cybozu-go
diff --git a/‎.github/workflows/ci.yaml‎
Lines changed: 3 additions & 3 deletions b/‎.github/workflows/ci.yaml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎v2/Makefile‎
Lines changed: 3 additions & 3 deletions b/‎v2/Makefile‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎v2/api/v2/addresspool_webhook.go‎
Lines changed: 40 additions & 15 deletions b/‎v2/api/v2/addresspool_webhook.go‎
Lines changed: 40 additions & 15 deletions
diff --git a/‎v2/api/v2/egress_webhook.go‎
Lines changed: 41 additions & 16 deletions b/‎v2/api/v2/egress_webhook.go‎
Lines changed: 41 additions & 16 deletions
diff --git a/‎v2/api/v2/zz_generated.deepcopy.go‎
Lines changed: 60 additions & 0 deletions b/‎v2/api/v2/zz_generated.deepcopy.go‎
Lines changed: 60 additions & 0 deletions
diff --git a/‎v2/controllers/pod_watcher_test.go‎
Lines changed: 5 additions & 1 deletion b/‎v2/controllers/pod_watcher_test.go‎
Lines changed: 5 additions & 1 deletion
diff --git a/‎v2/e2e/Makefile‎
Lines changed: 2 additions & 2 deletions b/‎v2/e2e/Makefile‎
Lines changed: 2 additions & 2 deletions
@@ -43,14 +43,14 @@ jobs:
     name: End-to-end Test
     strategy:
       matrix:
-        kindest-node: ["1.29.12", "1.30.8", "1.31.4"]
+        kindest-node: ["1.30.13", "1.31.9", "1.32.5"]
         with-ipam: ["false", "true"]
         ipv4: ["false", "true"]
         ipv6: ["false", "true"]
         ipv6-primary: ["false", "true"]
         exclude:
         - ipv4: "false"
-          ipv6: "false"        
+          ipv6: "false"
         - ipv4: "false"
           ipv6: "true"
           ipv6-primary: "true"
@@ -107,7 +107,7 @@ jobs:
     name: Cert generation test
     strategy:
       matrix:
-        kindest-node: ["1.29.12", "1.30.8", "1.31.4"]
+        kindest-node: ["1.30.13", "1.31.9", "1.32.5"]
     runs-on: ubuntu-24.04
     steps:
     - uses: actions/checkout@v4
 
@@ -23,7 +23,7 @@ Version 2 is generally available (GA).  It conforms to [CNI spec 1.1.0](https://
 
 ## Dependencies
 
-- Kubernetes Version: 1.29, 1.30, 1.31
+- Kubernetes Version: 1.30, 1.31, 1.32
     - Other versions are likely to work, but not tested.
 
 - (Optional) Routing software
 
@@ -2,12 +2,12 @@
 
 IMAGE_TAG := latest
 CONTROLLER_RUNTIME_VERSION := $(shell awk '/sigs\.k8s\.io\/controller-runtime/ {print substr($$2, 2)}' go.mod)
-CONTROLLER_TOOLS_VERSION=0.16.5
-PROTOC_VERSION=30.2
+CONTROLLER_TOOLS_VERSION=0.17.3
+PROTOC_VERSION=31.1
 PROTOC_GEN_GO_VERSION := $(shell awk '/google.golang.org\/protobuf/ {print substr($$2, 2)}' go.mod)
 PROTOC_GEN_GO_GRPC_VERSON=1.5.1
 PROTOC_GEN_DOC_VERSION=1.5.1
-YQ_VERSION=4.45.1
+YQ_VERSION=4.45.4
 
 ## DON'T EDIT BELOW THIS LINE
 SUDO=sudo
 
@@ -1,6 +1,9 @@
 package v2
 
 import (
+	"context"
+	"fmt"
+
 	"github.com/cybozu-go/coil/v2/pkg/constants"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -15,45 +18,67 @@ import (
 func (r *AddressPool) SetupWebhookWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewWebhookManagedBy(mgr).
 		For(r).
+		WithDefaulter(&AddressPoolCustomDefaulter{}).
+		WithValidator(&AddressPoolCustomValidator{}).
 		Complete()
 }
 
+// AddressPoolCustomDefaulter is an empty struct that implements webhook.CustomDefaulter
+type AddressPoolCustomDefaulter struct{}
+
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
 
 //+kubebuilder:webhook:path=/mutate-coil-cybozu-com-v2-addresspool,mutating=true,failurePolicy=fail,sideEffects=None,groups=coil.cybozu.com,resources=addresspools,verbs=create,versions=v2,name=maddresspool.kb.io,admissionReviewVersions={v1,v1beta1}
 
-var _ webhook.Defaulter = &AddressPool{}
+var _ webhook.CustomDefaulter = &AddressPoolCustomDefaulter{}
 
 // Default implements webhook.Defaulter so a webhook will be registered for the type
-func (r *AddressPool) Default() {
-	controllerutil.AddFinalizer(r, constants.FinCoil)
+func (r *AddressPoolCustomDefaulter) Default(ctx context.Context, obj runtime.Object) error {
+	addressPool, ok := obj.(*AddressPool)
+	if !ok {
+		return fmt.Errorf("expected an AddressPool object but got a %T", obj)
+	}
+
+	controllerutil.AddFinalizer(addressPool, constants.FinCoil)
+	return nil
 }
 
+// AddressPoolCustomValidator is an empty struct that implements webhook.CustomValidator
+type AddressPoolCustomValidator struct{}
+
 // +kubebuilder:webhook:path=/validate-coil-cybozu-com-v2-addresspool,mutating=false,failurePolicy=fail,sideEffects=None,groups=coil.cybozu.com,resources=addresspools,verbs=create;update,versions=v2,name=vaddresspool.kb.io,admissionReviewVersions={v1,v1beta1}
 
-var _ webhook.Validator = &AddressPool{}
+var _ webhook.CustomValidator = &AddressPoolCustomValidator{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
-func (r *AddressPool) ValidateCreate() (warnings admission.Warnings, err error) {
-	errs := r.Spec.validate()
-	if len(errs) == 0 {
-		return nil, nil
+func (r *AddressPoolCustomValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) {
+	addressPool, ok := obj.(*AddressPool)
+	if !ok {
+		return nil, fmt.Errorf("expected an AddressPool object but got a %T", obj)
 	}
 
-	return nil, apierrors.NewInvalid(schema.GroupKind{Group: GroupVersion.Group, Kind: "AddressPool"}, r.Name, errs)
+	if errs := addressPool.Spec.validate(); len(errs) != 0 {
+		return nil, apierrors.NewInvalid(schema.GroupKind{Group: GroupVersion.Group, Kind: "AddressPool"}, addressPool.Name, errs)
+	}
+
+	return nil, nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (r *AddressPool) ValidateUpdate(old runtime.Object) (warnings admission.Warnings, err error) {
-	errs := r.Spec.validateUpdate(old.(*AddressPool).Spec)
-	if len(errs) == 0 {
-		return nil, nil
+func (r *AddressPoolCustomValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (warnings admission.Warnings, err error) {
+	addressPool, ok := newObj.(*AddressPool)
+	if !ok {
+		return nil, fmt.Errorf("expected an AddressPool object but got a %T", newObj)
 	}
 
-	return nil, apierrors.NewInvalid(schema.GroupKind{Group: GroupVersion.Group, Kind: "AddressPool"}, r.Name, errs)
+	if errs := addressPool.Spec.validateUpdate(oldObj.(*AddressPool).Spec); len(errs) != 0 {
+		return nil, apierrors.NewInvalid(schema.GroupKind{Group: GroupVersion.Group, Kind: "AddressPool"}, addressPool.Name, errs)
+	}
+
+	return nil, nil
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
-func (r *AddressPool) ValidateDelete() (warnings admission.Warnings, err error) {
+func (r *AddressPoolCustomValidator) ValidateDelete(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) {
 	return nil, nil
 }
@@ -1,6 +1,9 @@
 package v2
 
 import (
+	"context"
+	"fmt"
+
 	corev1 "k8s.io/api/core/v1"
 	apierrors "k8s.io/apimachinery/pkg/api/errors"
 	"k8s.io/apimachinery/pkg/runtime"
@@ -14,20 +17,30 @@ import (
 func (r *Egress) SetupWebhookWithManager(mgr ctrl.Manager) error {
 	return ctrl.NewWebhookManagedBy(mgr).
 		For(r).
+		WithDefaulter(&EgressCustomDefaulter{}).
+		WithValidator(&EgressCustomValidator{}).
 		Complete()
 }
 
+// EgressCustomDefaulter is an empty struct that implements webhook.CustomDefaulter
+type EgressCustomDefaulter struct{}
+
 // EDIT THIS FILE!  THIS IS SCAFFOLDING FOR YOU TO OWN!
 
 // +kubebuilder:webhook:path=/mutate-coil-cybozu-com-v2-egress,mutating=true,failurePolicy=fail,sideEffects=None,groups=coil.cybozu.com,resources=egresses,verbs=create,versions=v2,name=megress.kb.io,admissionReviewVersions={v1,v1beta1}
 
-var _ webhook.Defaulter = &Egress{}
+var _ webhook.CustomDefaulter = &EgressCustomDefaulter{}
 
 // Default implements webhook.Defaulter so a webhook will be registered for the type
-func (r *Egress) Default() {
-	tmpl := r.Spec.Template
+func (r *EgressCustomDefaulter) Default(ctx context.Context, obj runtime.Object) error {
+	egress, ok := obj.(*Egress)
+	if !ok {
+		return fmt.Errorf("expected an Egress object but got a %T", obj)
+	}
+
+	tmpl := egress.Spec.Template
 	if tmpl == nil {
-		return
+		return nil
 	}
 
 	if len(tmpl.Spec.Containers) == 0 {
@@ -37,33 +50,45 @@ func (r *Egress) Default() {
 			},
 		}
 	}
+	return nil
 }
 
+// EgressCustomValidator is an empty struct that implements webhook.CustomValidator
+type EgressCustomValidator struct{}
+
 // +kubebuilder:webhook:path=/validate-coil-cybozu-com-v2-egress,mutating=false,failurePolicy=fail,sideEffects=None,groups=coil.cybozu.com,resources=egresses,verbs=create;update,versions=v2,name=vegress.kb.io,admissionReviewVersions={v1,v1beta1}
 
-var _ webhook.Validator = &Egress{}
+var _ webhook.CustomValidator = &EgressCustomValidator{}
 
 // ValidateCreate implements webhook.Validator so a webhook will be registered for the type
-func (r *Egress) ValidateCreate() (warnings admission.Warnings, err error) {
-	errs := r.Spec.validate()
-	if len(errs) == 0 {
-		return nil, nil
+func (r *EgressCustomValidator) ValidateCreate(ctx context.Context, obj runtime.Object) (warnings admission.Warnings, err error) {
+	egress, ok := obj.(*Egress)
+	if !ok {
+		return nil, fmt.Errorf("expected an Egress object but got a %T", obj)
 	}
 
-	return nil, apierrors.NewInvalid(schema.GroupKind{Group: GroupVersion.Group, Kind: "Egress"}, r.Name, errs)
+	if errs := egress.Spec.validate(); len(errs) != 0 {
+		return nil, apierrors.NewInvalid(schema.GroupKind{Group: GroupVersion.Group, Kind: "Egress"}, egress.Name, errs)
+	}
+
+	return nil, nil
 }
 
 // ValidateUpdate implements webhook.Validator so a webhook will be registered for the type
-func (r *Egress) ValidateUpdate(old runtime.Object) (warnings admission.Warnings, err error) {
-	errs := r.Spec.validateUpdate()
-	if len(errs) == 0 {
-		return nil, nil
+func (r *EgressCustomValidator) ValidateUpdate(ctx context.Context, oldObj, newObj runtime.Object) (warnings admission.Warnings, err error) {
+	egress, ok := newObj.(*Egress)
+	if !ok {
+		return nil, fmt.Errorf("expected an Egress object but got a %T", newObj)
 	}
 
-	return nil, apierrors.NewInvalid(schema.GroupKind{Group: GroupVersion.Group, Kind: "Egress"}, r.Name, errs)
+	if errs := egress.Spec.validateUpdate(); len(errs) != 0 {
+		return nil, apierrors.NewInvalid(schema.GroupKind{Group: GroupVersion.Group, Kind: "Egress"}, egress.Name, errs)
+	}
+
+	return nil, nil
 }
 
 // ValidateDelete implements webhook.Validator so a webhook will be registered for the type
-func (r *Egress) ValidateDelete() (warnings admission.Warnings, err error) {
+func (r *EgressCustomValidator) ValidateDelete(ctx context.Context, old runtime.Object) (warnings admission.Warnings, err error) {
 	return nil, nil
 }
@@ -122,7 +122,11 @@ var _ = Describe("Pod watcher", Ordered, func() {
 				panic(err)
 			}
 		}()
-		time.Sleep(100 * time.Millisecond)
+
+		// Must sleep so that tests do not run before the controller manager is ready.
+		// Although, a shorter duration was previously set (100ms),
+		// the duration was increased because the tests that perform write operation early became flaky (e.g. `should check Pod deletion`).
+		time.Sleep(1000 * time.Millisecond)
 	})
 
 	AfterEach(func() {
 
@@ -1,5 +1,5 @@
-KIND_VERSION=0.27.0
-KUBERNETES_VERSION=1.31.6
+KIND_VERSION=0.29.0
+KUBERNETES_VERSION=1.32.5
 KUSTOMIZE_VERSION = 5.6.0
 BINDIR := $(abspath $(PWD)/../bin)