* Update dependency golangci/golangci-lint to v2
* Migrate the golangci config file.
* Fix golangci-lint-flagged problems
Most of them fall in these categories:
* stop ignoring returned errors from function calls
* Apply deMorgan's law to complex negative boolean expressions
* Delete unused local variables and struct fields
* Successfully get the linter to stop complaining about
uncommented global names
* If one import in a block has an import prefix, all must
* Deal with deprecated code
* Prefer switch-blocks to if/else if/...
* Remove unnecessary intermediate struct fields.
* Orphans are now deleted only via propagation-policy
* Stop checking goimports on generated files.
* Remove unused field comment
---------
Co-authored-by: renovate-rancher[bot] <119870437+renovate-rancher[bot]@users.noreply.github.com>
Co-authored-by: Eric Promislow <epromislow@suse.com>
Add the ability to authenticate incoming requests, verifying that all
requests originate from the Kubernetes API server and no where else.
Authenticating the API server requires manual steps to configure both
the API server and the webhook. Follow the Kubernetes webhook
documentation[1] to create an admission configuration and kubeconfig for
the API server, and update the kube-apiserver flags to use them. Only
cert-based authentication is supported, basic auth and token
authentication will not be recognized. Then, set auth.clientCA in the
webhook chart's values.yaml to the base64-encoded CA for the certs, and
set auth.allowedCNs to the CN for the client cert the apiserver will
present.
[1] https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#authenticate-apiservers
When starting up the webhook waits 15 second until applying its inital configuration.
The healthz endpoint was added to better signal if the configuration has been applied.
A previous change mistakenly added a mutation webhook configuration for
global role bindings. This change removes this configuration because
there are no such webhooks.
Mary