Status: ✅ Complete (Changes available from release 4.3.0)
Objective: Update Kubebuilder's controller scaffolding to align with the latest changes in controller-runtime, focusing on compatibility and addressing recent updates and deprecations mainly related to webhooks.
Context: Kubebuilder's plugin system is designed for stability, yet it depends on controller-runtime, which is evolving rapidly with versions still under 1.0.0. Notable changes and deprecations, especially around webhooks, necessitate Kubebuilder's alignment with the latest practices and functionalities of controller-runtime. We need update the Kubebuilder scaffolding, samples, and documentation.
References:
- Issue - Deprecations in Controller-Runtime and Impact on Webhooks - An issue detailing the deprecations in controller-runtime that affect Kubebuilder's approach to webhooks.
- PR - Update to Align with Latest Controller-Runtime Webhook Interface - A pull request aimed at updating Kubebuilder to match controller-runtime's latest webhook interface.
- PR - Enhancements to Controller Scaffolding for Upcoming Controller-Runtime Changes - A pull request proposing enhancements to Kubebuilder's controller scaffolding in anticipation of upcoming changes in controller-runtime.
Status: ✅ Complete ( Initial version merged #4227 - further improvements and contributions are welcome)
Objective: We aim to introduce a new plugin for Kubebuilder that packages projects as Helm charts, facilitating easier distribution and integration of solutions within the Kubernetes ecosystem. For details on this proposal and how to contribute, see GitHub Pull Request #3632.
Motivation: The growth of the Kubernetes ecosystem underscores the need for flexible and accessible distribution methods. A Helm chart packaging plugin would simplify the distribution of the solutions and allow easy integrations with common applications used by administrators.
Status:
- Kubebuilder CLI: ✅ Complete. It has been built using Go releaser. More info
- kube-rbac-proxy Images: ✅ Complete. (More info)
- EnvTest binaries: ✅ Complete Controller-Runtime maintainers are working in a solution to build them out and take the ownership over this one. More info:
- https://kubernetes.slack.com/archives/C02MRBMN00Z/p1712457941924299
- https://kubernetes.slack.com/archives/CCK68P2Q2/p1713174342482079
- Also, see the PR: kubernetes-sigs/controller-runtime#2811
- It will be available from the next release v0.19.
- PR Check image: 🙌 Seeking Contributions to do the required changes - See that the images used to check the PR titles are also build and promoted by the Kubebuilder project in GCP but are from the project: https://github.com/kubernetes-sigs/kubebuilder-release-tools. The plan in this case is to use the e2e shared infrastructure. More info
Objective: Shift Kubernetes (k8s) project infrastructure from GCP to shared infrastructures.
Furthermore, move from the registry k8s.gcr.io to registry.k8s.io.
Motivation: The initiative to move away from GCP aligns with the broader k8s project's goal of utilizing shared infrastructures. This transition is crucial for ensuring the availability of the artifacts in the long run and aligning compliance with other projects under the kubernetes-sig org. Issue #2647 provides more details on the move.
Context: Currently, Google Cloud is used only for:
- Rebuild and provide the images for kube-rbac-proxy:
A particular challenge has been the necessity to rebuild images for the kube-rbac-proxy, which is in the process of being donated to kubernetes-sig. This transition was expected to eliminate the need for continuous re-tagging and rebuilding of its images to ensure their availability to users. The configuration for building these images is outlined here.
- Build and Promote EnvTest binaries:
The development of Kubebuilder Tools and EnvTest binaries, essential for controller tests, represents another area reliant on k8s binaries traditionally built within GCP environments. Our documentation on building these artifacts is available here.
We encourage the Kubebuilder community to participate in this discussion, offering feedback and contributing ideas to refine these proposals. Your involvement is crucial in shaping the future of secure and efficient project scaffolding in Kubebuilder.
Status: ✅ Complete
- Resolution: The usage of kube-rbac-proxy has been discontinued from the default scaffold. We plan to provide other helpers to protect the metrics endpoint. Furthermore, once the project is accepted under kubernetes-sig or kubernetes-auth, we may contribute to its maintainer in developing an external plugin for use with projects built with Kubebuilder.
Objective: Evaluate potential modifications or the exclusion of kube-rbac-proxy from the default Kubebuilder scaffold in response to deprecations and evolving user requirements.
Context: kube-rbac-proxy , a key component for securing Kubebuilder-generated projects, faces significant deprecations that impact automatic certificate generation. For more insights into these challenges, see Issue #3524.
This situation necessitates a reevaluation of its inclusion and potentially prompts users to adopt alternatives like cert-manager by default. Additionally, the requirement to manually rebuild kube-rbac-proxy images—due to its external status from Kubernetes-SIG—places a considerable maintenance burden on Kubebuilder maintainers.
Motivations:
- Address kube-rbac-proxy breaking changes/deprecations.
- For further information: Issue #3524 - kube-rbac-proxy warn about deprecation and future breaking changes
- Feedback from the community has highlighted a preference for cert-manager's default integration, aiming security with Prometheus and metrics.
- Desire for kube-rbac-proxy to be optional, citing its prescriptive nature.
- Reduce the maintainability effort to generate the images used by Kubebuilder projects and dependency within third-party solutions.
Status: ✅ Complete
- Resolution: As of release (v3.14.0), Kubebuilder includes enhanced support for project distribution. Users can now scaffold projects with a
build-installermakefile target. This improvement enables the straightforward deployment of solutions directly to Kubernetes clusters. Users can deploy their projects using commands like:
kubectl apply -f https://raw.githubusercontent.com/<org>/my-project/<tag or branch>/dist/install.yamlThis enhancement streamlines the process of getting Kubebuilder projects running on clusters, providing a seamless deployment experience.
(Major Release for Kubebuilder CLI 4.x) Removing Deprecated Plugins for Enhanced Maintainability and User Experience
Status: : ✅ Complete - Release was done
Objective: To remove all deprecated plugins from Kubebuilder to improve project maintainability and enhance user experience. This initiative also includes updating the project documentation to provide clear and concise information, eliminating any confusion for users. More Info: GitHub Discussion #3622
Motivation: By focusing on removing deprecated plugins—specifically, versions or kinds that can no longer be supported—we aim to streamline the development process and ensure a higher quality user experience. Clear and updated documentation will further assist in making development workflows more efficient and less prone to errors.