Create a validation webhook

[erusso7]

Job done:

• Generated all the required files using operator-sdk to enable the webhook for the operator.
• Implemented the first validation using the Create and Update webhook
• Implement other validations to meet the Add a validating webhook #89 issue's requirements.
• Squash commits before the final PR

Pending to do:

• Adapt this code to make it work downstream

[k8s-ci-robot]

Hi @erusso7. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[netlify]

✅ Deploy Preview for kubernetes-sigs-kmm ready!

Name	Link
🔨 Latest commit	096a965
🔍 Latest deploy log	https://app.netlify.com/sites/kubernetes-sigs-kmm/deploys/64255b851da2d1000852a4c4
😎 Deploy Preview	https://deploy-preview-348--kubernetes-sigs-kmm.netlify.app/
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site settings.

[qbarrand]

I think we should also declare a dependency on cert-manager.

[codecov-commenter]

Codecov Report

Patch coverage: 92.30% and project coverage change: +0.25 🎉

Comparison is base (b2574f3) 82.84% compared to head (096a965) 83.10%.

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #348      +/-   ##
==========================================
+ Coverage   82.84%   83.10%   +0.25%     
==========================================
  Files          27       30       +3     
  Lines        2816     2882      +66     
==========================================
+ Hits         2333     2395      +62     
- Misses        392      396       +4     
  Partials       91       91              

Impacted Files	Coverage Δ
api/v1beta1/module_webhook.go	92.30% <92.30%> (ø)

... and 4 files with indirect coverage changes

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

[ybettan]

This is breaking make deploy or kubectl apply -k https://github.com/kubernetes-sigs/kernel-module-management/config/default.

I am tryin to make a local copy of https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml inside config/certmanager instead

@qbarrand thoughts?

[ybettan]

I have created 2 PRs to make sure we are not missing such changes in the future:

• Adding a prow script to test a basic deployment. #353
• Adding the test-deploy job to KMM. kubernetes/test-infra#29149

[ybettan]

Also, don't we need to install cert-manager and the validation webhook in manager-hub as well?
We can open an issue about it and do it in a later PR though.

[ybettan]

We may need to use kubernetes-sigs/kustomize#4708 (comment)

[ybettan]

I tried to extract the installation of certmanager (not the Certificate nor the Issuer but `certmanager itself) to another PR that should be used as a base for this PR IMO.

• Adding cert-manager to config/default. #355

[qbarrand]

@ybettan I think we should not add the 5000 lines of YAML for cert-manager. Instead:

• if users are installing with kubectl apply -k, then we should document that they need to run kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml beforehand;
• is users are installing from the OLM bundle, then we could specify that cert-manager is a dependency.

With regards to validating ManagedClusterModule in the Hub context, I would address that in a separate PR.

[ybettan]

Updated PR for installing cert-manager that install it from https directly instead of coping all the manifests.

• Installing cert-manager as part of the deployment. #359.

[ybettan]

@erusso7 Can you please rebase the PR on the new main branch?

[k8s-ci-robot]

@erusso7: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-kernel-module-management-test-deploy	743c053	link	true	/test pull-kernel-module-management-test-deploy

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[ybettan]

I don't know how this happened:

+ kubectl wait --for=condition=Available deployment/kmm-operator-controller-manager -n kmm-operator-system
deployment.apps/kmm-operator-controller-manager condition met
+ echo 'Add an kmm-ci Module that contains a valid mapping...'
+ kubectl apply -f ci/module-kmm-ci-build-sign.yaml
Add an kmm-ci Module that contains a valid mapping...
Error from server (InternalError): error when creating "ci/module-kmm-ci-build-sign.yaml": Internal error occurred: failed calling webhook "vmodule.kb.io": failed to call webhook: Post "[https://kmm-operator-webhook-service.kmm-operator-system.svc:443/validate-kmm-sigs-x-k8s-io-v1beta1-module?timeout=10s](https://kmm-operator-webhook-service.kmm-operator-system.svc/validate-kmm-sigs-x-k8s-io-v1beta1-module?timeout=10s)": dial tcp 10.103.134.208:443: connect: connection refused

[erusso7]

/retest

[yevgeny-shnaidman]

/retest

[ybettan]

/lgtm
/assign @qbarrand

[qbarrand]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: erusso7, qbarrand

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [qbarrand]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment