radius-project · ytimocin · Jan 9, 2024
@@ -13,4 +13,4 @@ spec:
       protocol: TCP
       targetPort: 9443
   selector:
-      app.kubernetes.io/name: controller
+    app.kubernetes.io/name: controller
@@ -1,5 +1,5 @@
 {{- $existingSecret := lookup "v1" "Secret" .Release.Namespace "controller-cert"}}
-{{- $existingWebhook := lookup "admissionregistration.k8s.io/v1" "ValidatingWebhookConfiguration" .Release.Namespace "recipe-webhook.radapp.io"}}
+{{- $existingWebhook := lookup "admissionregistration.k8s.io/v1" "ValidatingWebhookConfiguration" .Release.Namespace "validating-webhook-configuration"}}
 {{- $ca := genCA "controller-ca" 3650 }}
 {{- $cn := printf "controller" }}
 {{- $altName1 := printf "controller.%s" .Release.Namespace }}
@@ -27,19 +27,19 @@ data:
 apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
-  name: recipe-webhook.radapp.io
+  name: validating-webhook-configuration
 webhooks:
 - admissionReviewVersions:
   - v1
   clientConfig:
     caBundle: {{ b64enc $ca.Cert }}
     service:
-      name: controller
+      name: controller-webhook-service
       namespace: {{ .Release.Namespace }}
       path: /validate-radapp-io-v1alpha3-recipe
   failurePolicy: Fail
   matchPolicy: Equivalent
-  name: recipe-webhook.radapp.io
+  name: vrecipe.radapp.io
   rules:
   - apiGroups:
     - radapp.io

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: controller-webhook-service
+  labels:
+    app.kubernetes.io/name: service
+    app.kubernetes.io/instance: controller-webhook-service
+    app.kubernetes.io/component: webhook
+    app.kubernetes.io/created-by: controller
+    app.kubernetes.io/part-of: radius
+  namespace: system
+spec:
+  ports:
+    - port: 443
+      protocol: TCP
+      targetPort: 9443
+  selector:
+    app.kubernetes.io/name: controller
@@ -116,7 +116,7 @@ func initializeWebhookInEnvironment(env *envtest.Environment) {
 				},
 				Webhooks: []admissionv1.ValidatingWebhook{
 					{
-						Name: "recipe-webhook.radapp.io",
+						Name: "vrecipe.radapp.io",
 						Rules: []admissionv1.RuleWithOperations{
 							{
 								Operations: []admissionv1.OperationType{"CREATE", "UPDATE"},

@@ -42,6 +42,8 @@ func (r *RecipeWebhook) SetupWebhookWithManager(mgr ctrl.Manager) error {
 		Complete()
 }
 
+//+kubebuilder:webhook:path=/validate-radapp-io-v1alpha3-recipe,mutating=false,failurePolicy=fail,sideEffects=None,groups=radapp.io,resources=recipes,verbs=create;update,versions=v1alpha3,name=vrecipe.radapp.io,admissionReviewVersions=v1
+
 // RecipeWebhook implements the validating webhook functions for the Recipe type.
 type RecipeWebhook struct{}
 
@@ -55,7 +57,7 @@ func (r *RecipeWebhook) ValidateCreate(ctx context.Context, obj runtime.Object)
 	}
 
 	logger.Info("Validating Create Recipe %s", recipe.Name)
-	return r.validateRecipeType(ctx, recipe)
+	return nil, r.validateRecipeType(ctx, recipe)
 }
 
 // ValidateUpdate validates the update of a Recipe object.
@@ -68,7 +70,7 @@ func (r *RecipeWebhook) ValidateUpdate(ctx context.Context, oldObj, newObj runti
 	}
 
 	logger.Info("Validating Update Recipe %s", recipe.Name)
-	return r.validateRecipeType(ctx, recipe)
+	return nil, r.validateRecipeType(ctx, recipe)
 }
 
 // ValidateDelete validates the deletion of a Recipe object.
@@ -86,7 +88,7 @@ func (r *RecipeWebhook) ValidateDelete(ctx context.Context, obj runtime.Object)
 }
 
 // validateRecipeType validates Recipe object.
-func (r *RecipeWebhook) validateRecipeType(ctx context.Context, recipe *radappiov1alpha3.Recipe) (admission.Warnings, error) {
+func (r *RecipeWebhook) validateRecipeType(ctx context.Context, recipe *radappiov1alpha3.Recipe) error {
 	logger := ucplog.FromContextOrDiscard(ctx)
 	var errList field.ErrorList
 	flPath := field.NewPath("spec").Child("type")
@@ -96,11 +98,11 @@ func (r *RecipeWebhook) validateRecipeType(ctx context.Context, recipe *radappio
 	if !portableresources.IsValidPortableResourceType(recipe.Spec.Type) {
 		errList = append(errList, field.Invalid(flPath, recipe.Spec.Type, fmt.Sprintf("allowed values are: %s", validResourceTypes)))
 
-		return nil, apierrors.NewInvalid(
+		return apierrors.NewInvalid(
 			schema.GroupKind{Group: "radapp.io", Kind: "Recipe"},
 			recipe.Name,
 			errList)
 	}
 
-	return nil, nil
+	return nil
 }