.Containers[0].Args, "--metrics-bind-address=:8443")
 		port := v1.ContainerPort{
 			Name:          "metrics",
 			ContainerPort: 8443,