Implement lifecycle CRD

api/openapi-spec/swagger.json

@@ -5703,6 +5703,10 @@
     },
     "kpack.build.v1alpha2.BuildStatus": {
       "type": "object",
+      "required": [
+        "lifecycleVersion",
+        "lifecycleCommit"
+      ],
       "properties": {
         "buildMetadata": {
           "type": "array",
@@ -5721,12 +5725,23 @@
           "x-kubernetes-patch-merge-key": "type",
           "x-kubernetes-patch-strategy": "merge"
         },
+        "latestAttestationImage": {
+          "type": "string"
+        },
         "latestCacheImage": {
           "type": "string"
         },
         "latestImage": {
           "type": "string"
         },
+        "lifecycleCommit": {
+          "type": "string",
+          "default": ""
+        },
+        "lifecycleVersion": {
+          "type": "string",
+          "default": ""
+        },
         "observedGeneration": {
           "description": "ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.",
           "type": "integer",
@@ -5886,6 +5901,10 @@
             "default": ""
           }
         },
+        "lifecycle": {
+          "default": {},
+          "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference"
+        },
         "order": {
           "type": "array",
           "items": {
@@ -5930,6 +5949,10 @@
         "latestImage": {
           "type": "string"
         },
+        "lifecycle": {
+          "default": {},
+          "$ref": "#/definitions/kpack.build.v1alpha2.ResolvedClusterLifecycle"
+        },
         "observedGeneration": {
           "description": "ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.",
           "type": "integer",
@@ -6129,6 +6152,10 @@
             "default": ""
           }
         },
+        "lifecycle": {
+          "default": {},
+          "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference"
+        },
         "order": {
           "type": "array",
           "items": {
@@ -6250,6 +6277,109 @@
         }
       }
     },
+    "kpack.build.v1alpha2.ClusterLifecycle": {
+      "type": "object",
+      "required": [
+        "spec",
+        "status"
+      ],
+      "properties": {
+        "apiVersion": {
+          "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
+          "type": "string"
+        },
+        "kind": {
+          "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
+          "type": "string"
+        },
+        "metadata": {
+          "default": {},
+          "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta"
+        },
+        "spec": {
+          "default": {},
+          "$ref": "#/definitions/kpack.build.v1alpha2.ClusterLifecycleSpec"
+        },
+        "status": {
+          "default": {},
+          "$ref": "#/definitions/kpack.build.v1alpha2.ClusterLifecycleStatus"
+        }
+      }
+    },
+    "kpack.build.v1alpha2.ClusterLifecycleList": {
+      "type": "object",
+      "required": [
+        "metadata",
+        "items"
+      ],
+      "properties": {
+        "apiVersion": {
+          "description": "APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
+          "type": "string"
+        },
+        "items": {
+          "type": "array",
+          "items": {
+            "default": {},
+            "$ref": "#/definitions/kpack.build.v1alpha2.ClusterLifecycle"
+          }
+        },
+        "kind": {
+          "description": "Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
+          "type": "string"
+        },
+        "metadata": {
+          "default": {},
+          "$ref": "#/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ListMeta"
+        }
+      }
+    },
+    "kpack.build.v1alpha2.ClusterLifecycleSpec": {
+      "type": "object",
+      "properties": {
+        "image": {
+          "type": "string"
+        },
+        "serviceAccountRef": {
+          "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference"
+        }
+      }
+    },
+    "kpack.build.v1alpha2.ClusterLifecycleStatus": {
+      "type": "object",
+      "properties": {
+        "api": {
+          "description": "Deprecated: Use `LifecycleAPIs` instead",
+          "default": {},
+          "$ref": "#/definitions/kpack.build.v1alpha2.LifecycleAPI"
+        },
+        "apis": {
+          "default": {},
+          "$ref": "#/definitions/kpack.build.v1alpha2.LifecycleAPIs"
+        },
+        "commit": {
+          "type": "string"
+        },
+        "conditions": {
+          "description": "Conditions the latest available observations of a resource's current state.",
+          "type": "array",
+          "items": {
+            "default": {},
+            "$ref": "#/definitions/kpack.core.v1alpha1.Condition"
+          },
+          "x-kubernetes-patch-merge-key": "type",
+          "x-kubernetes-patch-strategy": "merge"
+        },
+        "observedGeneration": {
+          "description": "ObservedGeneration is the 'Generation' of the Service that was last processed by the controller.",
+          "type": "integer",
+          "format": "int64"
+        },
+        "version": {
+          "type": "string"
+        }
+      }
+    },
     "kpack.build.v1alpha2.ClusterStack": {
       "type": "object",
       "required": [
@@ -6825,6 +6955,10 @@
             "default": ""
           }
         },
+        "lifecycle": {
+          "default": {},
+          "$ref": "#/definitions/io.k8s.api.core.v1.ObjectReference"
+        },
         "order": {
           "type": "array",
           "items": {
@@ -6864,6 +6998,26 @@
         }
       }
     },
+    "kpack.build.v1alpha2.ResolvedClusterLifecycle": {
+      "type": "object",
+      "properties": {
+        "api": {
+          "description": "Deprecated: Use `LifecycleAPIs` instead",
+          "default": {},
+          "$ref": "#/definitions/kpack.build.v1alpha2.LifecycleAPI"
+        },
+        "apis": {
+          "default": {},
+          "$ref": "#/definitions/kpack.build.v1alpha2.LifecycleAPIs"
+        },
+        "commit": {
+          "type": "string"
+        },
+        "version": {
+          "type": "string"
+        }
+      }
+    },
     "kpack.build.v1alpha2.ResolvedClusterStack": {
       "type": "object",
       "properties": {

cmd/controller/main.go

@@ -3,7 +3,6 @@ package main
 import (
 	"context"
 	"flag"
-	"fmt"
 	"log"
 	"net/http"
 	"os"
@@ -14,7 +13,6 @@ import (
 	ociremote "github.com/sigstore/cosign/v2/pkg/oci/remote"
 	"go.uber.org/zap"
 	"golang.org/x/sync/errgroup"
-	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/client-go/dynamic"
 	"k8s.io/client-go/informers"
 	"k8s.io/client-go/kubernetes"
@@ -30,7 +28,6 @@ import (
 	"knative.dev/pkg/metrics"
 	"knative.dev/pkg/profiling"
 	"knative.dev/pkg/signals"
-	"knative.dev/pkg/system"
 
 	"github.com/pivotal/kpack/cmd"
 	_ "github.com/pivotal/kpack/internal/logrus/fatal"
@@ -52,10 +49,10 @@ import (
 	"github.com/pivotal/kpack/pkg/reconciler/buildpack"
 	"github.com/pivotal/kpack/pkg/reconciler/clusterbuilder"
 	"github.com/pivotal/kpack/pkg/reconciler/clusterbuildpack"
+	"github.com/pivotal/kpack/pkg/reconciler/clusterlifecycle"
 	"github.com/pivotal/kpack/pkg/reconciler/clusterstack"
 	"github.com/pivotal/kpack/pkg/reconciler/clusterstore"
 	"github.com/pivotal/kpack/pkg/reconciler/image"
-	"github.com/pivotal/kpack/pkg/reconciler/lifecycle"
 	"github.com/pivotal/kpack/pkg/reconciler/sourceresolver"
 	"github.com/pivotal/kpack/pkg/registry"
 	"github.com/pivotal/kpack/pkg/secret"
@@ -133,6 +130,7 @@ func main() {
 	buildpackInformer := informerFactory.Kpack().V1alpha2().Buildpacks()
 	clusterBuilderInformer := informerFactory.Kpack().V1alpha2().ClusterBuilders()
 	clusterBuildpackInformer := informerFactory.Kpack().V1alpha2().ClusterBuildpacks()
+	clusterLifecycleInformer := informerFactory.Kpack().V1alpha2().ClusterLifecycles()
 	clusterStoreInformer := informerFactory.Kpack().V1alpha2().ClusterStores()
 	clusterStackInformer := informerFactory.Kpack().V1alpha2().ClusterStacks()
 
@@ -148,15 +146,6 @@ func main() {
 	if err != nil {
 		log.Fatalf("could not create k8s keychain factory: %s", err)
 	}
-	lifecycleConfigmapInformerFactory := informers.NewSharedInformerFactoryWithOptions(
-		k8sClient,
-		options.ResyncPeriod,
-		informers.WithNamespace(system.Namespace()),
-		informers.WithTweakListOptions(func(options *metav1.ListOptions) {
-			options.FieldSelector = fmt.Sprintf("metadata.namespace=%s,metadata.name=%s", system.Namespace(), config.LifecycleConfigName)
-		}),
-	)
-	lifecycleConfigmapInformer := lifecycleConfigmapInformerFactory.Core().V1().ConfigMaps()
 
 	metadataRetriever := &cnb.RemoteMetadataRetriever{
 		ImageFetcher: &registry.Client{},
@@ -195,14 +184,14 @@ func main() {
 		RegistryClient: &registry.Client{},
 	}
 
-	lifecycleProvider := config.NewLifecycleProvider(&registry.Client{}, keychainFactory)
+	remoteLifecycleReader := &cnb.RemoteLifecycleReader{
+		RegistryClient: &registry.Client{},
+	}
 
 	builderCreator := &cnb.RemoteBuilderCreator{
-		RegistryClient:    &registry.Client{},
-		KpackVersion:      cmd.Identifer,
-		LifecycleProvider: lifecycleProvider,
-		KeychainFactory:   keychainFactory,
-		ImageSigner:       cosign.NewImageSigner(sign.SignCmd, ociremote.SignatureTag),
+		RegistryClient: &registry.Client{},
+		KpackVersion:   cmd.Identifer,
+		ImageSigner:    cosign.NewImageSigner(sign.SignCmd, ociremote.SignatureTag),
 	}
 
 	podProgressLogger := &buildchange.ProgressLogger{
@@ -212,8 +201,7 @@ func main() {
 	slsaAttester := slsa.Attester{
 		Version: cmd.Version,
 
-		LifecycleProvider: lifecycleProvider,
-		ImageReader:       slsa.NewImageReader(&registry.Client{}),
+		ImageReader: slsa.NewImageReader(&registry.Client{}),
 
 		Images:   images,
 		Features: featureFlags,
@@ -229,29 +217,24 @@ func main() {
 	buildController := build.NewController(ctx, options, k8sClient, buildInformer, podInformer, metadataRetriever, buildpodGenerator, podProgressLogger, keychainFactory, &slsaAttester, secretFetcher, featureFlags)
 	imageController := image.NewController(ctx, options, k8sClient, imageInformer, buildInformer, duckBuilderInformer, sourceResolverInformer, pvcInformer, cfg.EnablePriorityClasses)
 	sourceResolverController := sourceresolver.NewController(ctx, options, sourceResolverInformer, gitResolver, blobResolver, registryResolver)
-	builderController, builderResync := builder.NewController(ctx, options, builderInformer, builderCreator, keychainFactory, clusterStoreInformer, buildpackInformer, clusterBuildpackInformer, clusterStackInformer, secretFetcher)
+	builderController := builder.NewController(ctx, options, builderInformer, builderCreator, keychainFactory, clusterStoreInformer, buildpackInformer, clusterBuildpackInformer, clusterStackInformer, clusterLifecycleInformer, secretFetcher)
 	buildpackController := buildpack.NewController(ctx, options, keychainFactory, buildpackInformer, remoteStoreReader)
-	clusterBuilderController, clusterBuilderResync := clusterbuilder.NewController(ctx, options, clusterBuilderInformer, builderCreator, keychainFactory, clusterStoreInformer, clusterBuildpackInformer, clusterStackInformer, secretFetcher)
+	clusterBuilderController := clusterbuilder.NewController(ctx, options, clusterBuilderInformer, builderCreator, keychainFactory, clusterStoreInformer, clusterBuildpackInformer, clusterStackInformer, clusterLifecycleInformer, secretFetcher)
 	clusterBuildpackController := clusterbuildpack.NewController(ctx, options, keychainFactory, clusterBuildpackInformer, remoteStoreReader)
 	clusterStoreController := clusterstore.NewController(ctx, options, keychainFactory, clusterStoreInformer, remoteStoreReader)
 	clusterStackController := clusterstack.NewController(ctx, options, keychainFactory, clusterStackInformer, remoteStackReader)
-	lifecycleController := lifecycle.NewController(ctx, options, k8sClient, config.LifecycleConfigName, lifecycleConfigmapInformer, lifecycleProvider)
-
-	lifecycleProvider.AddEventHandler(builderResync)
-	lifecycleProvider.AddEventHandler(clusterBuilderResync)
+	clusterLifecycleController := clusterlifecycle.NewController(ctx, options, keychainFactory, clusterLifecycleInformer, remoteLifecycleReader)
 
 	stopChan := make(chan struct{})
 	informerFactory.Start(stopChan)
 	k8sInformerFactory.Start(stopChan)
-	lifecycleConfigmapInformerFactory.Start(stopChan)
 
 	waitForSync(stopChan,
 		buildInformer.Informer(),
 		imageInformer.Informer(),
 		sourceResolverInformer.Informer(),
 		pvcInformer.Informer(),
 		podInformer.Informer(),
-		lifecycleConfigmapInformer.Informer(),
 		builderInformer.Informer(),
 		buildpackInformer.Informer(),
 		clusterBuilderInformer.Informer(),
@@ -263,14 +246,14 @@ func main() {
 	err = runGroup(
 		ctx,
 		run(clusterStackController, routinesPerController),
+		run(clusterLifecycleController, routinesPerController),
 		run(imageController, routinesPerController),
 		run(buildController, routinesPerController),
 		run(builderController, routinesPerController),
 		run(buildpackController, routinesPerController),
 		run(clusterBuilderController, routinesPerController),
 		run(clusterBuildpackController, routinesPerController),
 		run(clusterStoreController, routinesPerController),
-		run(lifecycleController, routinesPerController),
 		run(sourceResolverController, 2*routinesPerController),
 		func(ctx context.Context) error {
 			return configMapWatcher.Start(ctx.Done())

cmd/webhook/main.go

@@ -39,6 +39,7 @@ var types = map[schema.GroupVersionKind]resourcesemantics.GenericCRD{
 	v1alpha2.SchemeGroupVersion.WithKind(v1alpha2.ClusterBuildpackKind): &v1alpha2.ClusterBuildpack{},
 	v1alpha2.SchemeGroupVersion.WithKind(v1alpha2.ClusterStoreKind):     &v1alpha2.ClusterStore{},
 	v1alpha2.SchemeGroupVersion.WithKind(v1alpha2.ClusterStackKind):     &v1alpha2.ClusterStack{},
+	v1alpha2.SchemeGroupVersion.WithKind(v1alpha2.ClusterLifecycleKind): &v1alpha2.ClusterLifecycle{},
 }
 
 func init() {