From 50dab8292db91a9ec06ae07e7e0c258d66f0f4a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Feb 2026 11:04:05 +0000 Subject: [PATCH 1/2] :arrow_up: Bump sigs.k8s.io/controller-runtime from 0.22.4 to 0.23.0 Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.22.4 to 0.23.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.22.4...v0.23.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-version: 0.23.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 4 ++-- go.sum | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/go.mod b/go.mod index 233dae55..e2af6777 100644 --- a/go.mod +++ b/go.mod @@ -20,7 +20,7 @@ require ( k8s.io/api v0.35.4 k8s.io/apimachinery v0.35.4 k8s.io/client-go v0.35.4 - sigs.k8s.io/controller-runtime v0.22.4 + sigs.k8s.io/controller-runtime v0.23.1 sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20230307042619-c304e7ec2ee7 sigs.k8s.io/controller-tools v0.20.1 sigs.k8s.io/kind v0.31.0 @@ -521,6 +521,6 @@ require ( sigs.k8s.io/kustomize/cmd/config v0.21.1 // indirect sigs.k8s.io/kustomize/kyaml v0.21.1 // indirect sigs.k8s.io/randfill v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect + sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect software.sslmate.com/src/go-pkcs12 v0.4.0 // indirect ) diff --git a/go.sum b/go.sum index 3d50ab50..5dfe458a 100644 --- a/go.sum +++ b/go.sum @@ -1549,8 +1549,8 @@ mvdan.cc/unparam v0.0.0-20240528143540-8a5130ca722f h1:lMpcwN6GxNbWtbpI1+xzFLSW8 mvdan.cc/unparam v0.0.0-20240528143540-8a5130ca722f/go.mod h1:RSLa7mKKCNeTTMHBw5Hsy2rfJmd6O2ivt9Dw9ZqCQpQ= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 h1:jpcvIRr3GLoUoEKRkHKSmGjxb6lWwrBlJsXc+eUYQHM= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= -sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A= -sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= +sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE= +sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0= sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20230307042619-c304e7ec2ee7 h1:IxfIt+FAgOU9Dzg+SsPPFyHayYcC/OMsQQ6nPILxf5o= sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20230307042619-c304e7ec2ee7/go.mod h1:Lm5xRgQejdMHAz81exSpqvwEkIdTfoNtUDA6MM4kltw= sigs.k8s.io/controller-tools v0.20.1 h1:gkfMt9YodI0K85oT8rVi80NTXO/kDmabKR5Ajn5GYxs= @@ -1569,8 +1569,8 @@ sigs.k8s.io/kustomize/kyaml v0.21.1 h1:IVlbmhC076nf6foyL6Taw4BkrLuEsXUXNpsE+ScX7 sigs.k8s.io/kustomize/kyaml v0.21.1/go.mod h1:hmxADesM3yUN2vbA5z1/YTBnzLJ1dajdqpQonwBL1FQ= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= -sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= -sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 h1:2WOzJpHUBVrrkDjU4KBT8n5LDcj824eX0I5UKcgeRUs= +sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs= sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4= From bcb44076149a2cc74a148b4aaf51e7ea0c76aeca Mon Sep 17 00:00:00 2001 From: bdumpp Date: Thu, 28 May 2026 15:27:46 +0200 Subject: [PATCH 2/2] fix deprecation --- cmd/main.go | 2 +- config/rbac/role.yaml | 14 +++---- go.mod | 2 +- .../controller/styra/system_controller.go | 10 ++--- .../webhook/styra/v1alpha1/library_webhook.go | 42 +++++-------------- .../webhook/styra/v1beta1/system_webhook.go | 42 +++++-------------- .../controller/controller_suite_test.go | 4 +- 7 files changed, 38 insertions(+), 78 deletions(-) diff --git a/cmd/main.go b/cmd/main.go index 604f4e6c..aa0fc8b3 100644 --- a/cmd/main.go +++ b/cmd/main.go @@ -199,7 +199,7 @@ func main() { r1 := &controllers.SystemReconciler{ Client: mgr.GetClient(), Scheme: mgr.GetScheme(), - Recorder: mgr.GetEventRecorderFor("system-controller"), + Recorder: mgr.GetEventRecorder("system-controller"), Metrics: systemMetrics, Config: ctrlConfig, APIReader: mgr.GetAPIReader(), diff --git a/config/rbac/role.yaml b/config/rbac/role.yaml index d0c6150f..013c323c 100644 --- a/config/rbac/role.yaml +++ b/config/rbac/role.yaml @@ -17,13 +17,6 @@ rules: - patch - update - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch - apiGroups: - apps resources: @@ -33,6 +26,13 @@ rules: - list - patch - watch +- apiGroups: + - events.k8s.io + resources: + - events + verbs: + - create + - patch - apiGroups: - styra.bankdata.dk resources: diff --git a/go.mod b/go.mod index e2af6777..5fbb2f6c 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/bankdata/styra-controller -go 1.25.0 +go 1.26.3 require ( github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 diff --git a/internal/controller/styra/system_controller.go b/internal/controller/styra/system_controller.go index 669d11cc..11108e22 100644 --- a/internal/controller/styra/system_controller.go +++ b/internal/controller/styra/system_controller.go @@ -34,7 +34,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" - "k8s.io/client-go/tools/record" + "k8s.io/client-go/tools/events" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/client" @@ -77,7 +77,7 @@ type SystemReconciler struct { Scheme *runtime.Scheme OCP ocp.ClientInterface WebhookClient webhook.Client - Recorder record.EventRecorder + Recorder events.EventRecorder Metrics *SystemReconcilerMetrics Config *configv2alpha2.ProjectConfig } @@ -88,7 +88,7 @@ type SystemReconciler struct { //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete //+kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;patch; -//+kubebuilder:rbac:groups="",resources=events,verbs=create;patch +//+kubebuilder:rbac:groups=events.k8s.io,resources=events,verbs=create;patch // Reconcile implements renconcile.Renconciler and has responsibility of // ensuring that the current state of the System resource renconciled @@ -207,7 +207,7 @@ func (r *SystemReconciler) recordErrorEvent(system *v1beta1.System, err error) { var rerr *ctrlerr.ReconcilerErr if errors.As(err, &rerr) { if rerr.Event != "" { - r.Recorder.Event(system, corev1.EventTypeWarning, rerr.Event, rerr.Error()) + r.Recorder.Eventf(system, nil, corev1.EventTypeWarning, rerr.Event, "Reconcile", rerr.Error()) } } } @@ -409,7 +409,7 @@ func (r *SystemReconciler) ocpReconcile( } msg := "OPA Control Plane reconciliation completed" - r.Recorder.Event(system, corev1.EventTypeNormal, "ReconciliationCompleted", msg) + r.Recorder.Eventf(system, nil, corev1.EventTypeNormal, "ReconciliationCompleted", "Reconcile", msg) log.Info(msg) return ctrl.Result{}, nil } diff --git a/internal/webhook/styra/v1alpha1/library_webhook.go b/internal/webhook/styra/v1alpha1/library_webhook.go index a6146968..2a3207de 100644 --- a/internal/webhook/styra/v1alpha1/library_webhook.go +++ b/internal/webhook/styra/v1alpha1/library_webhook.go @@ -19,12 +19,9 @@ package v1alpha1 import ( "context" - "fmt" - "k8s.io/apimachinery/pkg/runtime" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" styrav1alpha1 "github.com/bankdata/styra-controller/api/styra/v1alpha1" @@ -36,7 +33,7 @@ var librarylog = logf.Log.WithName("library-resource") // SetupLibraryWebhookWithManager registers the webhook for Library in the manager. func SetupLibraryWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr).For(&styrav1alpha1.Library{}). + return ctrl.NewWebhookManagedBy(mgr, &styrav1alpha1.Library{}). WithValidator(&LibraryCustomValidator{}). WithDefaulter(&LibraryCustomDefaulter{}). Complete() @@ -56,16 +53,11 @@ type LibraryCustomDefaulter struct { // TODO(user): Add more fields as needed for defaulting } -var _ webhook.CustomDefaulter = &LibraryCustomDefaulter{} +var _ admission.Defaulter[*styrav1alpha1.Library] = &LibraryCustomDefaulter{} // nolint:all -// Default implements webhook.CustomDefaulter so a webhook will be registered for the Kind Library. -func (d *LibraryCustomDefaulter) Default(ctx context.Context, obj runtime.Object) error { - library, ok := obj.(*styrav1alpha1.Library) - - if !ok { - return fmt.Errorf("expected an Library object but got %T", obj) - } +// Default implements admission.Defaulter so a webhook will be registered for the Kind Library. +func (d *LibraryCustomDefaulter) Default(ctx context.Context, library *styrav1alpha1.Library) error { librarylog.Info("Defaulting for Library", "name", library.GetName()) if library.Spec.SourceControl == nil || library.Spec.SourceControl.LibraryOrigin == nil { @@ -95,15 +87,11 @@ type LibraryCustomValidator struct { // TODO(user): Add more fields as needed for validation } -var _ webhook.CustomValidator = &LibraryCustomValidator{} +var _ admission.Validator[*styrav1alpha1.Library] = &LibraryCustomValidator{} // nolint:all -// ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type Library. -func (v *LibraryCustomValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) { - library, ok := obj.(*styrav1alpha1.Library) - if !ok { - return nil, fmt.Errorf("expected a Library object but got %T", obj) - } +// ValidateCreate implements admission.Validator so a webhook will be registered for the type Library. +func (v *LibraryCustomValidator) ValidateCreate(ctx context.Context, library *styrav1alpha1.Library) (admission.Warnings, error) { librarylog.Info("Validation for Library upon creation", "name", library.GetName()) // TODO(user): fill in your validation logic upon object creation. @@ -112,12 +100,8 @@ func (v *LibraryCustomValidator) ValidateCreate(ctx context.Context, obj runtime } // nolint:all -// ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type Library. -func (v *LibraryCustomValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { - library, ok := newObj.(*styrav1alpha1.Library) - if !ok { - return nil, fmt.Errorf("expected a Library object for the newObj but got %T", newObj) - } +// ValidateUpdate implements admission.Validator so a webhook will be registered for the type Library. +func (v *LibraryCustomValidator) ValidateUpdate(ctx context.Context, oldObj, library *styrav1alpha1.Library) (admission.Warnings, error) { librarylog.Info("Validation for Library upon update", "name", library.GetName()) // TODO(user): fill in your validation logic upon object update. @@ -126,12 +110,8 @@ func (v *LibraryCustomValidator) ValidateUpdate(ctx context.Context, oldObj, new } // nolint:all -// ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type Library. -func (v *LibraryCustomValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) { - library, ok := obj.(*styrav1alpha1.Library) - if !ok { - return nil, fmt.Errorf("expected a Library object but got %T", obj) - } +// ValidateDelete implements admission.Validator so a webhook will be registered for the type Library. +func (v *LibraryCustomValidator) ValidateDelete(ctx context.Context, library *styrav1alpha1.Library) (admission.Warnings, error) { librarylog.Info("Validation for Library upon deletion", "name", library.GetName()) // TODO(user): fill in your validation logic upon object deletion. diff --git a/internal/webhook/styra/v1beta1/system_webhook.go b/internal/webhook/styra/v1beta1/system_webhook.go index e68a6fe5..8de8b799 100644 --- a/internal/webhook/styra/v1beta1/system_webhook.go +++ b/internal/webhook/styra/v1beta1/system_webhook.go @@ -19,16 +19,13 @@ package v1beta1 import ( "context" - "fmt" "sort" apierrors "k8s.io/apimachinery/pkg/api/errors" - "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/validation/field" ctrl "sigs.k8s.io/controller-runtime" logf "sigs.k8s.io/controller-runtime/pkg/log" - "sigs.k8s.io/controller-runtime/pkg/webhook" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" styrav1beta1 "github.com/bankdata/styra-controller/api/styra/v1beta1" @@ -40,7 +37,7 @@ var systemlog = logf.Log.WithName("system-resource") // SetupSystemWebhookWithManager registers the webhook for System in the manager. func SetupSystemWebhookWithManager(mgr ctrl.Manager) error { - return ctrl.NewWebhookManagedBy(mgr).For(&styrav1beta1.System{}). + return ctrl.NewWebhookManagedBy(mgr, &styrav1beta1.System{}). WithValidator(&SystemCustomValidator{}). WithDefaulter(&SystemCustomDefaulter{}). Complete() @@ -60,16 +57,11 @@ type SystemCustomDefaulter struct { // TODO(user): Add more fields as needed for defaulting } -var _ webhook.CustomDefaulter = &SystemCustomDefaulter{} +var _ admission.Defaulter[*styrav1beta1.System] = &SystemCustomDefaulter{} // nolint:all -// Default implements webhook.CustomDefaulter so a webhook will be registered for the Kind System. -func (d *SystemCustomDefaulter) Default(ctx context.Context, obj runtime.Object) error { - system, ok := obj.(*styrav1beta1.System) - - if !ok { - return fmt.Errorf("expected an System object but got %T", obj) - } +// Default implements admission.Defaulter so a webhook will be registered for the Kind System. +func (d *SystemCustomDefaulter) Default(ctx context.Context, system *styrav1beta1.System) error { systemlog.Info("Defaulting for System", "name", system.GetName()) if system.Spec.SourceControl != nil { @@ -97,39 +89,27 @@ type SystemCustomValidator struct { // TODO(user): Add more fields as needed for validation } -var _ webhook.CustomValidator = &SystemCustomValidator{} +var _ admission.Validator[*styrav1beta1.System] = &SystemCustomValidator{} // nolint:all -// ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type System. -func (v *SystemCustomValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) { - system, ok := obj.(*styrav1beta1.System) - if !ok { - return nil, fmt.Errorf("expected a System object but got %T", obj) - } +// ValidateCreate implements admission.Validator so a webhook will be registered for the type System. +func (v *SystemCustomValidator) ValidateCreate(ctx context.Context, system *styrav1beta1.System) (admission.Warnings, error) { systemlog.Info("Validation for System upon creation", "name", system.GetName()) return validateSystem(system) } // nolint:all -// ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type System. -func (v *SystemCustomValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) { - system, ok := newObj.(*styrav1beta1.System) - if !ok { - return nil, fmt.Errorf("expected a System object for the newObj but got %T", newObj) - } +// ValidateUpdate implements admission.Validator so a webhook will be registered for the type System. +func (v *SystemCustomValidator) ValidateUpdate(ctx context.Context, oldObj, system *styrav1beta1.System) (admission.Warnings, error) { systemlog.Info("Validation for System upon update", "name", system.GetName()) return validateSystem(system) } // nolint:all -// ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type System. -func (v *SystemCustomValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) { - system, ok := obj.(*styrav1beta1.System) - if !ok { - return nil, fmt.Errorf("expected a System object but got %T", obj) - } +// ValidateDelete implements admission.Validator so a webhook will be registered for the type System. +func (v *SystemCustomValidator) ValidateDelete(ctx context.Context, system *styrav1beta1.System) (admission.Warnings, error) { systemlog.Info("Validation for System upon deletion", "name", system.GetName()) // TODO(user): fill in your validation logic upon object deletion. diff --git a/test/integration/controller/controller_suite_test.go b/test/integration/controller/controller_suite_test.go index bea425e7..111f447c 100644 --- a/test/integration/controller/controller_suite_test.go +++ b/test/integration/controller/controller_suite_test.go @@ -115,12 +115,12 @@ var _ = ginkgo.BeforeSuite(func() { Scheme: k8sManager.GetScheme(), OCP: ocpClientMock, WebhookClient: webhookMock, - Recorder: k8sManager.GetEventRecorderFor("system-controller"), + Recorder: k8sManager.GetEventRecorder("system-controller"), Config: &configv2alpha2.ProjectConfig{ OPAControlPlaneConfig: &configv2alpha2.OPAControlPlaneConfig{ Address: "ocp-url", Token: "ocp-token", - GitCredentials: []*configv2alpha2.GitCredentials{&configv2alpha2.GitCredentials{ + GitCredentials: []*configv2alpha2.GitCredentials{{ ID: "github-credentials", RepoPrefix: "https://github", }},