Compatibility with kubernetes 1.26

[fracarvic]

I'm currently running webhook-desec with kubernetes 1.25 and the logs shows the following deprecations:

2022-11-26 17:32:38 | W1126 16:32:38.400630       1 warnings.go:70] flowcontrol.apiserver.k8s.io/v1beta1 PriorityLevelConfiguration is deprecated in v1.23+, unavailable in v1.26+; use flowcontrol.apiserver.k8s.io/v1beta2 PriorityLevelConfiguration
2022-11-26 17:31:23 | W1126 16:31:23.592937       1 warnings.go:70] flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema is deprecated in v1.23+, unavailable in v1.26+; use flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema

The deprecated apis will disappear in versión 1.26.

Seems that cert-manager example project has updated depencencies.

I'm going to try to do a PR updating dependencies, even though my knowledge of go is negligible, i'll try.

[fracarvic]

I created a PR with updates to go and api versions, based on original cert-manager-webhook-example.

I have currently running on kubernetes 1.25 and didn't show any deprecation warnings.

[MrRulf]

Hi, is your stuff still up and running with the newer version? If yes, could you release your changes, maybe in a fork?

[fracarvic]

I have it working with kubernetes 1.26 without problems, but with warnings about deprecations in future versions:

2023-03-29 10:42:19 | W0329 08:42:19.438919       1 warnings.go:70] flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema is deprecated in v1.26+, unavailable in v1.29+; use flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema 
2023-03-29 10:35:51 | W0329 08:35:51.434751       1 warnings.go:70] flowcontrol.apiserver.k8s.io/v1beta2 PriorityLevelConfiguration is deprecated in v1.26+, unavailable in v1.29+; use flowcontrol.apiserver.k8s.io/v1beta3 PriorityLevelConfiguration

and some warnings in kubernetes-api about rate limited requeue.

I'm not an expert in kubernetes dev, and have very basic knowledge in go, that's why I haven't been brave enough to release a fork.

I think the best solution is desec.io implements RFC2136, with is supported directly by cert-manager and kubernetes external-dns, but I don't know if this will ever happen.

[irreleph4nt]

@kmorning if you are in any way unhappy with the self-promotion below, please let me know and I will delete my comment.

If anyone is still looking for an updated version of this hook, I have created another solver for desec which can be deployed via helm. It's available at irreleph4nt/cert-manager-webhook-desec-http.

[kmorning]

@irreleph4nt It's all good. I haven't had time to keep on top of this, so it's great you've provided another solution. I guess I'll have to look at this eventually when I get around to upgrading my cluster, but I may just opt for your solution at that point, so thanks.