Update go client to v0.26.x

[WoodyWoodsta]

As per the removal list, v1beta1 FlowSchema and PriorityLevelConfiguration resources are removed.

These must be replaced with v1beta3, with support beginning at k8s v.1.26

[WoodyWoodsta]

After some searching, I see it's the k8s go client which is out of date, and the cause for the schema deprecations.

FWIW, without this update, running the webhook on k8s v1.26 gives you the following errors:

E0221 17:17:37.316428       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.2/tools/cache/reflector.go:167: Failed to watch *v1beta1.FlowSchema: failed to list *v1beta1.FlowSchema: the server could not find the requested resource
E0221 17:18:15.818629       1 reflector.go:138] pkg/mod/k8s.io/client-go@v0.22.2/tools/cache/reflector.go:167: Failed to watch *v1beta1.PriorityLevelConfiguration: failed to list *v1beta1.PriorityLevelConfiguration: the server could not find the requested resource

[AlexLarentis01]

Any recommendations on how to fix this?

[WoodyWoodsta]

No other way other than to upgrade client-go. I'm not that well versed in go but I can maybe give it a try.

[AlexLarentis01]

yeah I've tried this as well but broke the dependency tree. Not fun!

[ashishsinghdev]

Facing the same issue, any luck ?

[WoodyWoodsta]

I haven't managed to put effort into it. We might switch to something like Cloudflare for which cert manager has official support.

[ashishsinghdev]

@WoodyWoodsta, same for me, I've created an NS record for staging my main registrar DNS zone settings, and then using GCP's cloud DNS (using SOA record) to manage DNS zone for stagting.. subdomain.

It's working flawlessly in cert-manager. May be I'll move the main domain's NS and SOA out of godaddy

[cmoulliard]

@WoodyWoodsta @ashishsinghdev Do you recommend that we bump the kubernetes go client finally ?

[WoodyWoodsta]

I believe that would be at least what is needed. Not sure what else would be required as a result.

FWIW We've since moved everything over to Cloudflare.

[cmoulliard]

As per the removal list, v1beta1 FlowSchema and PriorityLevelConfiguration resources are removed.

These must be replaced with v1beta3, with support beginning at k8s v.1.26

Are you sure ? My kube cluster 1.24 reports to use: v1beta2

W0919 16:06:56.906835       1 warnings.go:70] flowcontrol.apiserver.k8s.io/v1beta1 FlowSchema is deprecated in v1.23+, unavailable in v1.26+; use flowcontrol.apiserver.k8s.io/v1beta2 FlowSchema
W0919 16:06:56.906832       1 warnings.go:70] flowcontrol.apiserver.k8s.io/v1beta1 PriorityLevelConfiguration is deprecated in v1.23+, unavailable in v1.26+; use flowcontrol.apiserver.k8s.io/v1beta2 PriorityLevelConfiguration

[WoodyWoodsta]

Well then that contradicts with Kubernetes' own deprecation note here

[WoodyWoodsta]

Reading further up that link, 1.29 will deprecate v1beta2: https://kubernetes.io/docs/reference/using-api/deprecation-guide/#flowcontrol-resources-v129

[cmoulliard]

Too many kube releases and too many deprecations :-(

[cmoulliard]

I created a PR to bump the project to cert manager 1.13, client-go 1.27. Interested to review my PR @WoodyWoodsta ?

[cmoulliard]

Using kubernetes 1.27 and the PR deployed using certificate manager 1.13, I dont see the flow errors

I0919 17:09:16.100279       1 handler.go:232] Adding GroupVersion acme.mycompany.com v1alpha1 to ResourceManager
I0919 17:09:16.101967       1 requestheader_controller.go:169] Starting RequestHeaderAuthRequestController
I0919 17:09:16.101983       1 shared_informer.go:311] Waiting for caches to sync for RequestHeaderAuthRequestController
I0919 17:09:16.101968       1 configmap_cafile_content.go:202] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::client-ca-file"
I0919 17:09:16.102013       1 shared_informer.go:311] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I0919 17:09:16.101972       1 configmap_cafile_content.go:202] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
I0919 17:09:16.102028       1 shared_informer.go:311] Waiting for caches to sync for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0919 17:09:16.102620       1 dynamic_serving_content.go:132] "Starting controller" name="serving-cert::/tls/tls.crt::/tls/tls.key"
I0919 17:09:16.103046       1 secure_serving.go:210] Serving securely on :443
I0919 17:09:16.103082       1 tlsconfig.go:240] "Starting DynamicServingCertificateController"
I0919 17:09:16.202274       1 shared_informer.go:318] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file
I0919 17:09:16.202270       1 shared_informer.go:318] Caches are synced for client-ca::kube-system::extension-apiserver-authentication::client-ca-file
I0919 17:09:16.202283       1 shared_informer.go:318] Caches are synced for RequestHeaderAuthRequestController
INFO[0020] ### CleanUp should delete the relevant TXT record for the challengeKey: bILuGJkugOUVQCDfqHmXXuMvJZ_NQjZeOMJkIHQ0UF4
INFO[0020] ### URL request issued to check if the TXT DNS record is present: /v1/domains/snowdrop.dev/records/TXT/_acme-challenge.console-openshift-console.apps.ocp
INFO[0020] ### CleanUp should delete the relevant TXT record for the challengeKey: pJR3GFZEOB6t-uVYYqE62TAPZ7APbhhoO5ie-n8o6uY
INFO[0020] ### URL request issued to check if the TXT DNS record is present: /v1/domains/snowdrop.dev/records/TXT/_acme-challenge
INFO[0020] ### CleanUp should delete the relevant TXT record for the challengeKey: VivE1jdrPQhIE32CJrhKpinZEtu-sgk1jlktcoHuBbs
INFO[0020] ### URL request issued to check if the TXT DNS record is present: /v1/domains/halkyon.io/records/TXT/_acme-challenge.www
INFO[0020] ### CleanUp should delete the relevant TXT record for the challengeKey: TeRxBiq_KnpHd-kyqLFZfEaBb2jmLUacJmLu7UqzAxA
INFO[0020] ### URL request issued to check if the TXT DNS record is present: /v1/domains/halkyon.io/records/TXT/_acme-challenge
INFO[0020] ### No TXT Record found using godaddy REST API !
I0919 17:09:36.868150       1 trace.go:236] Trace[1490478376]: "Create" accept:application/json, */*,audit-id:4bf09a79-2c73-4edc-bc46-939dc52a5e15,client:10.244.0.9,protocol:HTTP/2.0,resource:godaddy,sco
Trace[1490478376]: ---"Write to database call succeeded" len:380 666ms (17:09:36.867)
Trace[1490478376]: [667.217167ms] [667.217167ms] END
INFO[0020] ### No TXT Record found using godaddy REST API !
I0919 17:09:36.895971       1 trace.go:236] Trace[670382309]: "Create" accept:application/json, */*,audit-id:28530d1c-25ad-45d4-aed2-71996d7a52eb,client:10.244.0.9,protocol:HTTP/2.0,resource:godaddy,scop
Trace[670382309]: ---"Write to database call succeeded" len:379 734ms (17:09:36.895)
Trace[670382309]: [735.179542ms] [735.179542ms] END
INFO[0020] ### No TXT Record found using godaddy REST API !

[cmoulliard]

Issue fixed. See release tagged and Helm chart v0.2.0

@WoodyWoodsta @ashishsinghdev

[ssrahul96]

i hope the manual deployment scripts are not updated @ https://github.com/snowdrop/godaddy-webhook/blob/main/deploy/webhook-all.yml

[cmoulliard]

I missed to release the All resources yaml file. To use 0.1 or 0.2 released image, just change the image tag here: https://github.com/snowdrop/godaddy-webhook/blob/main/deploy/webhook-all.yml#L263

[cmoulliard]

manual deployment scripts

I created a ticket to include it part of the next release process: https://github.com/snowdrop/godaddy-webhook/issues/34. I will in the meantime include the new env variables added to helm to configure the logger. #34

[cmoulliard]

All resources updated. Commit: https://github.com/snowdrop/godaddy-webhook/commit/eab77fd992f518e2cd12bc5c22998d4b32f040dd @ssrahul96