From 682fb6c21dc21f41361d324c8d4b032486b6eecf Mon Sep 17 00:00:00 2001 From: Niklas Burchhardt Date: Wed, 4 Mar 2026 14:32:09 +0100 Subject: [PATCH 1/4] update to golangci lint v2.10.1 (latest version) --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 74b796a..87d9d0f 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -GOLANGCI_VERSION = 2.6.1 +GOLANGCI_VERSION = 2.10.1 HELM_DOCS_VERSION = 1.14.2 LICENCES_IGNORE_LIST = $(shell cat licenses/licenses-ignore-list.txt) From bd915d29b1a11be965bf6cd923b35abd8bfa22ea Mon Sep 17 00:00:00 2001 From: Niklas Burchhardt Date: Wed, 4 Mar 2026 15:05:27 +0100 Subject: [PATCH 2/4] update to go v1.26.0, changing recommended codeparts for new version leave out k8s dependencies, because they break it --- deploy/stackit/README.md | 13 ++++++--- go.mod | 4 +-- internal/repository/dns_client.go | 8 ++---- internal/repository/rrset_repository.go | 3 +- internal/repository/rrset_repositry_test.go | 32 +++++++-------------- internal/resolver/resolver.go | 7 ++--- 6 files changed, 25 insertions(+), 42 deletions(-) diff --git a/deploy/stackit/README.md b/deploy/stackit/README.md index bf61c63..27b3815 100644 --- a/deploy/stackit/README.md +++ b/deploy/stackit/README.md @@ -1,32 +1,37 @@ # stackit-cert-manager-webhook -![Version: 0.3.0](https://img.shields.io/badge/Version-0.3.0-informational?style=flat-square) ![AppVersion: 1.0](https://img.shields.io/badge/AppVersion-1.0-informational?style=flat-square) +![Version: 0.4.1](https://img.shields.io/badge/Version-0.4.1-informational?style=flat-square) ![AppVersion: v0.4.1](https://img.shields.io/badge/AppVersion-v0.4.1-informational?style=flat-square) -A Helm chart for Kubernetes +A Helm chart for stackitcloud/stackit-cert-manager-webhook ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| +| additionalVolumeMounts | list | `[]` | | +| additionalVolumes | list | `[]` | | | affinity | object | `{}` | | | certManager | object | `{"namespace":"cert-manager","serviceAccountName":"cert-manager"}` | Meta information of the cert-manager itself. | | certManager.namespace | string | `"cert-manager"` | namespace where the webhook should be installed. Cert-Manager and the webhook should be in the same namespace. | | certManager.serviceAccountName | string | `"cert-manager"` | service account name for the cert-manager. | +| extraEnv | list | `[]` | delete the next line and add your variables as in the commented example below. | | fullnameOverride | string | `""` | Fullname override of the webhook. | | groupName | string | `"acme.stackit.de"` | The GroupName here is used to identify your company or business unit that created this webhook. Therefore, it should be acme.stackit.de. | -| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/stackitcloud/stackit-cert-manager-webhook","tag":"latest"}` | Image information for the webhook. | +| image | object | `{"pullPolicy":"IfNotPresent","repository":"ghcr.io/stackitcloud/stackit-cert-manager-webhook","tag":""}` | Image information for the webhook. | | image.pullPolicy | string | `"IfNotPresent"` | pull policy of the image. | | image.repository | string | `"ghcr.io/stackitcloud/stackit-cert-manager-webhook"` | repository of the image. | -| image.tag | string | `"latest"` | tag of the image. | +| imagePullSecrets | list | `[]` | | | nameOverride | string | `""` | Webhook configuration. | | nodeSelector | object | `{}` | Node selector for the webhook. | | podSecurityContext.runAsGroup | int | `1000` | | | podSecurityContext.runAsNonRoot | bool | `true` | | | podSecurityContext.runAsUser | int | `1000` | | +| podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | | replicaCount | int | `1` | Replicas for the webhook. Since it is a stateless application server that sends requests you can increase the number as you want. Most of the time however, 1 replica is enough. | | resources | object | `{}` | Kubernetes resources for the webhook. Usually limits.cpu=100m, limits.memory=128Mi, requests.cpu=100m, requests.memory=128Mi is enough for the webhook. | | securityContext.allowPrivilegeEscalation | bool | `false` | | | securityContext.capabilities.drop[0] | string | `"ALL"` | | +| securityContext.seccompProfile.type | string | `"RuntimeDefault"` | | | service | object | `{"port":443,"type":"ClusterIP"}` | Configuration for the webhook service. | | service.port | int | `443` | port of the service. | | service.type | string | `"ClusterIP"` | type of the service. | diff --git a/go.mod b/go.mod index 4c8ee41..cbefcea 100644 --- a/go.mod +++ b/go.mod @@ -1,8 +1,6 @@ module github.com/stackitcloud/stackit-cert-manager-webhook -go 1.25.0 - -toolchain go1.26.0 +go 1.26.0 // Do not remove this comment: // please place any replace statements here at the top for visibility and add a diff --git a/internal/repository/dns_client.go b/internal/repository/dns_client.go index de9ce0a..acab003 100644 --- a/internal/repository/dns_client.go +++ b/internal/repository/dns_client.go @@ -12,21 +12,17 @@ func newStackitDnsClient( } func newStackitDnsClientBearerToken(config Config) (*stackitdnsclient.APIClient, error) { - httpClient := *config.HttpClient - return newStackitDnsClient( stackitconfig.WithToken(config.AuthToken), - stackitconfig.WithHTTPClient(&httpClient), + stackitconfig.WithHTTPClient(new(*config.HttpClient)), stackitconfig.WithEndpoint(config.ApiBasePath), ) } func newStackitDnsClientKeyPath(config Config) (*stackitdnsclient.APIClient, error) { - httpClient := *config.HttpClient - return newStackitDnsClient( stackitconfig.WithServiceAccountKeyPath(config.SaKeyPath), - stackitconfig.WithHTTPClient(&httpClient), + stackitconfig.WithHTTPClient(new(*config.HttpClient)), stackitconfig.WithEndpoint(config.ApiBasePath), stackitconfig.WithTokenEndpoint(config.ServiceAccountBaseUrl), ) diff --git a/internal/repository/rrset_repository.go b/internal/repository/rrset_repository.go index dcf2ef4..01e22cf 100644 --- a/internal/repository/rrset_repository.go +++ b/internal/repository/rrset_repository.go @@ -135,8 +135,7 @@ func (r *rrSetRepository) UpdateRRSet( func (r *rrSetRepository) DeleteRRSet(ctx context.Context, rrSetId string) error { _, err := r.apiClient.DeleteRecordSet(ctx, r.projectId, r.zoneId, rrSetId).Execute() if err != nil { - var oapiError *oapierror.GenericOpenAPIError - if errors.As(err, &oapiError) { + if oapiError, ok := errors.AsType[*oapierror.GenericOpenAPIError](err); ok { if oapiError.StatusCode == 404 || oapiError.StatusCode == 400 { return ErrRRSetNotFound } diff --git a/internal/repository/rrset_repositry_test.go b/internal/repository/rrset_repositry_test.go index 55c14e9..6484d21 100644 --- a/internal/repository/rrset_repositry_test.go +++ b/internal/repository/rrset_repositry_test.go @@ -72,22 +72,16 @@ func TestRrSetRepository_UpdateRRSet(t *testing.T) { t.Run("UpdateRRSet success", func(t *testing.T) { t.Parallel() - comment := "comment1" - id := "0000" - name := "test.com." - ttl := int64(60) - content := "content1" - rrSetRepository, err := rrSetRepositoryFactory.NewRRSetRepository(config, "2222") require.NoError(t, err) err = rrSetRepository.UpdateRRSet( ctx, stackitdnsclient.RecordSet{ - Comment: &comment, - Id: &id, - Name: &name, - Ttl: &ttl, - Records: &[]stackitdnsclient.Record{{Content: &content}}, + Comment: new("comment1"), + Id: new("0000"), + Name: new("test.com."), + Ttl: new(int64(60)), + Records: &[]stackitdnsclient.Record{{Content: new("content1")}}, }, ) require.NoError(t, err) @@ -95,22 +89,16 @@ func TestRrSetRepository_UpdateRRSet(t *testing.T) { t.Run("UpdateRRSet failure", func(t *testing.T) { t.Parallel() - comment := "comment2" - id := "2222" - name := "test.com." - ttl := int64(60) - content := "content2" - rrSetRepository, err := rrSetRepositoryFactory.NewRRSetRepository(config, "3333") require.NoError(t, err) err = rrSetRepository.UpdateRRSet( ctx, stackitdnsclient.RecordSet{ - Comment: &comment, - Id: &id, - Name: &name, - Ttl: &ttl, - Records: &[]stackitdnsclient.Record{{Content: &content}}, + Comment: new("comment2"), + Id: new("2222"), + Name: new("test.com."), + Ttl: new(int64(60)), + Records: &[]stackitdnsclient.Record{{Content: new("content2")}}, }, ) require.Error(t, err) diff --git a/internal/resolver/resolver.go b/internal/resolver/resolver.go index a53ec10..6276348 100644 --- a/internal/resolver/resolver.go +++ b/internal/resolver/resolver.go @@ -185,11 +185,8 @@ func (s *stackitDnsProviderResolver) initializeResolverContext( func (s *stackitDnsProviderResolver) createRRSet( initResolverRes *initResolverContextResult, key string, ) error { - comment := "This record set is managed by stackit-cert-manager-webhook" - rrSetType := typeTxtRecord - rrSet := stackitdnsclient.RecordSet{ - Comment: &comment, + Comment: new("This record set is managed by stackit-cert-manager-webhook"), Name: &initResolverRes.rrSetName, Records: &[]stackitdnsclient.Record{ { @@ -197,7 +194,7 @@ func (s *stackitDnsProviderResolver) createRRSet( }, }, Ttl: &initResolverRes.acmeTxtDefaultTTL, - Type: stackitdnsclient.RecordSetGetTypeAttributeType(&rrSetType), + Type: stackitdnsclient.RecordSetGetTypeAttributeType(new(typeTxtRecord)), } s.logger.Info("Creating RRSet", zap.String("rrSet", fmt.Sprintf("%+v", rrSet))) From 155a041cd35d5e0876bc614dbf9a5e537965f8e0 Mon Sep 17 00:00:00 2001 From: Niklas Burchhardt Date: Thu, 5 Mar 2026 10:02:58 +0100 Subject: [PATCH 3/4] update codeowners file - new mails - add johannes, ondrej, andreas, me - remove patrick --- CODEOWNERS | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/CODEOWNERS b/CODEOWNERS index cce544c..801e5a7 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1,4 +1,7 @@ -* patrick.koss@stackit.cloud -* marius.galm@stackit.cloud -* simon.stier@stackit.cloud -* florian.sandel@stackit.cloud +* marius.galm@digits.schwarz +* simon.stier@digits.schwarz +* florian.sandel@digits.schwarz +* Ondrej.Behavka@digits.schwarz +* Johannes.Moritz@digits.schwarz +* Andreas.Turtschan@digits.schwarz +* niklas.burchhardt@digits.schwarz From 8cfc36f985109d678631b335a77e36fdcb4d8519 Mon Sep 17 00:00:00 2001 From: Niklas Burchhardt Date: Thu, 5 Mar 2026 10:54:07 +0100 Subject: [PATCH 4/4] bump go version to 1.26.x --- .github/workflows/main.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 216e8f9..81f3f47 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -1,4 +1,3 @@ ---- # based on https://github.com/mvdan/github-actions-golang name: CI @@ -18,7 +17,7 @@ jobs: test: strategy: matrix: - go-version: [1.25.x] + go-version: [1.26.x] os: [ubuntu-latest] runs-on: ${{ matrix.os }}