Migrate to devfile/api v1alpha2 and add conversion webhooks.

.gitignore

@@ -1,7 +1,9 @@
 devworkspace-crds
 config/crd/bases/workspace.devfile.io_devworkspaces.yaml
+config/crd/bases/workspace.devfile.io_devworkspacetemplates.yaml
 testbin
 .vscode
+__debug_bin
 
 # Binaries for programs and plugins
 *.exe

Makefile

@@ -13,14 +13,18 @@ SHELL := bash
 .SHELLFLAGS = -ec
 .ONESHELL:
 
+ifndef VERBOSE
+MAKEFLAGS += --silent
+endif
+
 export NAMESPACE ?= devworkspace-controller
 export IMG ?= quay.io/devfile/devworkspace-controller:next
 export ROUTING_SUFFIX ?= 192.168.99.100.nip.io
 export PULL_POLICY ?= Always
 export WEBHOOK_ENABLED ?= true
 export DEFAULT_ROUTING ?= basic
 REGISTRY_ENABLED ?= true
-DEVWORKSPACE_API_VERSION ?= v1alpha1
+DEVWORKSPACE_API_VERSION ?= aeda60d4361911da85103f224644bfa792498499
 
 #internal params
 INTERNAL_TMP_DIR=/tmp/devworkspace-controller
@@ -64,7 +68,7 @@ endif
 BUNDLE_METADATA_OPTS ?= $(BUNDLE_CHANNELS) $(BUNDLE_DEFAULT_CHANNEL)
 
 # Produce CRDs that work back to Kubernetes 1.11 (no version conversion)
-CRD_OPTIONS ?= "crd:trivialVersions=true"
+CRD_OPTIONS ?= "crd:crdVersions=v1,trivialVersions=true"
 
 # Get the currently used golang install path (in GOPATH/bin, unless GOBIN is set)
 ifeq (,$(shell go env GOBIN))
@@ -89,9 +93,12 @@ _print_vars:
 _create_namespace:
 	$(K8S_CLI) create namespace $(NAMESPACE) || true
 
-_generate_related_images_env:
-	@mkdir -p $(INTERNAL_TMP_DIR)
+_gen_configuration_env:
+	mkdir -p $(INTERNAL_TMP_DIR)
 	echo "export RELATED_IMAGE_devworkspace_webhook_server=$(IMG)" > $(RELATED_IMAGES_FILE)
+ifeq ($(PLATFORM),kubernetes)
+	echo "export WEBHOOK_SECRET_NAME=devworkspace-operator-webhook-cert" >> $(RELATED_IMAGES_FILE)
+endif
 	cat ./config/components/manager/manager.yaml \
 		| yq -r \
 			'.spec.template.spec.containers[]?.env[] | select(.name | startswith("RELATED_IMAGE")) | "export \(.name)=\"$${\(.name):-\(.value)}\""' \
@@ -131,7 +138,7 @@ manager: generate fmt vet
 
 # it's easier to bump whole kubeconfig instead of grabbing cluster URL from the current context
 _bump_kubeconfig:
-	@mkdir -p $(INTERNAL_TMP_DIR)
+	mkdir -p $(INTERNAL_TMP_DIR)
 ifndef KUBECONFIG
 	$(eval CONFIG_FILE = ${HOME}/.kube/config)
 else
@@ -140,20 +147,20 @@ endif
 	cp $(CONFIG_FILE) $(BUMPED_KUBECONFIG)
 
 _login_with_devworkspace_sa:
-	@$(eval SA_TOKEN := $(shell $(K8S_CLI) get secrets -o=json -n $(NAMESPACE) | jq -r '[.items[] | select (.type == "kubernetes.io/service-account-token" and .metadata.annotations."kubernetes.io/service-account.name" == "default")][0].data.token' | base64 --decode ))
-	@echo "Logging as controller's SA in $(NAMESPACE)"
+	$(eval SA_TOKEN := $(shell $(K8S_CLI) get secrets -o=json -n $(NAMESPACE) | jq -r '[.items[] | select (.type == "kubernetes.io/service-account-token" and .metadata.annotations."kubernetes.io/service-account.name" == "default")][0].data.token' | base64 --decode ))
+	echo "Logging as controller's SA in $(NAMESPACE)"
 	oc login --token=$(SA_TOKEN) --kubeconfig=$(BUMPED_KUBECONFIG)
 
 ### run: Run against the configured Kubernetes cluster in ~/.kube/config
-run: _print_vars _generate_related_images_env _bump_kubeconfig _login_with_devworkspace_sa
+run: _print_vars _gen_configuration_env _bump_kubeconfig _login_with_devworkspace_sa
 	source $(RELATED_IMAGES_FILE)
 	export KUBECONFIG=$(BUMPED_KUBECONFIG)
 	CONTROLLER_SERVICE_ACCOUNT_NAME=default \
 		WATCH_NAMESPACE=$(NAMESPACE) \
 		go run ./main.go
 
 
-debug: _print_vars _generate_related_images_env _bump_kubeconfig _login_with_devworkspace_sa
+debug: _print_vars _gen_configuration_env _bump_kubeconfig _login_with_devworkspace_sa
 	source $(RELATED_IMAGES_FILE)
 	export KUBECONFIG=$(BUMPED_KUBECONFIG)
 	CONTROLLER_SERVICE_ACCOUNT_NAME=default \
@@ -166,23 +173,34 @@ install_crds: _kustomize _init_devworkspace_crds
 
 ### install: Install controller in the configured Kubernetes cluster in ~/.kube/config
 install: _print_vars _kustomize _init_devworkspace_crds _create_namespace deploy_registry
-	mv config/devel/kustomization.yaml config/devel/kustomization.yaml.bak
-	mv config/devel/config.properties config/devel/config.properties.bak
-	mv config/devel/manager_image_patch.yaml config/devel/manager_image_patch.yaml.bak
-
-	envsubst < config/devel/kustomization.yaml.bak > config/devel/kustomization.yaml
-	envsubst < config/devel/config.properties.bak > config/devel/config.properties
-	envsubst < config/devel/manager_image_patch.yaml.bak > config/devel/manager_image_patch.yaml
-	$(KUSTOMIZE) build config/devel | $(K8S_CLI) apply -f - || true
+	mv config/cert-manager/kustomization.yaml config/cert-manager/kustomization.yaml.bak
+	mv config/service-ca/kustomization.yaml config/service-ca/kustomization.yaml.bak
+	mv config/base/config.properties config/base/config.properties.bak
+	mv config/base/manager_image_patch.yaml config/base/manager_image_patch.yaml.bak
+
+	envsubst < config/cert-manager/kustomization.yaml.bak > config/cert-manager/kustomization.yaml
+	envsubst < config/service-ca/kustomization.yaml.bak > config/service-ca/kustomization.yaml
+	envsubst < config/base/config.properties.bak > config/base/config.properties
+	envsubst < config/base/manager_image_patch.yaml.bak > config/base/manager_image_patch.yaml
+ifeq ($(PLATFORM),kubernetes)
+	$(KUSTOMIZE) build config/cert-manager | $(K8S_CLI) apply -f - || true
+else
+	$(KUSTOMIZE) build config/service-ca | $(K8S_CLI) apply -f - || true
+endif
 
-	mv config/devel/kustomization.yaml.bak config/devel/kustomization.yaml
-	mv config/devel/config.properties.bak config/devel/config.properties
-	mv config/devel/manager_image_patch.yaml.bak config/devel/manager_image_patch.yaml
+	mv config/cert-manager/kustomization.yaml.bak config/cert-manager/kustomization.yaml
+	mv config/service-ca/kustomization.yaml.bak config/service-ca/kustomization.yaml
+	mv config/base/config.properties.bak config/base/config.properties
+	mv config/base/manager_image_patch.yaml.bak config/base/manager_image_patch.yaml
 
 ### restart: Restart devworkspace-controller deployment
 restart:
 	$(K8S_CLI) rollout restart -n $(NAMESPACE) deployment/devworkspace-controller-manager
 
+### restart_webhook: Restart devworkspace-controller webhook deployment
+restart_webhook:
+	$(K8S_CLI) rollout restart -n $(NAMESPACE) deployment/devworkspace-webhook-server
+
 ### uninstall: Remove controller resources from the cluster
 uninstall: _kustomize
 # It's safer to delete all workspaces before deleting the controller; otherwise we could
@@ -191,7 +209,11 @@ uninstall: _kustomize
 	$(K8S_CLI) delete devworkspacetemplates.workspace.devfile.io --all-namespaces --all | true
 # Have to wait for routings to be deleted in case there are finalizers
 	$(K8S_CLI) delete workspaceroutings.controller.devfile.io --all-namespaces --all --wait | true
-	kustomize build config/devel | $(K8S_CLI) delete --ignore-not-found -f -
+ifeq ($(PLATFORM),kubernetes)
+	$(KUSTOMIZE) build config/cert-manager | $(K8S_CLI) delete --ignore-not-found -f -
+else
+	$(KUSTOMIZE) build config/service-ca | $(K8S_CLI) delete --ignore-not-found -f -
+endif
 	$(K8S_CLI) delete all -l "app.kubernetes.io/part-of=devworkspace-operator" --all-namespaces
 	$(K8S_CLI) delete mutatingwebhookconfigurations.admissionregistration.k8s.io controller.devfile.io --ignore-not-found
 	$(K8S_CLI) delete validatingwebhookconfigurations.admissionregistration.k8s.io controller.devfile.io --ignore-not-found
@@ -227,7 +249,7 @@ endif
 fmt_license:
 ifneq ($(shell command -v addlicense 2> /dev/null),)
 	@echo 'addlicense -v -f license_header.txt **/*.go'
-	@addlicense -v -f license_header.txt $$(find . -name '*.go')
+	addlicense -v -f license_header.txt $$(find . -name '*.go')
 else
 	$(error addlicense must be installed for this rule: go get -u github.com/google/addlicense)
 endif
@@ -268,6 +290,10 @@ else
 CONTROLLER_GEN=$(shell which controller-gen)
 endif
 
+### install_cert_manager: install Cert Mananger v1.0.4 on the cluster
+install_cert_manager:
+	kubectl apply --validate=false -f https://github.com/jetstack/cert-manager/releases/download/v1.0.4/cert-manager.yaml
+
 _kustomize:
 ifeq (, $(shell which kustomize))
 	@{ \
@@ -289,19 +315,6 @@ ifneq ($(shell operator-sdk version | cut -d , -f 1 | cut -d : -f 2 | cut -d \"
 	@echo 'WARN: Please use the recommended operator-sdk if you face any issue.'
 endif
 
-# Generate bundle manifests and metadata, then validate generated files.
-.PHONY: bundle
-bundle: manifests _operator_sdk
-	operator-sdk generate kustomize manifests -q
-	cd config/manager && $(KUSTOMIZE) edit set image controller=$(IMG)
-	$(KUSTOMIZE) build config/manifests | operator-sdk generate bundle -q --overwrite --version $(VERSION) $(BUNDLE_METADATA_OPTS)
-	operator-sdk bundle validate ./bundle
-
-# Build the bundle image.
-.PHONY: bundle-build
-bundle-build:
-	docker build -f bundle.Dockerfile -t $(BUNDLE_IMG) .
-
 .PHONY: help
 ### help: print this message
 help: Makefile

apis/controller/v1alpha1/component.go

@@ -13,7 +13,7 @@
 package v1alpha1
 
 import (
-	devworkspace "github.com/devfile/api/pkg/apis/workspaces/v1alpha1"
+	devworkspace "github.com/devfile/api/pkg/apis/workspaces/v1alpha2"
 )
 
 // Description of a devfile component's workspace additions

apis/controller/v1alpha1/component_types.go

@@ -13,7 +13,7 @@
 package v1alpha1
 
 import (
-	devworkspace "github.com/devfile/api/pkg/apis/workspaces/v1alpha1"
+	devworkspace "github.com/devfile/api/pkg/apis/workspaces/v1alpha2"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -26,6 +26,8 @@ type WorkspaceComponentSpec struct {
 	Components []devworkspace.Component `json:"components"`
 	// Commands from devfile, to be matched to components
 	Commands []devworkspace.Command `json:"commands,omitempty"`
+	// Events
+	Events *devworkspace.Events `json:"events,omitempty"`
 }
 
 // ComponentStatus defines the observed state of Component

apis/controller/v1alpha1/workspacerouting_types.go

@@ -13,7 +13,7 @@
 package v1alpha1
 
 import (
-	devworkspace "github.com/devfile/api/pkg/apis/workspaces/v1alpha1"
+	devworkspace "github.com/devfile/api/pkg/apis/workspaces/v1alpha2"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 

config/base/kustomization.yaml

@@ -0,0 +1,25 @@
+bases:
+- ../components/manager
+- ../components/rbac
+- ../crd
+
+generatorOptions:
+  disableNameSuffixHash: true
+
+configMapGenerator:
+- name: configmap
+  envs:
+  - config.properties
+
+patchesStrategicMerge:
+- manager_image_patch.yaml
+
+vars:
+- name: OPERATOR_NAMESPACE
+  objref:
+    kind: Deployment
+    group: apps
+    version: v1
+    name: manager
+  fieldref:
+    fieldpath: metadata.namespace

config/devel/manager_image_patch.yaml → config/base/manager_image_patch.yaml

@@ -1,3 +1,4 @@
+# This patch sets the image used for deployment according to environment variables.
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@@ -11,5 +12,5 @@ spec:
         image: ${IMG}
         imagePullPolicy: Always
         env:
-        - name: RELATED_IMAGE_devworkspace_webhook_server
-          value: ${IMG}
+          - name: RELATED_IMAGE_devworkspace_webhook_server
+            value: ${IMG}

config/cert-manager/crd_webhooks_patch.yaml

@@ -0,0 +1,41 @@
+# Add webhooks to the devfile/api CRDs
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: devworkspaces.workspace.devfile.io
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      conversionReviewVersions: ["v1"]
+      clientConfig:
+        service:
+          namespace: system
+          # Note: service name is hard-coded in pkg/webhook/server/server.go
+          name: devworkspace-webhookserver
+          path: /convert
+        # caBundle will be filled by cert-manager on creation
+        caBundle: Cg==
+---
+# Add webhooks to the devfile/api CRDs
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: devworkspacetemplates.workspace.devfile.io
+  annotations:
+    cert-manager.io/inject-ca-from: $(CERTIFICATE_NAMESPACE)/$(CERTIFICATE_NAME)
+spec:
+  conversion:
+    strategy: Webhook
+    webhook:
+      conversionReviewVersions: ["v1"]
+      clientConfig:
+        service:
+          namespace: system
+          # Note: service name is hard-coded in pkg/webhook/server/server.go
+          name: devworkspace-webhookserver
+          path: /convert
+        # caBundle will be filled by cert-manager on creation
+        caBundle: Cg==

config/cert-manager/kustomization.yaml

@@ -0,0 +1,42 @@
+# Adds namespace to all resources.
+namespace: ${NAMESPACE}
+
+# Prefix for names of all resources created by this kustomization
+namePrefix: devworkspace-controller-
+
+# Labels to add to all resources and selectors.
+commonLabels:
+  app.kubernetes.io/name: devworkspace-controller
+  app.kubernetes.io/part-of: devworkspace-operator
+
+bases:
+- ../base
+- ../components/cert-manager
+
+patchesStrategicMerge:
+- manager_certmanager_patch.yaml
+- crd_webhooks_patch.yaml
+
+vars:
+- name: WEBHOOK_CA_SECRET_NAME
+  objref:
+    kind: Certificate
+    group: cert-manager.io
+    version: v1
+    name: serving-cert
+  fieldref:
+    fieldpath: spec.secretName
+- name: CERTIFICATE_NAMESPACE
+  objref:
+    kind: Certificate
+    group: cert-manager.io
+    version: v1
+    name: serving-cert
+  fieldref:
+    fieldpath: metadata.namespace
+- name: CERTIFICATE_NAME
+  objref:
+    kind: Certificate
+    group: cert-manager.io
+    version: v1
+    name: serving-cert