🐛 admission/webhooks: set kcp.io/cluster annotation on create

pkg/admission/mutatingwebhook/plugin.go

@@ -28,6 +28,7 @@ import (
 	kcpkubernetesclientset "github.com/kcp-dev/client-go/kubernetes"
 	"github.com/kcp-dev/logicalcluster/v3"
 
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apiserver/pkg/admission"
@@ -37,6 +38,7 @@ import (
 	genericapirequest "k8s.io/apiserver/pkg/endpoints/request"
 
 	kcpinitializers "github.com/kcp-dev/kcp/pkg/admission/initializers"
+	"github.com/kcp-dev/kcp/pkg/admission/validatingwebhook"
 	apisv1alpha1 "github.com/kcp-dev/kcp/sdk/apis/apis/v1alpha1"
 	kcpinformers "github.com/kcp-dev/kcp/sdk/client/informers/externalversions"
 )
@@ -122,6 +124,17 @@ func (p *Plugin) Admit(ctx context.Context, attr admission.Attributes, o admissi
 		return fmt.Errorf("error validating MutatingWebhook initialization: %w", err)
 	}
 
+	// Add cluster annotation on create
+	if attr.GetOperation() == admission.Create {
+		u, ok := attr.GetObject().(metav1.Object)
+		if !ok {
+			return fmt.Errorf("unexpected type %T", attr.GetObject())
+		}
+		if undo := validatingwebhook.SetClusterAnnotation(u, clusterName); undo != nil {
+			defer undo()
+		}
+	}
+
 	return plugin.Admit(ctx, attr, o)
 }
 

pkg/admission/validatingwebhook/plugin.go

@@ -28,6 +28,7 @@ import (
 	kcpkubernetesclientset "github.com/kcp-dev/client-go/kubernetes"
 	"github.com/kcp-dev/logicalcluster/v3"
 
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apiserver/pkg/admission"
@@ -122,6 +123,17 @@ func (p *Plugin) Validate(ctx context.Context, attr admission.Attributes, o admi
 		return fmt.Errorf("error validating ValidatingAdmissionWebhook initialization: %w", err)
 	}
 
+	// Add cluster annotation on create
+	if attr.GetOperation() == admission.Create {
+		u, ok := attr.GetObject().(metav1.Object)
+		if !ok {
+			return fmt.Errorf("unexpected type %T", attr.GetObject())
+		}
+		if undo := SetClusterAnnotation(u, clusterName); undo != nil {
+			defer undo()
+		}
+	}
+
 	return plugin.Validate(ctx, attr, o)
 }
 
@@ -188,3 +200,31 @@ func (p *Plugin) SetKcpInformers(local, global kcpinformers.SharedInformerFactor
 		return local.Apis().V1alpha1().APIBindings().Lister().Cluster(clusterName).List(labels.Everything())
 	}
 }
+
+// SetClusterAnnotation sets the cluster annotation on the given object to the given clusterName,
+// returning an undo function that can be used to revert the change.
+func SetClusterAnnotation(obj metav1.Object, clusterName logicalcluster.Name) (undoFn func()) {
+	anns := obj.GetAnnotations()
+	if anns == nil {
+		obj.SetAnnotations(map[string]string{logicalcluster.AnnotationKey: clusterName.String()})
+		return func() { obj.SetAnnotations(nil) }
+	}
+
+	old, ok := anns[logicalcluster.AnnotationKey]
+	if old == clusterName.String() {
+		return nil
+	}
+
+	anns[logicalcluster.AnnotationKey] = clusterName.String()
+	obj.SetAnnotations(anns)
+	if ok {
+		return func() {
+			anns[logicalcluster.AnnotationKey] = old
+			obj.SetAnnotations(anns)
+		}
+	}
+	return func() {
+		delete(anns, logicalcluster.AnnotationKey)
+		obj.SetAnnotations(anns)
+	}
+}