0. Introduce ClusterName field to ClusterResourceSetBinding

1. remove the Cluster owner reference from the ClusterResourceSetBinding.

2. update the clusterName field in the CRS controller to update existing CRSbindings with the new field.

3. adding a check in the validation webhook preventing the cluster name to be changed once it is set

Signed-off-by: chaunceyjiang <[email protected]>

Author: chaunceyjiang

config/crd/bases/addons.cluster.x-k8s.io_clusterresourcesetbindings.yaml

@@ -410,6 +410,28 @@ webhooks:
     resources:
     - clusterresourcesets
   sideEffects: None
+- admissionReviewVersions:
+  - v1
+  - v1beta1
+  clientConfig:
+    service:
+      name: webhook-service
+      namespace: system
+      path: /validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding
+  failurePolicy: Fail
+  matchPolicy: Equivalent
+  name: validation.clusterresourcesetbinding.addons.cluster.x-k8s.io
+  rules:
+  - apiGroups:
+    - addons.cluster.x-k8s.io
+    apiVersions:
+    - v1beta1
+    operations:
+    - CREATE
+    - UPDATE
+    resources:
+    - clusterresourcesetbindings
+  sideEffects: None
 - admissionReviewVersions:
   - v1
   - v1beta1

config/webhook/manifests.yaml

@@ -17,9 +17,11 @@ limitations under the License.
 package v1alpha3
 
 import (
+	apiconversion "k8s.io/apimachinery/pkg/conversion"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"
 
 	addonsv1 "sigs.k8s.io/cluster-api/exp/addons/api/v1beta1"
+	utilconversion "sigs.k8s.io/cluster-api/util/conversion"
 )
 
 func (src *ClusterResourceSet) ConvertTo(dstRaw conversion.Hub) error {
@@ -49,13 +51,31 @@ func (dst *ClusterResourceSetList) ConvertFrom(srcRaw conversion.Hub) error {
 func (src *ClusterResourceSetBinding) ConvertTo(dstRaw conversion.Hub) error {
 	dst := dstRaw.(*addonsv1.ClusterResourceSetBinding)
 
-	return Convert_v1alpha3_ClusterResourceSetBinding_To_v1beta1_ClusterResourceSetBinding(src, dst, nil)
+	if err := Convert_v1alpha3_ClusterResourceSetBinding_To_v1beta1_ClusterResourceSetBinding(src, dst, nil); err != nil {
+		return err
+	}
+	// Manually restore data.
+	restored := &addonsv1.ClusterResourceSetBinding{}
+	if ok, err := utilconversion.UnmarshalData(src, restored); err != nil || !ok {
+		return err
+	}
+	dst.Spec.ClusterName = restored.Spec.ClusterName
+	return nil
 }
 
 func (dst *ClusterResourceSetBinding) ConvertFrom(srcRaw conversion.Hub) error {
 	src := srcRaw.(*addonsv1.ClusterResourceSetBinding)
 
-	return Convert_v1beta1_ClusterResourceSetBinding_To_v1alpha3_ClusterResourceSetBinding(src, dst, nil)
+	if err := Convert_v1beta1_ClusterResourceSetBinding_To_v1alpha3_ClusterResourceSetBinding(src, dst, nil); err != nil {
+		return err
+	}
+
+	// Preserve Hub data on down-conversion except for metadata
+	if err := utilconversion.MarshalData(src, dst); err != nil {
+		return err
+	}
+
+	return nil
 }
 
 func (src *ClusterResourceSetBindingList) ConvertTo(dstRaw conversion.Hub) error {
@@ -69,3 +89,9 @@ func (dst *ClusterResourceSetBindingList) ConvertFrom(srcRaw conversion.Hub) err
 
 	return Convert_v1beta1_ClusterResourceSetBindingList_To_v1alpha3_ClusterResourceSetBindingList(src, dst, nil)
 }
+
+// Convert_v1beta1_ClusterResourceSetBindingSpec_To_v1alpha3_ClusterResourceSetBindingSpec is a conversion function.
+func Convert_v1beta1_ClusterResourceSetBindingSpec_To_v1alpha3_ClusterResourceSetBindingSpec(in *addonsv1.ClusterResourceSetBindingSpec, out *ClusterResourceSetBindingSpec, s apiconversion.Scope) error {
+	// Spec.ClusterName does not exist in ClusterResourceSetBinding v1alpha3 API.
+	return autoConvert_v1beta1_ClusterResourceSetBindingSpec_To_v1alpha3_ClusterResourceSetBindingSpec(in, out, s)
+}

exp/addons/api/v1alpha3/conversion.go

@@ -17,9 +17,11 @@ limitations under the License.
 package v1alpha4
 
 import (
+	apiconversion "k8s.io/apimachinery/pkg/conversion"
 	"sigs.k8s.io/controller-runtime/pkg/conversion"
 
 	addonsv1 "sigs.k8s.io/cluster-api/exp/addons/api/v1beta1"
+	utilconversion "sigs.k8s.io/cluster-api/util/conversion"
 )
 
 func (src *ClusterResourceSet) ConvertTo(dstRaw conversion.Hub) error {
@@ -49,13 +51,31 @@ func (dst *ClusterResourceSetList) ConvertFrom(srcRaw conversion.Hub) error {
 func (src *ClusterResourceSetBinding) ConvertTo(dstRaw conversion.Hub) error {
 	dst := dstRaw.(*addonsv1.ClusterResourceSetBinding)
 
-	return Convert_v1alpha4_ClusterResourceSetBinding_To_v1beta1_ClusterResourceSetBinding(src, dst, nil)
+	if err := Convert_v1alpha4_ClusterResourceSetBinding_To_v1beta1_ClusterResourceSetBinding(src, dst, nil); err != nil {
+		return err
+	}
+	// Manually restore data.
+	restored := &addonsv1.ClusterResourceSetBinding{}
+	if ok, err := utilconversion.UnmarshalData(src, restored); err != nil || !ok {
+		return err
+	}
+	dst.Spec.ClusterName = restored.Spec.ClusterName
+	return nil
 }
 
 func (dst *ClusterResourceSetBinding) ConvertFrom(srcRaw conversion.Hub) error {
 	src := srcRaw.(*addonsv1.ClusterResourceSetBinding)
 
-	return Convert_v1beta1_ClusterResourceSetBinding_To_v1alpha4_ClusterResourceSetBinding(src, dst, nil)
+	if err := Convert_v1beta1_ClusterResourceSetBinding_To_v1alpha4_ClusterResourceSetBinding(src, dst, nil); err != nil {
+		return err
+	}
+
+	// Preserve Hub data on down-conversion except for metadata
+	if err := utilconversion.MarshalData(src, dst); err != nil {
+		return err
+	}
+
+	return nil
 }
 
 func (src *ClusterResourceSetBindingList) ConvertTo(dstRaw conversion.Hub) error {
@@ -69,3 +89,9 @@ func (dst *ClusterResourceSetBindingList) ConvertFrom(srcRaw conversion.Hub) err
 
 	return Convert_v1beta1_ClusterResourceSetBindingList_To_v1alpha4_ClusterResourceSetBindingList(src, dst, nil)
 }
+
+// Convert_v1beta1_ClusterResourceSetBindingSpec_To_v1alpha4_ClusterResourceSetBindingSpec is a conversion function.
+func Convert_v1beta1_ClusterResourceSetBindingSpec_To_v1alpha4_ClusterResourceSetBindingSpec(in *addonsv1.ClusterResourceSetBindingSpec, out *ClusterResourceSetBindingSpec, s apiconversion.Scope) error {
+	// Spec.ClusterName does not exist in ClusterResourceSetBinding v1alpha4 API.
+	return autoConvert_v1beta1_ClusterResourceSetBindingSpec_To_v1alpha4_ClusterResourceSetBindingSpec(in, out, s)
+}

exp/addons/api/v1alpha3/zz_generated.conversion.go

@@ -133,6 +133,11 @@ type ClusterResourceSetBindingSpec struct {
 	// Bindings is a list of ClusterResourceSets and their resources.
 	// +optional
 	Bindings []*ResourceSetBinding `json:"bindings,omitempty"`
+
+	// ClusterName is the name of the Cluster this binding applies to.
+	// Note: this field mandatory in v1beta2.
+	// +optional
+	ClusterName string `json:"clusterName,omitempty"`
 }
 
 // ANCHOR_END: ClusterResourceSetBindingSpec

exp/addons/api/v1alpha4/conversion.go

@@ -0,0 +1,78 @@
+/*
+Copyright 2022 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1beta1
+
+import (
+	"fmt"
+
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/util/validation/field"
+	ctrl "sigs.k8s.io/controller-runtime"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
+
+	"sigs.k8s.io/cluster-api/feature"
+)
+
+func (c *ClusterResourceSetBinding) SetupWebhookWithManager(mgr ctrl.Manager) error {
+	return ctrl.NewWebhookManagedBy(mgr).
+		For(c).
+		Complete()
+}
+
+// +kubebuilder:webhook:verbs=create;update,path=/validate-addons-cluster-x-k8s-io-v1beta1-clusterresourcesetbinding,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=addons.cluster.x-k8s.io,resources=clusterresourcesetbindings,versions=v1beta1,name=validation.clusterresourcesetbinding.addons.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1
+
+var _ webhook.Validator = &ClusterResourceSetBinding{}
+
+// ValidateCreate implements webhook.Validator so a webhook will be registered for the type.
+func (c *ClusterResourceSetBinding) ValidateCreate() error {
+	return c.validate(nil)
+}
+
+// ValidateUpdate implements webhook.Validator so a webhook will be registered for the type.
+func (c *ClusterResourceSetBinding) ValidateUpdate(old runtime.Object) error {
+	oldBinding, ok := old.(*ClusterResourceSetBinding)
+	if !ok {
+		return apierrors.NewBadRequest(fmt.Sprintf("expected a ClusterResourceSetBinding but got a %T", old))
+	}
+	return c.validate(oldBinding)
+}
+
+// ValidateDelete implements webhook.Validator so a webhook will be registered for the type.
+func (c *ClusterResourceSetBinding) ValidateDelete() error {
+	return nil
+}
+
+func (c *ClusterResourceSetBinding) validate(old *ClusterResourceSetBinding) error {
+	// NOTE: ClusterResourceSet is behind ClusterResourceSet feature gate flag; the web hook
+	// must prevent creating new objects in case the feature flag is disabled.
+	if !feature.Gates.Enabled(feature.ClusterResourceSet) {
+		return field.Forbidden(
+			field.NewPath("spec"),
+			"can be set only if the ClusterResourceSet feature flag is enabled",
+		)
+	}
+	var allErrs field.ErrorList
+	if old != nil && old.Spec.ClusterName != "" && old.Spec.ClusterName != c.Spec.ClusterName {
+		allErrs = append(allErrs,
+			field.Invalid(field.NewPath("spec", "clusterName"), c.Spec.ClusterName, "field is immutable"))
+	}
+	if len(allErrs) == 0 {
+		return nil
+	}
+	return apierrors.NewInvalid(GroupVersion.WithKind("ClusterResourceSetBinding").GroupKind(), c.Name, allErrs)
+}