feat: add webhook server (#2566) (#267)

Signed-off-by: Ashing Zheng <[email protected]>

Author: ronething

PROJECT

@@ -2,7 +2,6 @@
 # This file is used to track the info used to scaffold your project
 # and allow the plugins properly work.
 # More info: https://book.kubebuilder.io/reference/project-config.html
-domain: github.com
 layout:
 - go.kubebuilder.io/v4
 projectName: apisix-ingress-controller
@@ -12,24 +11,13 @@ resources:
     crdVersion: v1
     namespaced: true
   controller: true
-  domain: github.com
-  group: apisix.apache.org
-  kind: Guestbook
-  path: github.com/apache/apisix-ingress-controller/api/v1alpha1
-  version: v1alpha1
-- api:
-    crdVersion: v1
-    namespaced: true
-  controller: true
-  domain: github.com
   group: apisix.apache.org
   kind: GatewayProxy
   path: github.com/apache/apisix-ingress-controller/api/v1alpha1
   version: v1alpha1
 - api:
     crdVersion: v1
     namespaced: true
-  domain: github.com
   group: apisix.apache.org
   kind: HTTPRoutePolicy
   path: github.com/apache/apisix-ingress-controller/api/v1alpha1
@@ -38,7 +26,6 @@ resources:
     crdVersion: v1
     namespaced: true
   controller: true
-  domain: github.com
   group: apisix.apache.org
   kind: ApisixRoute
   path: github.com/apache/apisix-ingress-controller/api/v2
@@ -47,7 +34,6 @@ resources:
     crdVersion: v1
     namespaced: true
   controller: true
-  domain: github.com
   group: apisix.apache.org
   kind: ApisixConsumer
   path: github.com/apache/apisix-ingress-controller/api/v2
@@ -56,7 +42,6 @@ resources:
     crdVersion: v1
     namespaced: true
   controller: true
-  domain: github.com
   group: apisix.apache.org
   kind: ApisixGlobalRule
   path: github.com/apache/apisix-ingress-controller/api/v2
@@ -65,7 +50,6 @@ resources:
     crdVersion: v1
     namespaced: true
   controller: true
-  domain: github.com
   group: apisix.apache.org
   kind: ApisixTls
   path: github.com/apache/apisix-ingress-controller/api/v2
@@ -74,17 +58,24 @@ resources:
     crdVersion: v1
     namespaced: true
   controller: true
-  domain: github.com
   group: apisix.apache.org
   kind: ApisixUpstream
   path: github.com/apache/apisix-ingress-controller/api/v2
   version: v2
 - api:
     crdVersion: v1
     namespaced: true
-  domain: github.com
   group: apisix.apache.org
   kind: ApisixPluginConfig
   path: github.com/apache/apisix-ingress-controller/api/v2
   version: v2
+- core: true
+  domain: k8s.io
+  group: networking
+  kind: Ingress
+  path: k8s.io/api/networking/v1
+  version: v1
+  webhooks:
+    validation: true
+    webhookVersion: v1
 version: "3"

config/certmanager/certificate-metrics.yaml

@@ -0,0 +1,20 @@
+# The following manifests contain a self-signed issuer CR and a metrics certificate CR.
+# More document can be found at https://docs.cert-manager.io
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    app.kubernetes.io/name: apisix-ingress-controller
+    app.kubernetes.io/managed-by: kustomize
+  name: metrics-certs  # this name should match the one appeared in kustomizeconfig.yaml
+  namespace: system
+spec:
+  dnsNames:
+  # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
+  # replacements in the config/default/kustomization.yaml file.
+  - SERVICE_NAME.SERVICE_NAMESPACE.svc
+  - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: selfsigned-issuer
+  secretName: metrics-server-cert

config/certmanager/certificate-webhook.yaml

@@ -0,0 +1,20 @@
+# The following manifests contain a self-signed issuer CR and a certificate CR.
+# More document can be found at https://docs.cert-manager.io
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  labels:
+    app.kubernetes.io/name: apisix-ingress-controller
+    app.kubernetes.io/managed-by: kustomize
+  name: serving-cert  # this name should match the one appeared in kustomizeconfig.yaml
+  namespace: system
+spec:
+  # SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize
+  # replacements in the config/default/kustomization.yaml file.
+  dnsNames:
+  - SERVICE_NAME.SERVICE_NAMESPACE.svc
+  - SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local
+  issuerRef:
+    kind: Issuer
+    name: selfsigned-issuer
+  secretName: webhook-server-cert

config/certmanager/issuer.yaml

@@ -0,0 +1,13 @@
+# The following manifest contains a self-signed issuer CR.
+# More information can be found at https://docs.cert-manager.io
+# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes.
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  labels:
+    app.kubernetes.io/name: apisix-ingress-controller
+    app.kubernetes.io/managed-by: kustomize
+  name: selfsigned-issuer
+  namespace: system
+spec:
+  selfSigned: {}

config/certmanager/kustomization.yaml

@@ -0,0 +1,7 @@
+resources:
+- issuer.yaml
+- certificate-webhook.yaml
+- certificate-metrics.yaml
+
+configurations:
+- kustomizeconfig.yaml

config/certmanager/kustomizeconfig.yaml

@@ -0,0 +1,8 @@
+# This configuration is for teaching kustomize how to update name ref substitution
+nameReference:
+- kind: Issuer
+  group: cert-manager.io
+  fieldSpecs:
+  - kind: Certificate
+    group: cert-manager.io
+    path: spec/issuerRef/name

config/crd/kustomization.yaml

@@ -42,5 +42,5 @@ patches:
 # [WEBHOOK] To enable webhook, uncomment the following section
 # the following config is for teaching kustomize how to do kustomization for CRDs.
 
-#configurations:
-#- kustomizeconfig.yaml
+configurations:
+- kustomizeconfig.yaml