vmware-tanzu · katmutua · Apr 26, 2022 · Apr 5, 2022 · Apr 5, 2022 · Apr 6, 2022
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -21,7 +21,7 @@ jobs:
         go-version: 1.18.x
     - name: Test
       run: make test
-    - uses: codecov/codecov-action@v2
+    - uses: codecov/codecov-action@v3
     - name: Build
       run: |
         set -o errexit

diff --git a/api/openapi-spec/conventions-server..yaml b/api/openapi-spec/conventions-server..yaml
@@ -0,0 +1,90 @@
+openapi: 3.0.0
+info:
+  title: Conventions server 
+  description: >-
+    "a sample conventions server"
+  version: 1.0.0
+  license:
+    name: Apache-2.0
+    url: 'https://www.apache.org/licenses/LICENSE-2.0.html'
+paths:
+  /webhook:
+    post:
+      description: "a sample conventions server"
+      responses:
+        200:
+          description: Successfully applied defined conventions
+          content:
+            "application/json":
+              schema:
+                $ref: '#/components/schemas/PodConventionContext'
+        400:
+          description: Error decoding PodConventionContext from request body or request body is nil 
+        500:
+          description: Internal server error
+          content:
+            "application/json":
+              schema:
+                $ref: '#/components/schemas/ErrorResponse'
+components:
+  schemas:
+    PodConventionContext: 
+      type: object
+      properties:
+        spec:
+          $ref: "#/components/schemas/PodConventionContextSpec"
+        status:
+          $ref: "#/components/schemas/PodConventionContextStatus"
+    PodConventionContextSpec:
+      type: object
+      properties:
+        Template:
+          $ref: "#/components/schemas/PodTemplateSpec"
+        ImageConfig:
+          $ref: "#/components/schemas/ImageConfig"
+    PodConventionContextStatus:
+      type: object 
+      properties:
+        Template: 
+          $ref: "#/components/schemas/PodTemplateSpec"
+        appliedConventions:
+          description: a string array of conventions to be applied 
+          type: object 
+    ImageConfig:
+      type: object 
+      properties: 
+        image: 
+          type: string 
+          description: a string reference to the image name and tag or associated digest
+        boms:
+          $ref: "#/components/schemas/BOM"
+        config: 
+          type: object 
+          description: "a ggcrv1 config file object"
+    BOM: 
+      type: object 
+      properties:
+        name: 
+          type: string 
+        raw: 
+          description: an array of bytes 
+          type: array
+          items:
+            type: object
+    PodTemplateSpec:
+      type: object 
+      properties: 
+        spec: 
+          $ref: "kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#pod-v1-core"
-          $ref: "kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#pod-v1-core"
+          $ref: "kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#pod-v1-core"
-          $ref: "kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#pod-v1-core"
+          $ref: "kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#pod-v1-core"
+          description: specification of the desired behavior of a pod
+    ErrorResponse:
+      type: object
+      properties:
+        error:
+          $ref: "#/components/schemas/Error"
+    Error:
+      type: object
+      properties:
+        message:
+          type: string
+          example: "Some unexpected error"
diff --git a/config/default/kustomization.yaml b/config/default/kustomization.yaml
@@ -10,7 +10,7 @@ namePrefix: cartographer-conventions-
 
 # Labels to add to all resources and selectors.
 commonLabels:
-  component: conventions.carto.run
+  app.kubernetes.io/component: conventions
 
 bases:
 - ../crd

diff --git a/dist/bundle.yaml b/dist/bundle.yaml
@@ -35,7 +35,7 @@ type: kubernetes.io/dockerconfigjson
 data:
   .dockerconfigjson: e30K
 
-#@overlay/match by=overlay.subset({"apiVersion":"apps/v1","kind":"Deployment","metadata":{"labels":{"component":"conventions.carto.run"}}})
+#@overlay/match by=overlay.subset({"apiVersion":"apps/v1","kind":"Deployment","metadata":{"labels":{"app.kubernetes.io/component":"conventions"}}})
 ---
 spec:
   template:

diff --git a/dist/cartographer-conventions.yaml b/dist/cartographer-conventions.yaml
@@ -4,7 +4,7 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.8.0
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
   name: clusterpodconventions.conventions.carto.run
 spec:
   group: conventions.carto.run
@@ -112,7 +112,7 @@ metadata:
   annotations:
     controller-gen.kubebuilder.io/version: v0.8.0
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
     duck.knative.dev/podspecable: "true"
   name: podintents.conventions.carto.run
 spec:
@@ -6328,7 +6328,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: Role
 metadata:
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
   name: cartographer-conventions-leader-election-role
   namespace: cartographer-system
 rules:
@@ -6390,7 +6390,7 @@ kind: ClusterRole
 metadata:
   creationTimestamp: null
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
   name: cartographer-conventions-manager-role
 rules:
 - apiGroups:
@@ -6474,7 +6474,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
   name: cartographer-conventions-proxy-role
 rules:
 - apiGroups:
@@ -6494,7 +6494,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding
 metadata:
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
   name: cartographer-conventions-leader-election-rolebinding
   namespace: cartographer-system
 roleRef:
@@ -6510,7 +6510,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
   name: cartographer-conventions-manager-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -6525,7 +6525,7 @@ apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
   name: cartographer-conventions-proxy-rolebinding
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -6542,7 +6542,7 @@ data:
 kind: Secret
 metadata:
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
     control-plane: controller-manager
   name: cartographer-conventions-ca-certificates
   namespace: cartographer-system
@@ -6556,7 +6556,7 @@ metadata:
     prometheus.io/scheme: https
     prometheus.io/scrape: "true"
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
     control-plane: controller-manager
   name: cartographer-conventions-controller-manager-metrics-service
   namespace: cartographer-system
@@ -6566,42 +6566,42 @@ spec:
     port: 8443
     targetPort: https
   selector:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
     control-plane: controller-manager
 ---
 apiVersion: v1
 kind: Service
 metadata:
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
   name: cartographer-conventions-webhook-service
   namespace: cartographer-system
 spec:
   ports:
   - port: 443
     targetPort: 9443
   selector:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
     control-plane: controller-manager
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
     control-plane: controller-manager
   name: cartographer-conventions-controller-manager
   namespace: cartographer-system
 spec:
   replicas: 1
   selector:
     matchLabels:
-      component: conventions.carto.run
+      app.kubernetes.io/component: conventions
       control-plane: controller-manager
   template:
     metadata:
       labels:
-        component: conventions.carto.run
+        app.kubernetes.io/component: conventions
         control-plane: controller-manager
     spec:
       containers:
@@ -6664,7 +6664,7 @@ apiVersion: cert-manager.io/v1
 kind: Certificate
 metadata:
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
   name: cartographer-conventions-serving-cert
   namespace: cartographer-system
 spec:
@@ -6681,7 +6681,7 @@ apiVersion: cert-manager.io/v1
 kind: Issuer
 metadata:
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
   name: cartographer-conventions-selfsigned-issuer
   namespace: cartographer-system
 spec:
@@ -6694,7 +6694,7 @@ metadata:
     cert-manager.io/inject-ca-from: cartographer-system/cartographer-conventions-serving-cert
     admissions.enforcer/disabled: "true"
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
   name: cartographer-conventions-mutating-webhook-configuration
 webhooks:
 - admissionReviewVersions:
@@ -6745,7 +6745,7 @@ metadata:
     cert-manager.io/inject-ca-from: cartographer-system/cartographer-conventions-serving-cert
     admissions.enforcer/disabled: "true"
   labels:
-    component: conventions.carto.run
+    app.kubernetes.io/component: conventions
   name: cartographer-conventions-validating-webhook-configuration
 webhooks:
 - admissionReviewVersions:

diff --git a/docs/design.md b/docs/design.md
@@ -12,6 +12,7 @@
     - [PodIntent (conventions.carto.run/v1alpha1)](#podintent-conventionscartorunv1alpha1)
     - [ClusterPodConvention (conventions.carto.run/v1alpha1)](#clusterpodconvention-conventionscartorunv1alpha1)
     - [PodConventionContext (webhooks.conventions.carto.run/v1alpha1)](#podconventioncontext-webhooksconventionscartorunv1alpha1)
+  - [Webhook contract](#webhook-contract) 
 - [Lifecycle](#lifecycle)
   - [Security](#security)
   - [Supportability](#supportability)
@@ -237,6 +238,21 @@ status: # the response
 
 In the future other mechanisms may be defined to provide conventions other than webhooks. In particular, mechanisms that are safe to execute within the controller process like a YTT overlay or WebAssembly. Each mechanism will define the specifics of its own contract similar in scope to the `PodConventionContext`.
 
+#### Webhook Contract 
+
+In order for the conventions controller to apply a set of conventions, it requires these conventions to be authored in the form of a webhook. 
+
+The authored webhook is registered as follows:
+  ```
+  http.HandleFunc(< path >, webhook.ConventionHandler(ctx, conventions_name))
+  ```
+  The convention controller handler function expects a `context Context` and a function describing conventions to be applied. See [springboot-convetions example](../samples/spring-convention-server/server.go)
+  ```
+  http.HandleFunc("/", webhook.ConventionHandler(ctx, addSpringBootConventions))
+  ```
+  The `Handler` is called from the controller in priority order as defined by the `ClusterPodConvention`. 
+  The Open API Specification for the webhook is documented [here](/api/openapi-spec/conventions-server.yaml) 
+
 ## Lifecycle 
 
 Cartographer Conventions lives entirely within the user space of a Kubernetes cluster. It can be installed, upgraded and removed like any other CRDs with a controller. Upgrade instructions will be included with each release.