Fix webhook certificate deployment, fix webhook setupManager and make…

… cluster deployment the default for "make deploy"

Makefile

@@ -212,11 +212,11 @@ uninstall: manifests ## Uninstall CRDs from the K8s cluster specified in ~/.kube
 deploy: manifests kustomize ## Deploy controller to the K8s cluster specified in ~/.kube/config.
 	cd config/manager && $(KUSTOMIZE) edit set image controller=${IMG}
 	LOG_IMG=${LOG_IMG} yq eval -i '.images.system-logger = env(LOG_IMG)' config/manager/image_config.yaml
-	kubectl apply --force-conflicts --server-side -k config/deployments/default
+	kubectl apply --force-conflicts --server-side -k config/deployments/cluster
 
 .PHONY: undeploy
 undeploy: ## Undeploy controller from the K8s cluster specified in ~/.kube/config.
-	kubectl delete --ignore-not-found=$(ignore-not-found) -k config/deployments/default
+	kubectl delete --ignore-not-found=$(ignore-not-found) -k config/deployments/cluster
 
 .PHONY: deploy-test
 deploy-test: kustomize

apis/cassandra/v1beta1/cassandradatacenter_webhook.go

@@ -42,6 +42,8 @@ var log = logf.Log.WithName("api")
 
 func (dc *CassandraDatacenter) SetupWebhookWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewWebhookManagedBy(mgr).
+		WithValidator(dc).
+		WithDefaulter(dc).
 		For(dc).
 		Complete()
 }

apis/config/v1beta1/operatorconfig_types.go

@@ -18,7 +18,6 @@ package v1beta1
 
 import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
-	// cfg "sigs.k8s.io/controller-runtime/pkg/config/v1alpha1" //nolint:staticcheck
 )
 
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
@@ -30,9 +29,6 @@ import (
 type OperatorConfig struct {
 	metav1.TypeMeta `json:",inline"`
 
-	// ControllerManagerConfigurationSpec returns the configurations for controllers
-	// cfg.ControllerManagerConfigurationSpec `json:",inline"`
-
 	// SkipValidatingWebhook replaces the old SKIP_VALIDATING_WEBHOOK env variable. If set to true, the webhooks are not initialized
 	DisableWebhooks bool `json:"disableWebhooks,omitempty"`
 

cmd/main.go

@@ -19,6 +19,7 @@ package main
 import (
 	"crypto/tls"
 	"flag"
+	"fmt"
 	"os"
 	"strings"
 
@@ -28,6 +29,7 @@ import (
 	_ "k8s.io/client-go/plugin/pkg/client/auth"
 
 	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/serializer"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
 	ctrl "sigs.k8s.io/controller-runtime"
@@ -125,7 +127,7 @@ func main() {
 		metricsServerOptions.FilterProvider = filters.WithAuthenticationAndAuthorization
 	}
 
-	operConfig := configv1beta1.OperatorConfig{}
+	operConfig := &configv1beta1.OperatorConfig{}
 	options := ctrl.Options{
 		Scheme:                 scheme,
 		Metrics:                metricsServerOptions,
@@ -134,17 +136,15 @@ func main() {
 		LeaderElection:         enableLeaderElection,
 		LeaderElectionID:       "b569adb7.cassandra.datastax.com",
 	}
-	/*
-		if configFile != "" {
-			//nolint:staticcheck
-			options, err = options.AndFrom(ctrl.ConfigFile().AtPath(configFile).OfKind(&operConfig))
-			if err != nil {
-				setupLog.Error(err, "unable to load the config file")
-				os.Exit(1)
-			}
+	if configFile != "" {
+		var err error
+		operConfig, err = readOperConfig(configFile)
+		if err != nil {
+			setupLog.Error(err, "unable to load the config file")
+			os.Exit(1)
 		}
-	*/
-	// TODO operConfig is not parsed right now
+	}
+
 	if operConfig.ImageConfigFile == "" {
 		operConfig.ImageConfigFile = "/configs/image_config.yaml"
 	}
@@ -217,3 +217,23 @@ func main() {
 		os.Exit(1)
 	}
 }
+
+func readOperConfig(configFile string) (*configv1beta1.OperatorConfig, error) {
+	operConfig := &configv1beta1.OperatorConfig{}
+	_, err := os.Stat(configFile)
+	if err != nil {
+		return nil, err
+	}
+
+	content, err := os.ReadFile(configFile)
+	if err != nil {
+		return nil, err
+	}
+
+	codecs := serializer.NewCodecFactory(scheme)
+	if err := runtime.DecodeInto(codecs.UniversalDecoder(), content, operConfig); err != nil {
+		return nil, fmt.Errorf("could not decode file into runtime.Object: %v", err)
+	}
+
+	return operConfig, nil
+}

config/components/webhook/kustomization.yaml

@@ -15,132 +15,3 @@ configurations:
 - kustomizeconfig.yaml
 patches:
 - path: patches/manager_webhook_patch.yaml
-
-replacements:
-- source: # Uncomment the following block if you have any webhook
-    kind: Service
-    version: v1
-    name: webhook-service
-    fieldPath: .metadata.name # Name of the service
-  targets:
-    - select:
-        kind: Certificate
-        group: cert-manager.io
-        version: v1
-      fieldPaths:
-        - .spec.dnsNames.0
-        - .spec.dnsNames.1
-      options:
-        delimiter: '.'
-        index: 0
-        create: true
-- source:
-    kind: Service
-    version: v1
-    name: webhook-service
-    fieldPath: .metadata.namespace # Namespace of the service
-  targets:
-    - select:
-        kind: Certificate
-        group: cert-manager.io
-        version: v1
-      fieldPaths:
-        - .spec.dnsNames.0
-        - .spec.dnsNames.1
-      options:
-        delimiter: '.'
-        index: 1
-        create: true
-
-- source: # Uncomment the following block if you have a ValidatingWebhook (--programmatic-validation)
-    kind: Certificate
-    group: cert-manager.io
-    version: v1
-    name: serving-cert # This name should match the one in certificate.yaml
-    fieldPath: .metadata.namespace # Namespace of the certificate CR
-  targets:
-    - select:
-        kind: ValidatingWebhookConfiguration
-      fieldPaths:
-        - .metadata.annotations.[cert-manager.io/inject-ca-from]
-      options:
-        delimiter: '/'
-        index: 0
-        create: true
-- source:
-    kind: Certificate
-    group: cert-manager.io
-    version: v1
-    name: serving-cert # This name should match the one in certificate.yaml
-    fieldPath: .metadata.name
-  targets:
-    - select:
-        kind: ValidatingWebhookConfiguration
-      fieldPaths:
-        - .metadata.annotations.[cert-manager.io/inject-ca-from]
-      options:
-        delimiter: '/'
-        index: 1
-        create: true
-
-- source: # Uncomment the following block if you have a DefaultingWebhook (--defaulting )
-    kind: Certificate
-    group: cert-manager.io
-    version: v1
-    name: serving-cert # This name should match the one in certificate.yaml
-    fieldPath: .metadata.namespace # Namespace of the certificate CR
-  targets:
-    - select:
-        kind: MutatingWebhookConfiguration
-      fieldPaths:
-        - .metadata.annotations.[cert-manager.io/inject-ca-from]
-      options:
-        delimiter: '/'
-        index: 0
-        create: true
-- source:
-    kind: Certificate
-    group: cert-manager.io
-    version: v1
-    name: serving-cert # This name should match the one in certificate.yaml
-    fieldPath: .metadata.name
-  targets:
-    - select:
-        kind: MutatingWebhookConfiguration
-      fieldPaths:
-        - .metadata.annotations.[cert-manager.io/inject-ca-from]
-      options:
-        delimiter: '/'
-        index: 1
-        create: true
-#
-# - source: # Uncomment the following block if you have a ConversionWebhook (--conversion)
-#     kind: Certificate
-#     group: cert-manager.io
-#     version: v1
-#     name: serving-cert # This name should match the one in certificate.yaml
-#     fieldPath: .metadata.namespace # Namespace of the certificate CR
-#   targets:
-#     - select:
-#         kind: CustomResourceDefinition
-#       fieldPaths:
-#         - .metadata.annotations.[cert-manager.io/inject-ca-from]
-#       options:
-#         delimiter: '/'
-#         index: 0
-#         create: true
-# - source:
-#     kind: Certificate
-#     group: cert-manager.io
-#     version: v1
-#     name: serving-cert # This name should match the one in certificate.yaml
-#     fieldPath: .metadata.name
-#   targets:
-#     - select:
-#         kind: CustomResourceDefinition
-#       fieldPaths:
-#         - .metadata.annotations.[cert-manager.io/inject-ca-from]
-#       options:
-#         delimiter: '/'
-#         index: 1
-#         create: true

config/crd/kustomizeconfig.yaml

@@ -1,19 +1,19 @@
-# # This file is for teaching kustomize how to substitute name and namespace reference in CRD
-# nameReference:
-# - kind: Service
-#   version: v1
-#   fieldSpecs:
-#   - kind: CustomResourceDefinition
-#     version: v1
-#     group: apiextensions.k8s.io
-#     path: spec/conversion/webhook/clientConfig/service/name
+# This file is for teaching kustomize how to substitute name and namespace reference in CRD
+nameReference:
+- kind: Service
+  version: v1
+  fieldSpecs:
+  - kind: CustomResourceDefinition
+    version: v1
+    group: apiextensions.k8s.io
+    path: spec/conversion/webhook/clientConfig/service/name
 
-# namespace:
-# - kind: CustomResourceDefinition
-#   version: v1
-#   group: apiextensions.k8s.io
-#   path: spec/conversion/webhook/clientConfig/service/namespace
-#   create: false
+namespace:
+- kind: CustomResourceDefinition
+  version: v1
+  group: apiextensions.k8s.io
+  path: spec/conversion/webhook/clientConfig/service/namespace
+  create: false
 
 varReference:
 - path: metadata/annotations