diff --git a/config/rbac/role/role.yaml b/config/rbac/role/role.yaml index c1c0bb007..48267f297 100644 --- a/config/rbac/role/role.yaml +++ b/config/rbac/role/role.yaml @@ -123,6 +123,22 @@ rules: - get - patch - update +- apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities + verbs: + - get + - list + - watch +- apiGroups: + - configuration.konghq.com + resources: + - kongcustomentities/status + verbs: + - get + - patch + - update - apiGroups: - configuration.konghq.com resources: diff --git a/internal/versions/controlplane.go b/internal/versions/controlplane.go index 9ae01c33d..bca648ed4 100644 --- a/internal/versions/controlplane.go +++ b/internal/versions/controlplane.go @@ -13,7 +13,7 @@ const ( // and those tests create KIC's URLs for things like roles or CRDs. // Since KIC only defines the full tags in its repo (as expected) we cannot use // a partial version here, as it would not match KIC's tag. - DefaultControlPlaneVersion = "3.1.3" // renovate: datasource=docker depName=kong/kubernetes-ingress-controller + DefaultControlPlaneVersion = "3.2.0" // renovate: datasource=docker depName=kong/kubernetes-ingress-controller ) // minimumControlPlaneVersion indicates the bare minimum version of the @@ -34,7 +34,8 @@ var minimumControlPlaneVersion = semver.MustParse("3.1.2") // the release 5.0, a new entry '">=5.0": "5.0"' should be added to this map, and the previous most // updated entry should be limited to "<5.0". var ManifestsVersionsForKICVersions = map[string]semver.Version{ - ">=3.1": semver.MustParse("3.1.3"), + ">=3.2": semver.MustParse("3.2.0"), + ">=3.1, <3.2": semver.MustParse("3.1.6"), } // IsControlPlaneImageVersionSupported is a helper intended to validate the diff --git a/pkg/utils/kubernetes/resources/clusterrole_helpers_test.go b/pkg/utils/kubernetes/resources/clusterrole_helpers_test.go index 2ba2b0ff8..bb6c54776 100644 --- a/pkg/utils/kubernetes/resources/clusterrole_helpers_test.go +++ b/pkg/utils/kubernetes/resources/clusterrole_helpers_test.go @@ -23,7 +23,7 @@ func TestClusterroleHelpers(t *testing.T) { controlplane: "test_3.1.2", image: "kong/kubernetes-ingress-controller:3.1.2", expectedClusterRole: func() *rbacv1.ClusterRole { - cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_1("test_3.1.2") + cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_1_lt3_2("test_3.1.2") resources.LabelObjectAsControlPlaneManaged(cr) return cr }, @@ -33,7 +33,7 @@ func TestClusterroleHelpers(t *testing.T) { image: "kong/kubernetes-ingress-controller:3.1", devMode: true, expectedClusterRole: func() *rbacv1.ClusterRole { - cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_1("test_3.1_dev") + cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_2("test_3.1_dev") resources.LabelObjectAsControlPlaneManaged(cr) return cr }, @@ -48,7 +48,7 @@ func TestClusterroleHelpers(t *testing.T) { image: "kong/kubernetes-ingress-controller:3.0.0", devMode: true, expectedClusterRole: func() *rbacv1.ClusterRole { - cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_1("test_3.0_dev") + cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_2("test_3.0_dev") resources.LabelObjectAsControlPlaneManaged(cr) return cr }, @@ -63,7 +63,7 @@ func TestClusterroleHelpers(t *testing.T) { image: "kong/kubernetes-ingress-controller:1.0", devMode: true, expectedClusterRole: func() *rbacv1.ClusterRole { - cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_1("test_unsupported_dev") + cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_2("test_unsupported_dev") resources.LabelObjectAsControlPlaneManaged(cr) return cr }, @@ -78,7 +78,17 @@ func TestClusterroleHelpers(t *testing.T) { image: "test/development:main", devMode: true, expectedClusterRole: func() *rbacv1.ClusterRole { - cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_1("test_invalid_tag_dev") + cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_2("test_invalid_tag_dev") + resources.LabelObjectAsControlPlaneManaged(cr) + return cr + }, + }, + { + controlplane: "cp-3-2-0", + image: "kong/kubernetes-ingress-controller:3.2.0", + devMode: false, + expectedClusterRole: func() *rbacv1.ClusterRole { + cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_2("cp-3-2-0") resources.LabelObjectAsControlPlaneManaged(cr) return cr }, diff --git a/pkg/utils/kubernetes/resources/clusterroles/zz_generated_controlplane_clusterrole_ge3_1.go b/pkg/utils/kubernetes/resources/clusterroles/zz_generated_controlplane_clusterrole_ge3_1_lt3_2.go similarity index 98% rename from pkg/utils/kubernetes/resources/clusterroles/zz_generated_controlplane_clusterrole_ge3_1.go rename to pkg/utils/kubernetes/resources/clusterroles/zz_generated_controlplane_clusterrole_ge3_1_lt3_2.go index 9efb2d7ac..9772548a5 100755 --- a/pkg/utils/kubernetes/resources/clusterroles/zz_generated_controlplane_clusterrole_ge3_1.go +++ b/pkg/utils/kubernetes/resources/clusterroles/zz_generated_controlplane_clusterrole_ge3_1_lt3_2.go @@ -15,10 +15,10 @@ import ( // ClusterRole generator // ----------------------------------------------------------------------------- -// GenerateNewClusterRoleForControlPlane_ge3_1 is a helper to generate a ClusterRole +// GenerateNewClusterRoleForControlPlane_ge3_1_lt3_2 is a helper to generate a ClusterRole // resource with all the permissions needed by the controlplane deployment. -// It is used for controlplanes that match the semver constraint ">=3.1" -func GenerateNewClusterRoleForControlPlane_ge3_1(controlplaneName string) *rbacv1.ClusterRole { +// It is used for controlplanes that match the semver constraint ">=3.1, <3.2" +func GenerateNewClusterRoleForControlPlane_ge3_1_lt3_2(controlplaneName string) *rbacv1.ClusterRole { return &rbacv1.ClusterRole{ ObjectMeta: metav1.ObjectMeta{ GenerateName: k8sutils.TrimGenerateName(fmt.Sprintf("%s-", controlplaneName)), diff --git a/pkg/utils/kubernetes/resources/clusterroles/zz_generated_controlplane_clusterrole_ge3_2.go b/pkg/utils/kubernetes/resources/clusterroles/zz_generated_controlplane_clusterrole_ge3_2.go new file mode 100755 index 000000000..2aa70e301 --- /dev/null +++ b/pkg/utils/kubernetes/resources/clusterroles/zz_generated_controlplane_clusterrole_ge3_2.go @@ -0,0 +1,641 @@ +// This file is generated by /hack/generators/kic/role-generator. DO NOT EDIT. + +package clusterroles + +import ( + "fmt" + + rbacv1 "k8s.io/api/rbac/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + k8sutils "github.com/kong/gateway-operator/pkg/utils/kubernetes" +) + +// ----------------------------------------------------------------------------- +// ClusterRole generator +// ----------------------------------------------------------------------------- + +// GenerateNewClusterRoleForControlPlane_ge3_2 is a helper to generate a ClusterRole +// resource with all the permissions needed by the controlplane deployment. +// It is used for controlplanes that match the semver constraint ">=3.2" +func GenerateNewClusterRoleForControlPlane_ge3_2(controlplaneName string) *rbacv1.ClusterRole { + return &rbacv1.ClusterRole{ + ObjectMeta: metav1.ObjectMeta{ + GenerateName: k8sutils.TrimGenerateName(fmt.Sprintf("%s-", controlplaneName)), + Labels: map[string]string{ + "app": controlplaneName, + }, + }, + Rules: []rbacv1.PolicyRule{ + + { + APIGroups: []string{ + "apiextensions.k8s.io", + }, + Resources: []string{ + "customresourcedefinitions", + }, + Verbs: []string{ + "list", "watch", + }, + }, + + { + APIGroups: []string{ + "", + }, + Resources: []string{ + "events", + }, + Verbs: []string{ + "create", "patch", + }, + }, + { + APIGroups: []string{ + "", + }, + Resources: []string{ + "nodes", + }, + Verbs: []string{ + "list", "watch", + }, + }, + { + APIGroups: []string{ + "", + }, + Resources: []string{ + "pods", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "", + }, + Resources: []string{ + "secrets", + }, + Verbs: []string{ + "list", "watch", + }, + }, + { + APIGroups: []string{ + "", + }, + Resources: []string{ + "services", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "", + }, + Resources: []string{ + "services/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "ingressclassparameterses", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongclusterplugins", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongclusterplugins/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongconsumergroups", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongconsumergroups/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongconsumers", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongconsumers/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongcustomentities", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongcustomentities/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongingresses", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongingresses/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "konglicenses", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "konglicenses/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongplugins", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongplugins/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongupstreampolicies", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongupstreampolicies/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongvaults", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "kongvaults/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "tcpingresses", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "tcpingresses/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "udpingresses", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "configuration.konghq.com", + }, + Resources: []string{ + "udpingresses/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "discovery.k8s.io", + }, + Resources: []string{ + "endpointslices", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "httproutes", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "incubator.ingress-controller.konghq.com", + }, + Resources: []string{ + "kongservicefacades", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "incubator.ingress-controller.konghq.com", + }, + Resources: []string{ + "kongservicefacades/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "networking.k8s.io", + }, + Resources: []string{ + "ingressclasses", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "networking.k8s.io", + }, + Resources: []string{ + "ingresses", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "networking.k8s.io", + }, + Resources: []string{ + "ingresses/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + + { + APIGroups: []string{ + "", + }, + Resources: []string{ + "configmaps", + }, + Verbs: []string{ + "get", "list", "watch", "create", "update", "patch", "delete", + }, + }, + { + APIGroups: []string{ + "coordination.k8s.io", + }, + Resources: []string{ + "leases", + }, + Verbs: []string{ + "get", "list", "watch", "create", "update", "patch", "delete", + }, + }, + + { + APIGroups: []string{ + "", + }, + Resources: []string{ + "namespaces", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "gatewayclasses", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "gatewayclasses/status", + }, + Verbs: []string{ + "get", "update", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "gateways", + }, + Verbs: []string{ + "get", "list", "update", "watch", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "gateways/status", + }, + Verbs: []string{ + "get", "update", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "grpcroutes", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "grpcroutes/status", + }, + Verbs: []string{ + "get", "patch", "update", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "httproutes/status", + }, + Verbs: []string{ + "get", "update", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "referencegrants", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "referencegrants/status", + }, + Verbs: []string{ + "get", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "tcproutes", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "tcproutes/status", + }, + Verbs: []string{ + "get", "update", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "tlsroutes", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "tlsroutes/status", + }, + Verbs: []string{ + "get", "update", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "udproutes", + }, + Verbs: []string{ + "get", "list", "watch", + }, + }, + { + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + Resources: []string{ + "udproutes/status", + }, + Verbs: []string{ + "get", "update", + }, + }, + }, + } +} diff --git a/pkg/utils/kubernetes/resources/clusterroles/zz_generated_kong_ingress_controller_rbac_ge3_1.go b/pkg/utils/kubernetes/resources/clusterroles/zz_generated_kong_ingress_controller_rbac_ge3_1_lt3_2.go similarity index 100% rename from pkg/utils/kubernetes/resources/clusterroles/zz_generated_kong_ingress_controller_rbac_ge3_1.go rename to pkg/utils/kubernetes/resources/clusterroles/zz_generated_kong_ingress_controller_rbac_ge3_1_lt3_2.go diff --git a/pkg/utils/kubernetes/resources/clusterroles/zz_generated_kong_ingress_controller_rbac_ge3_2.go b/pkg/utils/kubernetes/resources/clusterroles/zz_generated_kong_ingress_controller_rbac_ge3_2.go new file mode 100755 index 000000000..809ef0449 --- /dev/null +++ b/pkg/utils/kubernetes/resources/clusterroles/zz_generated_kong_ingress_controller_rbac_ge3_2.go @@ -0,0 +1,66 @@ +// This file is generated by /hack/generators/kic/role-generator. DO NOT EDIT. + +package clusterroles + +// ----------------------------------------------------------------------------- +// Kong Ingress Controller - RBAC +// ----------------------------------------------------------------------------- + +//+kubebuilder:rbac:groups=apiextensions.k8s.io,resources=customresourcedefinitions,verbs=list;watch + +//+kubebuilder:rbac:groups=core,resources=events,verbs=create;patch +//+kubebuilder:rbac:groups=core,resources=nodes,verbs=list;watch +//+kubebuilder:rbac:groups=core,resources=pods,verbs=get;list;watch +//+kubebuilder:rbac:groups=core,resources=secrets,verbs=list;watch +//+kubebuilder:rbac:groups=core,resources=services,verbs=get;list;watch +//+kubebuilder:rbac:groups=core,resources=services/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=ingressclassparameterses,verbs=get;list;watch +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongclusterplugins,verbs=get;list;watch +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongclusterplugins/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumergroups,verbs=get;list;watch +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumergroups/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumers,verbs=get;list;watch +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongconsumers/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcustomentities,verbs=get;list;watch +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongcustomentities/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongingresses,verbs=get;list;watch +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongingresses/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=konglicenses,verbs=get;list;watch +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=konglicenses/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongplugins,verbs=get;list;watch +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongplugins/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongupstreampolicies,verbs=get;list;watch +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongupstreampolicies/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongvaults,verbs=get;list;watch +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=kongvaults/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=tcpingresses,verbs=get;list;watch +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=tcpingresses/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=udpingresses,verbs=get;list;watch +//+kubebuilder:rbac:groups=configuration.konghq.com,resources=udpingresses/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=discovery.k8s.io,resources=endpointslices,verbs=get;list;watch +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=httproutes,verbs=get;list;watch +//+kubebuilder:rbac:groups=incubator.ingress-controller.konghq.com,resources=kongservicefacades,verbs=get;list;watch +//+kubebuilder:rbac:groups=incubator.ingress-controller.konghq.com,resources=kongservicefacades/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=networking.k8s.io,resources=ingressclasses,verbs=get;list;watch +//+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses,verbs=get;list;watch +//+kubebuilder:rbac:groups=networking.k8s.io,resources=ingresses/status,verbs=get;patch;update + +//+kubebuilder:rbac:groups=core,resources=configmaps,verbs=get;list;watch;create;update;patch;delete +//+kubebuilder:rbac:groups=coordination.k8s.io,resources=leases,verbs=get;list;watch;create;update;patch;delete + +//+kubebuilder:rbac:groups=core,resources=namespaces,verbs=get;list;watch +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gatewayclasses,verbs=get;list;watch +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gatewayclasses/status,verbs=get;update +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gateways,verbs=get;list;update;watch +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=gateways/status,verbs=get;update +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=grpcroutes,verbs=get;list;watch +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=grpcroutes/status,verbs=get;patch;update +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=httproutes/status,verbs=get;update +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=referencegrants,verbs=get;list;watch +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=referencegrants/status,verbs=get +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=tcproutes,verbs=get;list;watch +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=tcproutes/status,verbs=get;update +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=tlsroutes,verbs=get;list;watch +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=tlsroutes/status,verbs=get;update +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=udproutes,verbs=get;list;watch +//+kubebuilder:rbac:groups=gateway.networking.k8s.io,resources=udproutes/status,verbs=get;update diff --git a/pkg/utils/kubernetes/resources/validatingwebhookconfig/zz_generated_kic_ge3_1_lt3_2.go b/pkg/utils/kubernetes/resources/validatingwebhookconfig/zz_generated_kic_ge3_1_lt3_2.go new file mode 100644 index 000000000..4d28713c6 --- /dev/null +++ b/pkg/utils/kubernetes/resources/validatingwebhookconfig/zz_generated_kic_ge3_1_lt3_2.go @@ -0,0 +1,341 @@ +// This file is generated by /hack/generators/kic/webhook-config-generator. DO NOT EDIT. + +package validatingwebhookconfig + +import ( + "github.com/samber/lo" + admregv1 "k8s.io/api/admissionregistration/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// GenerateValidatingWebhookConfigurationForKIC_ge3_1_lt3_2 generates a ValidatingWebhookConfiguration for KIC >=3.1, <3.2. +func GenerateValidatingWebhookConfigurationForKIC_ge3_1_lt3_2(name string, clientConfig admregv1.WebhookClientConfig) *admregv1.ValidatingWebhookConfiguration { + return &admregv1.ValidatingWebhookConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + }, + Webhooks: []admregv1.ValidatingWebhook{ + { + Name: "httproutes.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + APIVersions: []string{ + "v1", + "v1beta1", + }, + Resources: []string{ + "httproutes", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "ingresses.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "networking.k8s.io", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "ingresses", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongclusterplugins.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "kongclusterplugins", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongconsumergroups.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1beta1", + }, + Resources: []string{ + "kongconsumergroups", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongconsumers.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "kongconsumers", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongingresses.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "kongingresses", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongplugins.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "kongplugins", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongvaults.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1alpha1", + }, + Resources: []string{ + "kongvaults", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "secrets.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "secrets", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "services.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "services", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + }, + } +} diff --git a/pkg/utils/kubernetes/resources/validatingwebhookconfig/zz_generated_kic_ge3_2.go b/pkg/utils/kubernetes/resources/validatingwebhookconfig/zz_generated_kic_ge3_2.go new file mode 100644 index 000000000..94d346cf3 --- /dev/null +++ b/pkg/utils/kubernetes/resources/validatingwebhookconfig/zz_generated_kic_ge3_2.go @@ -0,0 +1,341 @@ +// This file is generated by /hack/generators/kic/webhook-config-generator. DO NOT EDIT. + +package validatingwebhookconfig + +import ( + "github.com/samber/lo" + admregv1 "k8s.io/api/admissionregistration/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// GenerateValidatingWebhookConfigurationForKIC_ge3_2 generates a ValidatingWebhookConfiguration for KIC >=3.2. +func GenerateValidatingWebhookConfigurationForKIC_ge3_2(name string, clientConfig admregv1.WebhookClientConfig) *admregv1.ValidatingWebhookConfiguration { + return &admregv1.ValidatingWebhookConfiguration{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + }, + Webhooks: []admregv1.ValidatingWebhook{ + { + Name: "httproutes.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "gateway.networking.k8s.io", + }, + APIVersions: []string{ + "v1", + "v1beta1", + }, + Resources: []string{ + "httproutes", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "ingresses.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "networking.k8s.io", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "ingresses", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongclusterplugins.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "kongclusterplugins", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongconsumergroups.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1beta1", + }, + Resources: []string{ + "kongconsumergroups", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongconsumers.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "kongconsumers", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongcustomentities.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1alpha1", + }, + Resources: []string{ + "kongcustomentities", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongingresses.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "kongingresses", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongplugins.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "kongplugins", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "kongvaults.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "configuration.konghq.com", + }, + APIVersions: []string{ + "v1alpha1", + }, + Resources: []string{ + "kongvaults", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + { + Name: "services.validation.ingress-controller.konghq.com", + ClientConfig: clientConfig, + // We're using 'Ignore' failure policy to avoid issues with modifying resources when webhook-backing + // Deployments (ControlPlane and DataPlane) are not available. + // See https://github.com/Kong/gateway-operator/issues/1564 for more details. + FailurePolicy: lo.ToPtr(admregv1.Ignore), + MatchPolicy: lo.ToPtr(admregv1.MatchPolicyType("Equivalent")), + SideEffects: lo.ToPtr(admregv1.SideEffectClass("None")), + AdmissionReviewVersions: []string{ + "v1", + }, + Rules: []admregv1.RuleWithOperations{ + { + Rule: admregv1.Rule{ + APIGroups: []string{ + "", + }, + APIVersions: []string{ + "v1", + }, + Resources: []string{ + "services", + }, + }, + Operations: []admregv1.OperationType{ + "CREATE", + "UPDATE", + }, + }, + }, + }, + }, + } +} diff --git a/pkg/utils/kubernetes/resources/zz_generated_clusterrole_helpers.go b/pkg/utils/kubernetes/resources/zz_generated_clusterrole_helpers.go index 48817cef5..3543028ca 100755 --- a/pkg/utils/kubernetes/resources/zz_generated_clusterrole_helpers.go +++ b/pkg/utils/kubernetes/resources/zz_generated_clusterrole_helpers.go @@ -60,12 +60,22 @@ func GenerateNewClusterRoleForControlPlane(controlplaneName string, image string return nil, err } - constraint, err = semver.NewConstraint(">=3.1") + constraint, err = semver.NewConstraint(">=3.1, <3.2") if err != nil { return nil, err } if constraint.Check(semVersion) { - cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_1(controlplaneName) + cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_1_lt3_2(controlplaneName) + LabelObjectAsControlPlaneManaged(cr) + return cr, nil + } + + constraint, err = semver.NewConstraint(">=3.2") + if err != nil { + return nil, err + } + if constraint.Check(semVersion) { + cr := clusterroles.GenerateNewClusterRoleForControlPlane_ge3_2(controlplaneName) LabelObjectAsControlPlaneManaged(cr) return cr, nil } diff --git a/pkg/utils/kubernetes/resources/zz_generated_kic_validatingwebhookconfig.go b/pkg/utils/kubernetes/resources/zz_generated_kic_validatingwebhookconfig.go index d891fb08f..0b13bd799 100644 --- a/pkg/utils/kubernetes/resources/zz_generated_kic_validatingwebhookconfig.go +++ b/pkg/utils/kubernetes/resources/zz_generated_kic_validatingwebhookconfig.go @@ -54,12 +54,23 @@ func GenerateValidatingWebhookConfigurationForControlPlane(webhookName string, i var constraint *semver.Constraints - constraint, err = semver.NewConstraint(">=3.1") + constraint, err = semver.NewConstraint(">=3.1, <3.2") if err != nil { return nil, err } if constraint.Check(semVersion) { - cfg := webhook.GenerateValidatingWebhookConfigurationForKIC_ge3_1(webhookName, clientConfig) + cfg := webhook.GenerateValidatingWebhookConfigurationForKIC_ge3_1_lt3_2(webhookName, clientConfig) + pkgapisadmregv1.SetObjectDefaults_ValidatingWebhookConfiguration(cfg) + LabelObjectAsControlPlaneManaged(cfg) + return cfg, nil + } + + constraint, err = semver.NewConstraint(">=3.2") + if err != nil { + return nil, err + } + if constraint.Check(semVersion) { + cfg := webhook.GenerateValidatingWebhookConfigurationForKIC_ge3_2(webhookName, clientConfig) pkgapisadmregv1.SetObjectDefaults_ValidatingWebhookConfiguration(cfg) LabelObjectAsControlPlaneManaged(cfg) return cfg, nil diff --git a/test/conformance/conformance_test.go b/test/conformance/conformance_test.go index 05d1c6691..f42f796ca 100644 --- a/test/conformance/conformance_test.go +++ b/test/conformance/conformance_test.go @@ -21,6 +21,7 @@ import ( "github.com/kong/gateway-operator/api/v1beta1" gwtypes "github.com/kong/gateway-operator/internal/types" "github.com/kong/gateway-operator/modules/manager/metadata" + "github.com/kong/gateway-operator/pkg/consts" testutils "github.com/kong/gateway-operator/pkg/utils/test" "github.com/kong/gateway-operator/pkg/vars" ) @@ -185,9 +186,7 @@ func createGatewayConfiguration(ctx context.Context, t *testing.T, c Conformance Value: "debug", }, }, - // TODO: https://github.com/Kong/gateway-operator/issues/294 - // change nightly to 3.2 when that's released - Image: "kong/nightly-ingress-controller:2024-05-28", + Image: consts.DefaultControlPlaneImage, }, }, },