⬆️ Bump sigs.k8s.io/controller-runtime from 0.22.4 to 0.23.0

cmd/main.go

@@ -199,7 +199,7 @@ func main() {
 	r1 := &controllers.SystemReconciler{
 		Client:    mgr.GetClient(),
 		Scheme:    mgr.GetScheme(),
-		Recorder:  mgr.GetEventRecorderFor("system-controller"),
+		Recorder:  mgr.GetEventRecorder("system-controller"),
 		Metrics:   systemMetrics,
 		Config:    ctrlConfig,
 		APIReader: mgr.GetAPIReader(),

config/rbac/role.yaml

@@ -17,13 +17,6 @@ rules:
   - patch
   - update
   - watch
-- apiGroups:
-  - ""
-  resources:
-  - events
-  verbs:
-  - create
-  - patch
 - apiGroups:
   - apps
   resources:
@@ -33,6 +26,13 @@ rules:
   - list
   - patch
   - watch
+- apiGroups:
+  - events.k8s.io
+  resources:
+  - events
+  verbs:
+  - create
+  - patch
 - apiGroups:
   - styra.bankdata.dk
   resources:

go.mod

@@ -1,6 +1,6 @@
 module github.com/bankdata/styra-controller
 
-go 1.25.0
+go 1.26.3
 
 require (
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
@@ -20,7 +20,7 @@ require (
 	k8s.io/api v0.35.4
 	k8s.io/apimachinery v0.35.4
 	k8s.io/client-go v0.35.4
-	sigs.k8s.io/controller-runtime v0.22.4
+	sigs.k8s.io/controller-runtime v0.23.1
 	sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20230307042619-c304e7ec2ee7
 	sigs.k8s.io/controller-tools v0.20.1
 	sigs.k8s.io/kind v0.31.0
@@ -521,6 +521,6 @@ require (
 	sigs.k8s.io/kustomize/cmd/config v0.21.1 // indirect
 	sigs.k8s.io/kustomize/kyaml v0.21.1 // indirect
 	sigs.k8s.io/randfill v1.0.0 // indirect
-	sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect
+	sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 // indirect
 	software.sslmate.com/src/go-pkcs12 v0.4.0 // indirect
 )

go.sum

@@ -1549,8 +1549,8 @@ mvdan.cc/unparam v0.0.0-20240528143540-8a5130ca722f h1:lMpcwN6GxNbWtbpI1+xzFLSW8
 mvdan.cc/unparam v0.0.0-20240528143540-8a5130ca722f/go.mod h1:RSLa7mKKCNeTTMHBw5Hsy2rfJmd6O2ivt9Dw9ZqCQpQ=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 h1:jpcvIRr3GLoUoEKRkHKSmGjxb6lWwrBlJsXc+eUYQHM=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw=
-sigs.k8s.io/controller-runtime v0.22.4 h1:GEjV7KV3TY8e+tJ2LCTxUTanW4z/FmNB7l327UfMq9A=
-sigs.k8s.io/controller-runtime v0.22.4/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8=
+sigs.k8s.io/controller-runtime v0.23.1 h1:TjJSM80Nf43Mg21+RCy3J70aj/W6KyvDtOlpKf+PupE=
+sigs.k8s.io/controller-runtime v0.23.1/go.mod h1:B6COOxKptp+YaUT5q4l6LqUJTRpizbgf9KSRNdQGns0=
 sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20230307042619-c304e7ec2ee7 h1:IxfIt+FAgOU9Dzg+SsPPFyHayYcC/OMsQQ6nPILxf5o=
 sigs.k8s.io/controller-runtime/tools/setup-envtest v0.0.0-20230307042619-c304e7ec2ee7/go.mod h1:Lm5xRgQejdMHAz81exSpqvwEkIdTfoNtUDA6MM4kltw=
 sigs.k8s.io/controller-tools v0.20.1 h1:gkfMt9YodI0K85oT8rVi80NTXO/kDmabKR5Ajn5GYxs=
@@ -1569,8 +1569,8 @@ sigs.k8s.io/kustomize/kyaml v0.21.1 h1:IVlbmhC076nf6foyL6Taw4BkrLuEsXUXNpsE+ScX7
 sigs.k8s.io/kustomize/kyaml v0.21.1/go.mod h1:hmxADesM3yUN2vbA5z1/YTBnzLJ1dajdqpQonwBL1FQ=
 sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU=
 sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco=
-sigs.k8s.io/structured-merge-diff/v6 v6.3.0/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482 h1:2WOzJpHUBVrrkDjU4KBT8n5LDcj824eX0I5UKcgeRUs=
+sigs.k8s.io/structured-merge-diff/v6 v6.3.2-0.20260122202528-d9cc6641c482/go.mod h1:M3W8sfWvn2HhQDIbGWj3S099YozAsymCo/wrT5ohRUE=
 sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc=
 sigs.k8s.io/yaml v1.6.0 h1:G8fkbMSAFqgEFgh4b1wmtzDnioxFCUgTZhlbj5P9QYs=
 sigs.k8s.io/yaml v1.6.0/go.mod h1:796bPqUfzR/0jLAl6XjHl3Ck7MiyVv8dbTdyT3/pMf4=

internal/controller/styra/system_controller.go

@@ -34,7 +34,7 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/types"
-	"k8s.io/client-go/tools/record"
+	"k8s.io/client-go/tools/events"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/builder"
 	"sigs.k8s.io/controller-runtime/pkg/client"
@@ -77,7 +77,7 @@ type SystemReconciler struct {
 	Scheme        *runtime.Scheme
 	OCP           ocp.ClientInterface
 	WebhookClient webhook.Client
-	Recorder      record.EventRecorder
+	Recorder      events.EventRecorder
 	Metrics       *SystemReconcilerMetrics
 	Config        *configv2alpha2.ProjectConfig
 }
@@ -88,7 +88,7 @@ type SystemReconciler struct {
 //+kubebuilder:rbac:groups="",resources=secrets,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete
 //+kubebuilder:rbac:groups=apps,resources=statefulsets,verbs=get;list;watch;patch;
-//+kubebuilder:rbac:groups="",resources=events,verbs=create;patch
+//+kubebuilder:rbac:groups=events.k8s.io,resources=events,verbs=create;patch
 
 // Reconcile implements renconcile.Renconciler and has responsibility of
 // ensuring that the current state of the System resource renconciled
@@ -207,7 +207,7 @@ func (r *SystemReconciler) recordErrorEvent(system *v1beta1.System, err error) {
 	var rerr *ctrlerr.ReconcilerErr
 	if errors.As(err, &rerr) {
 		if rerr.Event != "" {
-			r.Recorder.Event(system, corev1.EventTypeWarning, rerr.Event, rerr.Error())
+			r.Recorder.Eventf(system, nil, corev1.EventTypeWarning, rerr.Event, "Reconcile", rerr.Error())
 		}
 	}
 }
@@ -409,7 +409,7 @@ func (r *SystemReconciler) ocpReconcile(
 	}
 
 	msg := "OPA Control Plane reconciliation completed"
-	r.Recorder.Event(system, corev1.EventTypeNormal, "ReconciliationCompleted", msg)
+	r.Recorder.Eventf(system, nil, corev1.EventTypeNormal, "ReconciliationCompleted", "Reconcile", msg)
 	log.Info(msg)
 	return ctrl.Result{}, nil
 }

internal/webhook/styra/v1alpha1/library_webhook.go

@@ -19,12 +19,9 @@ package v1alpha1
 
 import (
 	"context"
-	"fmt"
 
-	"k8s.io/apimachinery/pkg/runtime"
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	styrav1alpha1 "github.com/bankdata/styra-controller/api/styra/v1alpha1"
@@ -36,7 +33,7 @@ var librarylog = logf.Log.WithName("library-resource")
 
 // SetupLibraryWebhookWithManager registers the webhook for Library in the manager.
 func SetupLibraryWebhookWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewWebhookManagedBy(mgr).For(&styrav1alpha1.Library{}).
+	return ctrl.NewWebhookManagedBy(mgr, &styrav1alpha1.Library{}).
 		WithValidator(&LibraryCustomValidator{}).
 		WithDefaulter(&LibraryCustomDefaulter{}).
 		Complete()
@@ -56,16 +53,11 @@ type LibraryCustomDefaulter struct {
 	// TODO(user): Add more fields as needed for defaulting
 }
 
-var _ webhook.CustomDefaulter = &LibraryCustomDefaulter{}
+var _ admission.Defaulter[*styrav1alpha1.Library] = &LibraryCustomDefaulter{}
 
 // nolint:all
-// Default implements webhook.CustomDefaulter so a webhook will be registered for the Kind Library.
-func (d *LibraryCustomDefaulter) Default(ctx context.Context, obj runtime.Object) error {
-	library, ok := obj.(*styrav1alpha1.Library)
-
-	if !ok {
-		return fmt.Errorf("expected an Library object but got %T", obj)
-	}
+// Default implements admission.Defaulter so a webhook will be registered for the Kind Library.
+func (d *LibraryCustomDefaulter) Default(ctx context.Context, library *styrav1alpha1.Library) error {
 	librarylog.Info("Defaulting for Library", "name", library.GetName())
 
 	if library.Spec.SourceControl == nil || library.Spec.SourceControl.LibraryOrigin == nil {
@@ -95,15 +87,11 @@ type LibraryCustomValidator struct {
 	// TODO(user): Add more fields as needed for validation
 }
 
-var _ webhook.CustomValidator = &LibraryCustomValidator{}
+var _ admission.Validator[*styrav1alpha1.Library] = &LibraryCustomValidator{}
 
 // nolint:all
-// ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type Library.
-func (v *LibraryCustomValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
-	library, ok := obj.(*styrav1alpha1.Library)
-	if !ok {
-		return nil, fmt.Errorf("expected a Library object but got %T", obj)
-	}
+// ValidateCreate implements admission.Validator so a webhook will be registered for the type Library.
+func (v *LibraryCustomValidator) ValidateCreate(ctx context.Context, library *styrav1alpha1.Library) (admission.Warnings, error) {
 	librarylog.Info("Validation for Library upon creation", "name", library.GetName())
 
 	// TODO(user): fill in your validation logic upon object creation.
@@ -112,12 +100,8 @@ func (v *LibraryCustomValidator) ValidateCreate(ctx context.Context, obj runtime
 }
 
 // nolint:all
-// ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type Library.
-func (v *LibraryCustomValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
-	library, ok := newObj.(*styrav1alpha1.Library)
-	if !ok {
-		return nil, fmt.Errorf("expected a Library object for the newObj but got %T", newObj)
-	}
+// ValidateUpdate implements admission.Validator so a webhook will be registered for the type Library.
+func (v *LibraryCustomValidator) ValidateUpdate(ctx context.Context, oldObj, library *styrav1alpha1.Library) (admission.Warnings, error) {
 	librarylog.Info("Validation for Library upon update", "name", library.GetName())
 
 	// TODO(user): fill in your validation logic upon object update.
@@ -126,12 +110,8 @@ func (v *LibraryCustomValidator) ValidateUpdate(ctx context.Context, oldObj, new
 }
 
 // nolint:all
-// ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type Library.
-func (v *LibraryCustomValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
-	library, ok := obj.(*styrav1alpha1.Library)
-	if !ok {
-		return nil, fmt.Errorf("expected a Library object but got %T", obj)
-	}
+// ValidateDelete implements admission.Validator so a webhook will be registered for the type Library.
+func (v *LibraryCustomValidator) ValidateDelete(ctx context.Context, library *styrav1alpha1.Library) (admission.Warnings, error) {
 	librarylog.Info("Validation for Library upon deletion", "name", library.GetName())
 
 	// TODO(user): fill in your validation logic upon object deletion.

internal/webhook/styra/v1beta1/system_webhook.go

@@ -19,16 +19,13 @@ package v1beta1
 
 import (
 	"context"
-	"fmt"
 	"sort"
 
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
-	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/apimachinery/pkg/runtime/schema"
 	"k8s.io/apimachinery/pkg/util/validation/field"
 	ctrl "sigs.k8s.io/controller-runtime"
 	logf "sigs.k8s.io/controller-runtime/pkg/log"
-	"sigs.k8s.io/controller-runtime/pkg/webhook"
 	"sigs.k8s.io/controller-runtime/pkg/webhook/admission"
 
 	styrav1beta1 "github.com/bankdata/styra-controller/api/styra/v1beta1"
@@ -40,7 +37,7 @@ var systemlog = logf.Log.WithName("system-resource")
 
 // SetupSystemWebhookWithManager registers the webhook for System in the manager.
 func SetupSystemWebhookWithManager(mgr ctrl.Manager) error {
-	return ctrl.NewWebhookManagedBy(mgr).For(&styrav1beta1.System{}).
+	return ctrl.NewWebhookManagedBy(mgr, &styrav1beta1.System{}).
 		WithValidator(&SystemCustomValidator{}).
 		WithDefaulter(&SystemCustomDefaulter{}).
 		Complete()
@@ -60,16 +57,11 @@ type SystemCustomDefaulter struct {
 	// TODO(user): Add more fields as needed for defaulting
 }
 
-var _ webhook.CustomDefaulter = &SystemCustomDefaulter{}
+var _ admission.Defaulter[*styrav1beta1.System] = &SystemCustomDefaulter{}
 
 // nolint:all
-// Default implements webhook.CustomDefaulter so a webhook will be registered for the Kind System.
-func (d *SystemCustomDefaulter) Default(ctx context.Context, obj runtime.Object) error {
-	system, ok := obj.(*styrav1beta1.System)
-
-	if !ok {
-		return fmt.Errorf("expected an System object but got %T", obj)
-	}
+// Default implements admission.Defaulter so a webhook will be registered for the Kind System.
+func (d *SystemCustomDefaulter) Default(ctx context.Context, system *styrav1beta1.System) error {
 	systemlog.Info("Defaulting for System", "name", system.GetName())
 
 	if system.Spec.SourceControl != nil {
@@ -97,39 +89,27 @@ type SystemCustomValidator struct {
 	// TODO(user): Add more fields as needed for validation
 }
 
-var _ webhook.CustomValidator = &SystemCustomValidator{}
+var _ admission.Validator[*styrav1beta1.System] = &SystemCustomValidator{}
 
 // nolint:all
-// ValidateCreate implements webhook.CustomValidator so a webhook will be registered for the type System.
-func (v *SystemCustomValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
-	system, ok := obj.(*styrav1beta1.System)
-	if !ok {
-		return nil, fmt.Errorf("expected a System object but got %T", obj)
-	}
+// ValidateCreate implements admission.Validator so a webhook will be registered for the type System.
+func (v *SystemCustomValidator) ValidateCreate(ctx context.Context, system *styrav1beta1.System) (admission.Warnings, error) {
 	systemlog.Info("Validation for System upon creation", "name", system.GetName())
 
 	return validateSystem(system)
 }
 
 // nolint:all
-// ValidateUpdate implements webhook.CustomValidator so a webhook will be registered for the type System.
-func (v *SystemCustomValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (admission.Warnings, error) {
-	system, ok := newObj.(*styrav1beta1.System)
-	if !ok {
-		return nil, fmt.Errorf("expected a System object for the newObj but got %T", newObj)
-	}
+// ValidateUpdate implements admission.Validator so a webhook will be registered for the type System.
+func (v *SystemCustomValidator) ValidateUpdate(ctx context.Context, oldObj, system *styrav1beta1.System) (admission.Warnings, error) {
 	systemlog.Info("Validation for System upon update", "name", system.GetName())
 
 	return validateSystem(system)
 }
 
 // nolint:all
-// ValidateDelete implements webhook.CustomValidator so a webhook will be registered for the type System.
-func (v *SystemCustomValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (admission.Warnings, error) {
-	system, ok := obj.(*styrav1beta1.System)
-	if !ok {
-		return nil, fmt.Errorf("expected a System object but got %T", obj)
-	}
+// ValidateDelete implements admission.Validator so a webhook will be registered for the type System.
+func (v *SystemCustomValidator) ValidateDelete(ctx context.Context, system *styrav1beta1.System) (admission.Warnings, error) {
 	systemlog.Info("Validation for System upon deletion", "name", system.GetName())
 
 	// TODO(user): fill in your validation logic upon object deletion.

test/integration/controller/controller_suite_test.go

@@ -115,12 +115,12 @@ var _ = ginkgo.BeforeSuite(func() {
 		Scheme:        k8sManager.GetScheme(),
 		OCP:           ocpClientMock,
 		WebhookClient: webhookMock,
-		Recorder:      k8sManager.GetEventRecorderFor("system-controller"),
+		Recorder:      k8sManager.GetEventRecorder("system-controller"),
 		Config: &configv2alpha2.ProjectConfig{
 			OPAControlPlaneConfig: &configv2alpha2.OPAControlPlaneConfig{
 				Address: "ocp-url",
 				Token:   "ocp-token",
-				GitCredentials: []*configv2alpha2.GitCredentials{&configv2alpha2.GitCredentials{
+				GitCredentials: []*configv2alpha2.GitCredentials{{
 					ID:         "github-credentials",
 					RepoPrefix: "https://github",
 				}},