[chore] architecture refactor

cmd/shell-operator/start.go

@@ -35,7 +35,7 @@ func start(logger *log.Logger) func(_ *kingpin.ParseContext) error {
 		metrics.InitMetrics(app.PrometheusMetricsPrefix)
 
 		// Init logging and initialize a ShellOperator instance.
-		operator, err := shell_operator.Init(logger.Named("shell-operator"))
+		operator, err := shell_operator.Init(ctx, logger.Named("shell-operator"))
 		if err != nil {
 			return fmt.Errorf("init failed: %w", err)
 		}

docs/src/BINDING_CONVERSION.md

@@ -21,7 +21,7 @@ kubernetesCustomResourceConversion:
   # A CRD name.
   crdName: crontabs.stable.example.com
   # An array of conversions supported by this hook.
-  conversion:
+  conversions:
   - fromVersion: stable.example.com/v1alpha1
     toVersion: stable.example.com/v1alpha2
 ```

docs/src/BINDING_VALIDATING.md

@@ -104,7 +104,7 @@ See example [204-validating-webhook](./examples/204-validating-webhook).
 
 > Note that the `group` parameter is only for including snapshots. `kubernetesValidating` hook is never executed on `schedule` or `kubernetes` events with binding context with `"type":"Group"`.
 
-The hook receives a binding context and should return response in `$VALIDATING_RESPONSE_PATH`.
+The hook receives a binding context and should return response in `$VALIDATING_RESPONSE_PATH` (also available as `$ADMISSION_RESPONSE_PATH`).
 
 $BINDING_CONTEXT_PATH file example:
 
@@ -242,8 +242,17 @@ Command line options:
                                  A path to a ca certificate for ValidatingWebhookConfiguration. Can be set
                                  with $VALIDATING_WEBHOOK_CA.
   --validating-webhook-client-ca=VALIDATING-WEBHOOK-CLIENT-CA ...
-                                 A path to a server certificate for ValidatingWebhookConfiguration. Can be
-                                 set with $VALIDATING_WEBHOOK_CLIENT_CA.
+                                 A path to a client CA certificate for ValidatingWebhookConfiguration (can
+                                 be set multiple times). Can be set with $VALIDATING_WEBHOOK_CLIENT_CA.
+  --validating-webhook-failure-policy="Fail"
+                                 Default failure policy for ValidatingWebhookConfiguration (Fail or
+                                 Ignore). Can be set with $VALIDATING_WEBHOOK_FAILURE_POLICY.
+  --validating-webhook-listen-port="9680"
+                                 Port for the validating webhook HTTPS server. Can be set with
+                                 $VALIDATING_WEBHOOK_LISTEN_PORT.
+  --validating-webhook-listen-address="0.0.0.0"
+                                 Address for the validating webhook HTTPS server. Can be set with
+                                 $VALIDATING_WEBHOOK_LISTEN_ADDRESS.
 ```
 
 [admission-request]: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#request

docs/src/HOOKS.md

@@ -51,6 +51,9 @@ kubernetes:
 kubernetesValidating:
 - {VALIDATING_PARAMETERS}
 - {VALIDATING_PARAMETERS}
+kubernetesCustomResourceConversion:
+- {CONVERSION_PARAMETERS}
+- {CONVERSION_PARAMETERS}
 settings:
   SETTINGS_PARAMETERS
 ```
@@ -73,6 +76,14 @@ or in JSON format:
     {VALIDATING_PARAMETERS},
     {VALIDATING_PARAMETERS}
   ],
+  "kubernetesMutating": [
+    {MUTATING_PARAMETERS},
+    {MUTATING_PARAMETERS}
+  ],
+  "kubernetesCustomResourceConversion": [
+    {CONVERSION_PARAMETERS},
+    {CONVERSION_PARAMETERS}
+  ],
   "settings": {SETTINGS_PARAMETERS}
 }
 ```
@@ -155,7 +166,9 @@ kubernetes:
   kind: Pod  # required
   executeHookOnEvent: [ "Added", "Modified", "Deleted" ]
   executeHookOnSynchronization: true|false # default is true
+  waitForSynchronization: true|false # default is true
   keepFullObjectsInMemory: true|false # default is true
+  resynchronizationPeriod: "1h"
   nameSelector:
     matchNames:
     - pod-0
@@ -244,6 +257,10 @@ kubernetes:
 
 - `keepFullObjectsInMemory` — if not set or `true`, dumps of Kubernetes resources are cached for this binding, and the snapshot includes them as `object` fields. Set to `false` if the hook does not rely on full objects to reduce the memory footprint.
 
+- `waitForSynchronization` — if `false`, Shell-operator will not wait for a hook's Synchronization to complete before processing further events for named queues. Default is `true`. Can only be set to `false` when `queue` is also explicitly specified.
+
+- `resynchronizationPeriod` — a period in Go duration format (e.g. `1h`, `30m`) after which a full resynchronization (re-list + re-watch) of Kubernetes objects is issued for this binding. Useful to recover from missed watch events.
+
 - `group` — a key that define a group of `schedule` and `kubernetes` bindings. See [grouping](#binding-context-of-grouped-bindings).
 
 #### Example
@@ -353,7 +370,7 @@ Objects should match all expressions defined in `fieldSelector` and `labelSelect
 
 ### kubernetesValidating
 
-Use a hook as handler for [ValidationWebhookConfiguration][admission-controllers].
+Use a hook as handler for [ValidatingWebhookConfiguration][admission-controllers].
 
 See syntax and parameters in [BINDING_VALIDATING.md](BINDING_VALIDATING.md)
 
@@ -369,7 +386,7 @@ When an event associated with a hook is triggered, Shell-operator executes the h
 
 Temporary files have unique names to prevent collisions between queues and are deleted after the hook run.
 
-Binging context is a JSON-array of structures with the following fields:
+Binding context is a JSON-array of structures with the following fields:
 
 - `binding` — a string from the `name` parameter. If this parameter has not been set in the binding configuration, then strings "schedule" or "kubernetes" are used. For a hook executed at startup, this value is always "onStartup".
 - `type` — "Schedule" for `schedule` bindings. "Synchronization" or "Event" for `kubernetes` bindings. "Group" if `group` is defined.