Defaulting to the latest tag if no tag was specified.

In the current code, we handle differently build/sign and deploying a
pre-built kmod.

This is the current behavior:
* If a `build`/`sign` section is set in the module, and the image tag
  isn't specified, then we will return an error.
* If there are no `build`/`sign` section, and the image tag isn't
  specified, then we will default to the `latest` tag.

This change is adjusting the behavior of both workflow to always default
to the `latest` image tag if it is not specified in the `Module`.

Signed-off-by: Yoni Bettan <[email protected]>

Author: ybettan

cmd/webhook-server/main.go

@@ -82,6 +82,10 @@ func main() {
 		if err = webhook.NewModuleValidator(logger).SetupWebhookWithManager(mgr); err != nil {
 			cmd.FatalError(setupLogger, err, "unable to create webhook", "webhook", "ModuleValidator")
 		}
+
+		if err = webhook.NewModuleDefaulter(logger).SetupWebhookWithManager(mgr); err != nil {
+			cmd.FatalError(setupLogger, err, "unable to create mutating webhook", "webhook", "ModuleDefaulter")
+		}
 	}
 
 	if enableManagedClusterModule {
@@ -90,6 +94,11 @@ func main() {
 		if err = hub.NewManagedClusterModuleValidator(logger).SetupWebhookWithManager(mgr); err != nil {
 			cmd.FatalError(setupLogger, err, "unable to create webhook", "webhook", "ManagedClusterModuleValidator")
 		}
+
+		moduleDefaulter := webhook.NewModuleDefaulter(logger)
+		if err = hub.NewManagedClusterModuleDefaulter(logger, moduleDefaulter).SetupWebhookWithManager(mgr); err != nil {
+			cmd.FatalError(setupLogger, err, "unable to create mutating webhook", "webhook", "ManagedClusterModuleDefaulter")
+		}
 	}
 
 	if enableNamespaceDeletion {

config/webhook-hub/manifests.yaml

@@ -1,5 +1,31 @@
 ---
 apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /mutate-hub-kmm-sigs-x-k8s-io-v1beta1-managedclustermodule
+  failurePolicy: Fail
+  name: vmanageclustermodule.kb.io
+  rules:
+  - apiGroups:
+    - hub.kmm.sigs.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - managedclustermodules
+  sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: validating-webhook-configuration

config/webhook/manifests.yaml

@@ -1,5 +1,31 @@
 ---
 apiVersion: admissionregistration.k8s.io/v1
+kind: MutatingWebhookConfiguration
+metadata:
+  name: mutating-webhook-configuration
+webhooks:
+- admissionReviewVersions:
+  - v1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /mutate-kmm-sigs-x-k8s-io-v1beta1-module
+  failurePolicy: Fail
+  name: vmodule.kb.io
+  rules:
+  - apiGroups:
+    - kmm.sigs.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - modules
+  sideEffects: None
+---
+apiVersion: admissionregistration.k8s.io/v1
 kind: ValidatingWebhookConfiguration
 metadata:
   name: validating-webhook-configuration

internal/webhook/hub/managedclustermodule_webhook.go renamed to internal/webhook/hub/managedclustermodule.go

@@ -0,0 +1,65 @@
+/*
+Copyright 2022.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package hub
+
+import (
+	"context"
+	"fmt"
+
+	"github.com/go-logr/logr"
+	"github.com/kubernetes-sigs/kernel-module-management/api-hub/v1beta1"
+	"github.com/kubernetes-sigs/kernel-module-management/internal/webhook"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
+)
+
+type ManagedClusterModuleDefaulter struct {
+	logger          logr.Logger
+	moduleDefaulter admission.CustomDefaulter
+}
+
+func NewManagedClusterModuleDefaulter(logger logr.Logger, moduleDefaulter *webhook.ModuleDefaulter) *ManagedClusterModuleDefaulter {
+	return &ManagedClusterModuleDefaulter{
+		logger:          logger,
+		moduleDefaulter: moduleDefaulter,
+	}
+}
+
+func (mcmd *ManagedClusterModuleDefaulter) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	// controller-runtime will set the path to `mutate-<group>-<version>-<resource> so we
+	// need to make sure it is set correctly in the +kubebuilder annotation below.
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(&v1beta1.ManagedClusterModule{}).
+		WithDefaulter(mcmd).
+		Complete()
+}
+
+//+kubebuilder:webhook:path=/mutate-hub-kmm-sigs-x-k8s-io-v1beta1-managedclustermodule,mutating=true,failurePolicy=fail,sideEffects=None,groups=hub.kmm.sigs.x-k8s.io,resources=managedclustermodules,verbs=create;update,versions=v1beta1,name=vmanageclustermodule.kb.io,admissionReviewVersions=v1
+
+// Default implements webhook.Default so a webhook will be registered for the type
+func (mcmd *ManagedClusterModuleDefaulter) Default(ctx context.Context, obj runtime.Object) error {
+
+	mcmod, ok := obj.(*v1beta1.ManagedClusterModule)
+	if !ok {
+		return fmt.Errorf("bad type for the object; expected %T, got %T", mcmod, obj)
+	}
+
+	mcmd.logger.Info("Mutating ManagedClusterModule creation", "name", mcmod.Name, "namespace", mcmod.Namespace)
+
+	return mcmd.moduleDefaulter.Default(ctx, obj)
+}

internal/webhook/hub/managedclustermodule_mutator.go

@@ -0,0 +1,3 @@
+package hub
+
+//FIXME: implement

internal/webhook/hub/managedclustermodule_mutator_test.go

@@ -0,0 +1,88 @@
+/*
+Copyright 2022.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package webhook
+
+import (
+	"context"
+	"fmt"
+	"strings"
+
+	"github.com/go-logr/logr"
+	kmmv1beta1 "github.com/kubernetes-sigs/kernel-module-management/api/v1beta1"
+	"k8s.io/apimachinery/pkg/runtime"
+	ctrl "sigs.k8s.io/controller-runtime"
+)
+
+const defaultTag = "latest"
+
+type ModuleDefaulter struct {
+	logger logr.Logger
+}
+
+func NewModuleDefaulter(logger logr.Logger) *ModuleDefaulter {
+	return &ModuleDefaulter{logger: logger}
+}
+
+func (md *ModuleDefaulter) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	// controller-runtime will set the path to `mutate-<group>-<version>-<resource> so we
+	// need to make sure it is set correctly in the +kubebuilder annotation below.
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(&kmmv1beta1.Module{}).
+		WithDefaulter(md).
+		Complete()
+}
+
+//+kubebuilder:webhook:path=/mutate-kmm-sigs-x-k8s-io-v1beta1-module,mutating=true,failurePolicy=fail,sideEffects=None,groups=kmm.sigs.x-k8s.io,resources=modules,verbs=create;update,versions=v1beta1,name=vmodule.kb.io,admissionReviewVersions=v1
+
+// Default implements webhook.Default so a webhook will be registered for the type
+func (md *ModuleDefaulter) Default(ctx context.Context, obj runtime.Object) error {
+
+	mod, ok := obj.(*kmmv1beta1.Module)
+	if !ok {
+		return fmt.Errorf("bad type for the object; expected %T, got %T", mod, obj)
+	}
+
+	md.logger.Info("Mutating Module creation", "name", mod.Name, "namespace", mod.Namespace)
+
+	setDefaultContainerImageTagIfNeeded(mod)
+	setDefaultKernelMappingTagsIfNeeded(mod)
+
+	return nil
+}
+
+func setDefaultContainerImageTagIfNeeded(mod *kmmv1beta1.Module) {
+
+	setDefaultTagIfNeeded(&mod.Spec.ModuleLoader.Container.ContainerImage)
+}
+
+func setDefaultKernelMappingTagsIfNeeded(mod *kmmv1beta1.Module) {
+
+	for i := range mod.Spec.ModuleLoader.Container.KernelMappings {
+		setDefaultTagIfNeeded(&mod.Spec.ModuleLoader.Container.KernelMappings[i].ContainerImage)
+	}
+}
+
+func setDefaultTagIfNeeded(image *string) {
+
+	if *image == "" {
+		return
+	}
+
+	if !strings.Contains(*image, ":") && !strings.Contains(*image, "@") {
+		*image = fmt.Sprintf("%s:%s", *image, defaultTag)
+	}
+}