feat: auto certs through the init container

.github/workflows/ci.yaml

@@ -12,7 +12,8 @@ jobs:
     if: "!contains(github.event.head_commit.message, '[ci skip]')"
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - name: Checkout
+        uses: actions/checkout@v4
       - uses: actions/setup-go@v5
         with:
           go-version-file: go.mod
@@ -34,3 +35,4 @@ jobs:
       - name: Run e2e tests
         run: |
           make deploy
+          kubectl rollout status deploy/kcl-webhook-server --timeout=1m

.github/workflows/release.yaml

@@ -8,7 +8,7 @@ on:
 permissions:
   contents: write
 jobs:
-  image-amd64:
+  webhook-init-image-amd64:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -26,6 +26,10 @@ jobs:
           version: v0.11.2
           install: true
 
+      - name: Copy and edit amd4 arch for Dockerfile
+        run: |
+          cp docker/amd64/Dockerfile.init Dockerfile
+
       # <--- Login, build and push image to Docker Hub --->
       - name: Login to Docker Hub
         uses: docker/login-action@v3
@@ -37,7 +41,7 @@ jobs:
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: kcllang/webhookserver
+          images: kcllang/webhook-init
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:
@@ -47,7 +51,98 @@ jobs:
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
 
-  image-arm64:
+  webhook-server-image-amd64:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: v0.11.2
+          install: true
+
+      - name: Copy and edit amd4 arch for Dockerfile
+        run: |
+          cp docker/amd64/Dockerfile.server Dockerfile
+
+      # <--- Login, build and push image to Docker Hub --->
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: kcllang/webhook-server
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/amd64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  webhook-init-image-arm64:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Set up Go
+        uses: actions/setup-go@v5
+        with:
+          go-version-file: go.mod
+
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v3
+        with:
+          platforms: all
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          version: v0.11.2
+          install: true
+
+      # <--- Login, build and push image to Docker Hub --->
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Copy and edit arm64 arch for Dockerfile
+        run: |
+          cp docker/amd64/Dockerfile.init Dockerfile
+          sed -i 's/kcllang/kcl-arm64\/kcllang/kcl/g' Dockerfile
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: kcllang/webhook-init-arm64
+      - name: Build and push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          platforms: linux/arm64
+          push: ${{ github.event_name != 'pull_request' }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+
+  webhook-server-image-arm64:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
@@ -76,17 +171,16 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_PASSWORD }}
 
-      - name: Edit arm64 arch for Dockerfile
+      - name: Copy and edit arm64 arch for Dockerfile
         run: |
-          sed -i 's/ubuntu:22.04/arm64v8\/ubuntu:20.04/g' Dockerfile
+          cp docker/amd64/Dockerfile.server Dockerfile
           sed -i 's/kcllang/kcl-arm64\/kcllang/kcl/g' Dockerfile
-          echo "ENV KCL_FAST_EVAL=1" >> Dockerfile
 
       - name: Extract metadata (tags, labels) for Docker
         id: meta
         uses: docker/metadata-action@v5
         with:
-          images: kcllang/webhookserver-arm64
+          images: kcllang/webhook-server-arm64
       - name: Build and push Docker image
         uses: docker/build-push-action@v6
         with:

Makefile

@@ -6,7 +6,7 @@
 VERSION ?= 0.2.0
 
 # Image URL to use all building/pushing image targets
-IMG ?= kcllang/webhookserver
+IMG ?= kcllang/webhook-server
 # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary.
 ENVTEST_K8S_VERSION = 1.30.0
 
@@ -68,7 +68,7 @@ help: ## Display this help.
 
 .PHONY: manifests
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
+	$(CONTROLLER_GEN) rbac:roleName=webhook-role crd webhook paths="./..." output:crd:artifacts:config=config/crd/bases
 
 .PHONY: generate
 generate: controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -90,44 +90,46 @@ test: manifests generate fmt vet envtest ## Run tests.
 
 .PHONY: build
 build: ## Build binaries.
-	make manager
+	make webhook
 
 .PHONY: build
 build-linux: ## Build binaries.
-	make manager-linux
+	make webhook-linux
 
-.PHONY: manager
-manager: manifests generate fmt vet ## Build manager binary
-	go build -o bin/manager main.go
+.PHONY: webhook
+webhook: manifests generate fmt vet ## Build webhook server and init container binary
+	go build -o bin/wehbook-server cmd/webhook-server/main.go
+	go build -o bin/wehbook-init cmd/webhook-init/main.go
 
-.PHONY: manager-linux
-manager-linux: generate fmt vet
-	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o build/bin/manager main.go
+.PHONY: webook-linux
+webhook-linux: generate fmt vet
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o bin/wehbook-server cmd/webhook-server/main.go
+	CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o bin/wehbook-init cmd/webhook-init/main.go
 
 .PHONY: run
 run: manifests generate fmt vet ## Run a controller from your host.
 	go run ./main.go
 
-# If you wish built the manager image targeting other platforms you can use the --platform flag.
+# If you wish built the webhook image targeting other platforms you can use the --platform flag.
 # (i.e. docker build --platform linux/arm64 ). However, you must enable docker buildKit for it.
 # More info: https://docs.docker.com/develop/develop-images/build_enhancements/
 .PHONY: docker-build
-docker-build: ## Build docker image with the manager.
+docker-build: ## Build docker image with the webhook.
 	docker build -t $(IMG) .
 
 .PHONY: docker-push
-docker-push: ## Push docker image with the manager.
+docker-push: ## Push docker image with the webhook.
 	docker push ${IMG}
 
-# PLATFORMS defines the target platforms for the manager image be build to provide support to multiple
+# PLATFORMS defines the target platforms for the webhook image be build to provide support to multiple
 # architectures. (i.e. make docker-buildx IMG=myregistry/mypoperator:0.0.1). To use this option you need to:
 # - able to use docker buildx . More info: https://docs.docker.com/build/buildx/
 # - have enable BuildKit, More info: https://docs.docker.com/develop/develop-images/build_enhancements/
 # - be able to push the image for your registry (i.e. if you do not inform a valid value via IMG=<myregistry/image:<tag>> then the export will fail)
 # To properly provided solutions that supports more than one platform you should use this option.
 PLATFORMS ?= linux/arm64,linux/amd64,linux/s390x,linux/ppc64le
 .PHONY: docker-buildx
-docker-buildx: test ## Build and push docker image for the manager for cross-platform support
+docker-buildx: test ## Build and push docker image for the webhook for cross-platform support
 	# copy existing Dockerfile and insert --platform=${BUILDPLATFORM} into Dockerfile.cross, and preserve the original Dockerfile
 	sed -e '1 s/\(^FROM\)/FROM --platform=\$$\{BUILDPLATFORM\}/; t' -e ' 1,// s//FROM --platform=\$$\{BUILDPLATFORM\}/' Dockerfile > Dockerfile.cross
 	- docker buildx create --name project-v3-builder