feat: setup admission webhook

cmd/operator/app/command.go

@@ -20,6 +20,7 @@ import (
 
 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 	"github.com/spf13/cobra"
+	admissionv1 "k8s.io/api/admission/v1"
 	apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
@@ -30,6 +31,7 @@ import (
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/healthz"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
+	"sigs.k8s.io/controller-runtime/pkg/webhook"
 
 	"github.com/GreptimeTeam/greptimedb-operator/apis/v1alpha1"
 	"github.com/GreptimeTeam/greptimedb-operator/cmd/operator/app/options"
@@ -63,6 +65,9 @@ func init() {
 	// Add [PodMetrics](https://github.com/kubernetes/metrics/blob/master/pkg/apis/metrics/v1beta1/types.go) for fetching PodMetrics from metrics-server.
 	utilruntime.Must(podmetricsv1beta1.AddToScheme(scheme))
 
+	// Add admission webhook scheme.
+	utilruntime.Must(admissionv1.AddToScheme(scheme))
+
 	// +kubebuilder:scaffold:scheme
 }
 
@@ -77,6 +82,14 @@ func NewOperatorCommand() *cobra.Command {
 			setupLog := ctrl.Log.WithName("setup")
 			cfg := ctrl.GetConfigOrDie()
 
+			webhookServer := webhook.NewServer(webhook.Options{})
+			if o.EnableAdmissionWebhook {
+				webhookServerOptions := webhook.Options{
+					Port:    o.AdmissionWebhookPort,
+					CertDir: o.AdmissionWebhookCertDir,
+				}
+				webhookServer = webhook.NewServer(webhookServerOptions)
+			}
 			mgr, err := ctrl.NewManager(cfg, ctrl.Options{
 				Scheme:                 scheme,
 				HealthProbeBindAddress: o.HealthProbeAddr,
@@ -85,6 +98,7 @@ func NewOperatorCommand() *cobra.Command {
 				Metrics: metricsserver.Options{
 					BindAddress: o.MetricsAddr,
 				},
+				WebhookServer: webhookServer,
 			})
 			if err != nil {
 				setupLog.Error(err, "unable to start manager")
@@ -111,6 +125,17 @@ func NewOperatorCommand() *cobra.Command {
 				os.Exit(1)
 			}
 
+			if o.EnableAdmissionWebhook {
+				if err := (&v1alpha1.GreptimeDBCluster{}).SetupWebhookWithManager(mgr); err != nil {
+					setupLog.Error(err, "unable to setup admission webhook", "controller", "greptimedbcluster")
+					os.Exit(1)
+				}
+				if err := (&v1alpha1.GreptimeDBStandalone{}).SetupWebhookWithManager(mgr); err != nil {
+					setupLog.Error(err, "unable to setup admission webhook", "controller", "greptimedbstandalone")
+					os.Exit(1)
+				}
+			}
+
 			if o.EnableAPIServer {
 				server, err := apiserver.NewServer(mgr, &apiserver.Options{
 					Port:             o.APIServerPort,

cmd/operator/app/options/options.go

@@ -19,27 +19,35 @@ import (
 )
 
 const (
-	defaultMetricsAddr     = ":8080"
-	defaultHealthProbeAddr = ":9494"
-	defaultAPIServerPort   = 8081
+	defaultMetricsAddr             = ":8080"
+	defaultHealthProbeAddr         = ":9494"
+	defaultAPIServerPort           = 8081
+	defaultAdmissionWebhookPort    = 8082
+	defaultAdmissionWebhookCertDir = "/etc/greptimedb/admission-webhook-tls"
 )
 
 type Options struct {
-	MetricsAddr          string
-	HealthProbeAddr      string
-	EnableLeaderElection bool
-	EnableAPIServer      bool
-	APIServerPort        int32
-	EnablePodMetrics     bool
+	MetricsAddr             string
+	HealthProbeAddr         string
+	EnableLeaderElection    bool
+	EnableAPIServer         bool
+	APIServerPort           int32
+	EnablePodMetrics        bool
+	EnableAdmissionWebhook  bool
+	AdmissionWebhookPort    int
+	AdmissionWebhookCertDir string
 }
 
 func NewDefaultOptions() *Options {
 	return &Options{
-		MetricsAddr:      defaultMetricsAddr,
-		HealthProbeAddr:  defaultHealthProbeAddr,
-		APIServerPort:    defaultAPIServerPort,
-		EnableAPIServer:  false,
-		EnablePodMetrics: false,
+		MetricsAddr:             defaultMetricsAddr,
+		HealthProbeAddr:         defaultHealthProbeAddr,
+		APIServerPort:           defaultAPIServerPort,
+		EnableAPIServer:         false,
+		EnablePodMetrics:        false,
+		EnableAdmissionWebhook:  false,
+		AdmissionWebhookPort:    defaultAdmissionWebhookPort,
+		AdmissionWebhookCertDir: defaultAdmissionWebhookCertDir,
 	}
 }
 
@@ -50,4 +58,7 @@ func (o *Options) AddFlags(fs *pflag.FlagSet) {
 	fs.BoolVar(&o.EnableAPIServer, "enable-apiserver", o.EnableAPIServer, "Enable API server for GreptimeDB operator.")
 	fs.Int32Var(&o.APIServerPort, "apiserver-port", o.APIServerPort, "The port the API server binds to.")
 	fs.BoolVar(&o.EnablePodMetrics, "enable-pod-metrics", o.EnablePodMetrics, "Enable fetching PodMetrics from metrics-server.")
+	fs.BoolVar(&o.EnableAdmissionWebhook, "enable-admission-webhook", o.EnableAdmissionWebhook, "Enable admission webhook for GreptimeDB operator.")
+	fs.IntVar(&o.AdmissionWebhookPort, "admission-webhook-port", o.AdmissionWebhookPort, "The port the admission webhook binds to.")
+	fs.StringVar(&o.AdmissionWebhookCertDir, "admission-webhook-cert-dir", o.AdmissionWebhookCertDir, "The directory that contains the server key and certificate.")
 }

config/manager/manager.yaml

@@ -44,6 +44,7 @@ spec:
         args:
         - --enable-leader-election
         image: controller:latest
+        imagePullPolicy: IfNotPresent
         name: manager
         livenessProbe:
           httpGet:

manifests/bundle.yaml

@@ -22475,6 +22475,7 @@ spec:
         command:
         - greptimedb-operator
         image: greptime/greptimedb-operator:latest
+        imagePullPolicy: IfNotPresent
         livenessProbe:
           httpGet:
             path: /healthz

tests/e2e/setup/kafka-wal.yaml

@@ -26,8 +26,8 @@ metadata:
     strimzi.io/kraft: enabled
 spec:
   kafka:
-    version: 3.7.0
-    metadataVersion: 3.7-IV4
+    version: 3.9.0
+    metadataVersion: 3.9
     listeners:
       - name: plain
         port: 9092