rebase: Bump sigs.k8s.io/controller-runtime from 0.15.1 to 0.16.0

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.15.1 to 0.16.0. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.15.1...v0.16.0) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
2025-06-13 10:33:35 +00:00 · 2023-08-28 20:44:55 +00:00
parent 97d9f701ec
commit a51516501c
78 changed files with 1539 additions and 2899 deletions
--- a/vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/decode.go
+++ b/vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/decode.go
@ -71,6 +71,7 @@ func (d *Decoder) DecodeRaw(rawObj runtime.RawExtension, into runtime.Object) er
 			return err
 		}
 		unstructuredInto.SetUnstructuredContent(object)
+		return nil
 	}

 	deserializer := d.codecs.UniversalDeserializer()
--- a/vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/http.go
+++ b/vendor/sigs.k8s.io/controller-runtime/pkg/webhook/admission/http.go
@ -93,7 +93,7 @@ func (wh *Webhook) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 		wh.writeResponse(w, reviewResponse)
 		return
 	}
-	wh.getLogger(&req).V(4).Info("received request")
+	wh.getLogger(&req).V(5).Info("received request")

 	reviewResponse = wh.Handle(ctx, req)
 	wh.writeResponseTyped(w, reviewResponse, actualAdmRevGVK)
@ -136,11 +136,11 @@ func (wh *Webhook) writeAdmissionResponse(w io.Writer, ar v1.AdmissionReview) {
 		}
 	} else {
 		res := ar.Response
-		if log := wh.getLogger(nil); log.V(4).Enabled() {
+		if log := wh.getLogger(nil); log.V(5).Enabled() {
 			if res.Result != nil {
 				log = log.WithValues("code", res.Result.Code, "reason", res.Result.Reason, "message", res.Result.Message)
 			}
-			log.V(4).Info("wrote response", "requestID", res.UID, "allowed", res.Allowed)
+			log.V(5).Info("wrote response", "requestID", res.UID, "allowed", res.Allowed)
 		}
 	}
 }
--- a/vendor/sigs.k8s.io/controller-runtime/pkg/webhook/server.go
+++ b/vendor/sigs.k8s.io/controller-runtime/pkg/webhook/server.go
@ -77,37 +77,33 @@ type Options struct {
 	// It will be defaulted to 9443 if unspecified.
 	Port int

-	// CertDir is the directory that contains the server key and certificate. The
-	// server key and certificate.
+	// CertDir is the directory that contains the server key and certificate. Defaults to
+	// <temp-dir>/k8s-webhook-server/serving-certs.
 	CertDir string

 	// CertName is the server certificate name. Defaults to tls.crt.
 	//
-	// Note: This option should only be set when TLSOpts does not override GetCertificate.
+	// Note: This option is only used when TLSOpts does not set GetCertificate.
 	CertName string

 	// KeyName is the server key name. Defaults to tls.key.
 	//
-	// Note: This option should only be set when TLSOpts does not override GetCertificate.
+	// Note: This option is only used when TLSOpts does not set GetCertificate.
 	KeyName string

 	// ClientCAName is the CA certificate name which server used to verify remote(client)'s certificate.
 	// Defaults to "", which means server does not verify client's certificate.
 	ClientCAName string

-	// TLSVersion is the minimum version of TLS supported. Accepts
-	// "", "1.0", "1.1", "1.2" and "1.3" only ("" is equivalent to "1.0" for backwards compatibility)
-	// Deprecated: Use TLSOpts instead.
-	TLSMinVersion string
-
-	// TLSOpts is used to allow configuring the TLS config used for the server
+	// TLSOpts is used to allow configuring the TLS config used for the server.
+	// This also allows providing a certificate via GetCertificate.
 	TLSOpts []func(*tls.Config)

 	// WebhookMux is the multiplexer that handles different webhooks.
 	WebhookMux *http.ServeMux
 }

-// NewServer constructs a new Server from the provided options.
+// NewServer constructs a new webhook.Server from the provided options.
 func NewServer(o Options) Server {
 	return &DefaultServer{
 		Options: o,
@ -187,42 +183,15 @@ func (s *DefaultServer) Register(path string, hook http.Handler) {
 	regLog.Info("Registering webhook")
 }

-// tlsVersion converts from human-readable TLS version (for example "1.1")
-// to the values accepted by tls.Config (for example 0x301).
-func tlsVersion(version string) (uint16, error) {
-	switch version {
-	// default is previous behaviour
-	case "":
-		return tls.VersionTLS10, nil
-	case "1.0":
-		return tls.VersionTLS10, nil
-	case "1.1":
-		return tls.VersionTLS11, nil
-	case "1.2":
-		return tls.VersionTLS12, nil
-	case "1.3":
-		return tls.VersionTLS13, nil
-	default:
-		return 0, fmt.Errorf("invalid TLSMinVersion %v: expects 1.0, 1.1, 1.2, 1.3 or empty", version)
-	}
-}
-
 // Start runs the server.
 // It will install the webhook related resources depend on the server configuration.
 func (s *DefaultServer) Start(ctx context.Context) error {
 	s.defaultingOnce.Do(s.setDefaults)

-	baseHookLog := log.WithName("webhooks")
-	baseHookLog.Info("Starting webhook server")
-
-	tlsMinVersion, err := tlsVersion(s.Options.TLSMinVersion)
-	if err != nil {
-		return err
-	}
+	log.Info("Starting webhook server")

 	cfg := &tls.Config{ //nolint:gosec
 		NextProtos: []string{"h2"},
-		MinVersion: tlsMinVersion,
 	}
 	// fallback TLS config ready, will now mutate if passer wants full control over it
 	for _, op := range s.Options.TLSOpts {