kedacore · JorTurFer · Jan 9, 2023 · Dec 30, 2022 · Dec 30, 2022 · Dec 31, 2022
@@ -91,9 +91,12 @@ RUN apt-get update \
 # Enable go modules
 ENV GO111MODULE=on
 
-ENV OPERATOR_RELEASE_VERSION=v1.0.1
-RUN curl -LO https://github.com/operator-framework/operator-sdk/releases/download/${OPERATOR_RELEASE_VERSION}/operator-sdk-${OPERATOR_RELEASE_VERSION}-x86_64-linux-gnu \
-    && chmod +x operator-sdk-${OPERATOR_RELEASE_VERSION}-x86_64-linux-gnu \
+ENV OPERATOR_RELEASE_VERSION=v1.26.0
+RUN ARCH=$(case $(uname -m) in x86_64) echo -n amd64 ;; aarch64) echo -n arm64 ;; *) echo -n $(uname -m) ;; esac) \
+    && OS=$(uname | awk '{print tolower($0)}') \
+    && OPERATOR_SDK_DL_URL=https://github.com/operator-framework/operator-sdk/releases/download/${OPERATOR_RELEASE_VERSION} \
+    && curl -LO ${OPERATOR_SDK_DL_URL}/operator-sdk_${OS}_${ARCH} \
+    && chmod +x operator-sdk_${OS}_${ARCH} \
     && mkdir -p /usr/local/bin/ \
-    && cp operator-sdk-${OPERATOR_RELEASE_VERSION}-x86_64-linux-gnu /usr/local/bin/operator-sdk \
-    && rm operator-sdk-${OPERATOR_RELEASE_VERSION}-x86_64-linux-gnu
+    && cp operator-sdk_${OS}_${ARCH} /usr/local/bin/operator-sdk \
+    && rm operator-sdk_${OS}_${ARCH}
@@ -102,3 +102,15 @@ jobs:
           asset_path: keda-${{ steps.get_version.outputs.VERSION }}.yaml
           asset_name: keda-${{ steps.get_version.outputs.VERSION }}.yaml
           asset_content_type: application/x-yaml
+
+      # Upload core deployment YAML file to GitHub release
+      - name: Upload Deployment YAML file
+        id: upload-deployment-yaml
+        uses: actions/upload-release-asset@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          upload_url: https://uploads.github.com/repos/kedacore/keda/releases/${{ steps.get-release-info.outputs.id }}/assets?name=keda-${{ steps.get_version.outputs.VERSION }}-core.yaml
+          asset_path: keda-${{ steps.get_version.outputs.VERSION }}-core.yaml
+          asset_name: keda-${{ steps.get_version.outputs.VERSION }}-core.yaml
+          asset_content_type: application/x-yaml
@@ -10,5 +10,5 @@ jobs:
     uses: kedacore/keda/.github/workflows/template-smoke-tests.yml@main
     with:
       runs-on: ARM64
-      kubernetesVersion: v1.25
-      kindImage: kindest/node:v1.25.0@sha256:428aaa17ec82ccde0131cb2d1ca6547d13cf5fdabcc0bbecf749baa935387cbf
+      kubernetesVersion: v1.26
+      kindImage: kindest/node:v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352
@@ -9,8 +9,10 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        kubernetesVersion: [v1.25, v1.24, v1.23]
+        kubernetesVersion: [v1.26, v1.25, v1.24, v1.23]
         include:
+        - kubernetesVersion: v1.26
+          kindImage: kindest/node:v1.26.0@sha256:691e24bd2417609db7e589e1a479b902d2e209892a10ce375fab60a8407c7352
         - kubernetesVersion: v1.25
           kindImage: kindest/node:v1.25.0@sha256:428aaa17ec82ccde0131cb2d1ca6547d13cf5fdabcc0bbecf749baa935387cbf
         - kubernetesVersion: v1.24

@@ -39,8 +39,9 @@ apiserver.local.config/
 
 cover.out
 
-# GO debug binary
+# GO debug binaries
 cmd/manager/debug.test
+__debug_bin
 
 # GO Test result
 report.xml
@@ -4,17 +4,22 @@
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 **Table of Contents**  *generated with [DocToc](https://github.com/thlorenz/doctoc)*
 
-- [Build & Deploy KEDA](#build--deploy-keda)
-  - [Building](#building)
-    - [Quick start with Visual Studio Code Remote - Containers](#quick-start-with-visual-studio-code-remote---containers)
-    - [Locally directly](#locally-directly)
-  - [Deploying](#deploying)
-    - [Custom KEDA locally outside cluster](#custom-keda-locally-outside-cluster)
-    - [Custom KEDA as an image](#custom-keda-as-an-image)
-  - [Miscellaneous](#miscellaneous)
-    - [Setting log levels](#setting-log-levels)
-    - [KEDA Operator logging](#keda-operator-logging)
-    - [Metrics Server logging](#metrics-server-logging)
+- [Building](#building)
+  - [Quick start with Visual Studio Code Remote - Containers](#quick-start-with-visual-studio-code-remote---containers)
+  - [Locally directly](#locally-directly)
+- [Deploying](#deploying)
+  - [Custom KEDA locally outside cluster](#custom-keda-locally-outside-cluster)
+  - [Custom KEDA as an image](#custom-keda-as-an-image)
+- [Debugging with VS Code](#debugging-with-vs-code)
+  - [Operator](#operator)
+  - [Metrics server](#metrics-server)
+  - [Admission Webhooks](#admission-webhooks)
+- [Miscellaneous](#miscellaneous)
+  - [How to use devcontainers and a local Kubernetes cluster](#how-to-use-devcontainers-and-a-local-kubernetes-cluster)
+  - [Setting log levels](#setting-log-levels)
+  - [KEDA Operator and Admission webhooks logging](#keda-operator-and-admission-webhooks-logging)
+  - [Metrics Server logging](#metrics-server-logging)
+  - [CPU/Memory Profiling](#cpumemory-profiling)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 
@@ -137,7 +142,7 @@ Follow these instructions if you want to debug the KEDA operator using VS Code.
             "type": "go",
             "request": "launch",
             "mode": "debug",
-            "program": "${workspaceFolder}/main.go",
+            "program": "${workspaceFolder}/cmd/operator/main.go",
             "env": {
                 "WATCH_NAMESPACE": "",
                 "KEDA_CLUSTER_OBJECT_NAMESPACE": "keda"
@@ -173,7 +178,7 @@ Follow these instructions if you want to debug the KEDA metrics server using VS
             "type": "go",
             "request": "launch",
             "mode": "auto",
-            "program": "${workspaceFolder}/adapter/main.go",
+            "program": "${workspaceFolder}/cmd/adapter/main.go",
             "env": {
                 "WATCH_NAMESPACE": "",
                 "KEDA_CLUSTER_OBJECT_NAMESPACE": "keda"
@@ -223,6 +228,64 @@ You can query list metrics executing `curl --insecure https://localhost:6443/api
 
 If you prefer to use an authenticated user, you can use a user or service account with access over external metrics API adding their token as authorization header in `curl`, ie: `curl -H "Authorization:Bearer TOKEN" --insecure https://localhost:6443/apis/external.metrics.k8s.io/v1beta1/`
 
+### Admission Webhooks
+
+Follow these instructions if you want to debug the KEDA webhook using VS Code.
+
+1. Create a `launch.json` file inside the `.vscode/` folder in the repo with the following configuration:
+   ```json
+   {
+    "configurations": [
+         {
+            "name": "Launch webhooks",
+            "type": "go",
+            "request": "launch",
+            "mode": "auto",
+            "program": "${workspaceFolder}/cmd/webhooks/main.go",
+            "env": {
+                "WATCH_NAMESPACE": "",
+                "KEDA_CLUSTER_OBJECT_NAMESPACE": "keda"
+            },
+            "args": [
+                "--zap-log-level=debug",
+                "--zap-encoder=console",
+                "--zap-time-encoding=rfc3339"
+            ]
+         },
+    ]
+   }
+   ```
+   Refer to [this](https://code.visualstudio.com/docs/editor/debugging) for more information about debugging with VS Code.
+2. Expose your local instance to internet. If you can't expose it directly, you can use something like [localtunnel](https://theboroer.github.io/localtunnel-www/) using the command `lt --port 9443 --local-https --allow-invalid-cert` after installing the tool.
+
+3. Update the `admissing_webhooks.yaml` in `config/webhooks`, replacing the section (but not commiting this change)
+   ```yaml
+   webhooks:
+   - admissionReviewVersions:
+     - v1
+     clientConfig:
+       service:
+         name: keda-admission-webhooks
+         namespace: keda
+         path: /validate-keda-sh-v1alpha1-scaledobject
+   ```
+   with the section:
+   ```yaml
+   webhooks:
+   - admissionReviewVersions:
+     - v1
+     clientConfig:
+       url: "https://${YOUR_URL}/validate-keda-sh-v1alpha1-scaledobject"
+   ```
+   **Note:** You could need to define also the key `caBundle` with the CA bundle encoded in base64 if the cluster can get it during the manifest apply (this happens with localtunnel for instance)
+
+4. Deploy CRDs and KEDA into `keda` namespace
+   ```bash
+   make deploy
+   ```
+5. Set breakpoints in the code as required.
+6. Select `Run > Start Debugging` or press `F5` to start debugging.
+
 ## Miscellaneous
 
 ### How to use devcontainers and a local Kubernetes cluster
@@ -236,24 +299,21 @@ To solve this and be able to work with devcontainers and a local cluster, you sh
 You can change default log levels for both KEDA Operator and Metrics Server. KEDA Operator uses
  [Operator SDK logging](https://sdk.operatorframework.io/docs/building-operators/golang/references/logging/) mechanism.
 
-### KEDA Operator logging
+### KEDA Operator and Admission webhooks logging
 
-To change the logging level, find `--zap-log-level=` argument in Operator Deployment section in `config/manager/manager.yaml` file,
- modify its value and redeploy.
+To change the logging level, find `--zap-log-level=` argument in Operator Deployment section in `config/manager/manager.yaml` file or in Webhooks Deployment section in `config/webhooks/webhooks.yaml` file, modify its value and redeploy.
 
 Allowed values are `debug`, `info`, `error`, or an integer value greater than `0`, specified as string
 
 Default value: `info`
 
-To change the logging format, find `--zap-encoder=` argument in Operator Deployment section in `config/manager/manager.yaml` file,
- modify its value and redeploy.
+To change the logging format, find `--zap-encoder=` argument in Operator Deployment section in `config/manager/manager.yaml` file or in Webhooks Deployment section in `config/webhooks/webhooks.yaml` file, modify its value and redeploy.
 
 Allowed values are `json` and `console`
 
 Default value: `console`
 
-To change the logging time encoding, find `--zap-time-encoding=` argument in Operator Deployment section in `config/manager/manager.yaml` file,
- modify its value and redeploy.
+To change the logging time encoding, find `--zap-time-encoding=` argument in Operator Deployment section in `config/manager/manager.yaml` file or in Webhooks Deployment section in `config/webhooks/webhooks.yaml` file, modify its value and redeploy.
 
 Allowed values are `epoch`, `millis`, `nano`, `iso8601`, `rfc3339` or `rfc3339nano`
 

@@ -49,6 +49,7 @@ To learn more about active deprecations, we recommend checking [GitHub Discussio
 Here is an overview of all **stable** additions:
 
 - **General**: Introduce new ArangoDB Scaler ([#4000](https://github.com/kedacore/keda/issues/4000))
+- **General**: Introduce admission webhooks to automatically validate resource changes to prevent misconfiguration and enforce best practices. ([#3755](https://github.com/kedacore/keda/issues/3755))
 
 Here is an overview of all new **experimental** features:
 

@@ -13,6 +13,7 @@ There are many areas we can use contributions - ranging from code, documentation
 - [Making Breaking Changes](#making-breaking-changes)
 - [Contributing Scalers](#contributing-scalers)
   - [Testing](#testing)
+- [Contributing webhooks](#contributing-webhooks)
 - [Changelog](#changelog)
 - [Including Documentation Changes](#including-documentation-changes)
 - [Creating and building a local environment](#creating-and-building-a-local-environment)
@@ -51,6 +52,10 @@ It is mandatory to provide end-to-end (e2e) tests for new scaler. For more infor
 check the [test documentation](./tests/README.md). Those tests are run nightly on our
 [CI system](https://github.com/kedacore/keda/actions?query=workflow%3A%22nightly+e2e+test%22).
 
+## Contributing webhooks
+
+Another easy way to contribute is improving the validations to avoid misconfigurations. New rules can be added in the proper type's webhooks file (`apis/keda/v1alpha1/*_webhook.go`).
+
 ## Changelog
 
 Every change should be added to our changelog under `Unreleased` which is located in `CHANGELOG.md`. This helps us keep track of all changes in a given release.

@@ -12,8 +12,7 @@ COPY Makefile Makefile
 # Copy the go source
 COPY hack/ hack/
 COPY version/ version/
-COPY main.go main.go
-COPY adapter/ adapter/
+COPY cmd/ cmd/
 COPY apis/ apis/
 COPY controllers/ controllers/
 COPY pkg/ pkg/

@@ -12,8 +12,7 @@ COPY Makefile Makefile
 # Copy the go source
 COPY hack/ hack/
 COPY version/ version/
-COPY main.go main.go
-COPY adapter/ adapter/
+COPY cmd/ cmd/
 COPY apis/ apis/
 COPY controllers/ controllers/
 COPY pkg/ pkg/

@@ -0,0 +1,37 @@
+# Build the manager binary
+FROM --platform=$BUILDPLATFORM ghcr.io/kedacore/build-tools:1.18.8 AS builder
+
+ARG BUILD_VERSION=main
+ARG GIT_COMMIT=HEAD
+ARG GIT_VERSION=main
+
+WORKDIR /workspace
+
+COPY Makefile Makefile
+
+# Copy the go source
+COPY hack/ hack/
+COPY version/ version/
+COPY cmd/ cmd/
+COPY apis/ apis/
+COPY controllers/ controllers/
+COPY pkg/ pkg/
+COPY vendor/ vendor/
+COPY go.mod go.mod
+COPY go.sum go.sum
+
+# Build
+# https://www.docker.com/blog/faster-multi-platform-builds-dockerfile-cross-compilation-guide/
+ARG TARGETOS
+ARG TARGETARCH
+RUN VERSION=${BUILD_VERSION} GIT_COMMIT=${GIT_COMMIT} GIT_VERSION=${GIT_VERSION} TARGET_OS=$TARGETOS ARCH=$TARGETARCH make webhooks
+
+# Use distroless as minimal base image to package the manager binary
+# Refer to https://github.com/GoogleContainerTools/distroless for more details
+FROM gcr.io/distroless/static:nonroot
+WORKDIR /
+COPY --from=builder /workspace/bin/keda-admission-webhooks .
+# 65532 is numeric for nonroot
+USER 65532:65532
+
+ENTRYPOINT ["/keda-admission-webhooks", "--zap-log-level=info", "--zap-encoder=console"]