New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add enhancement for suspending and resuming scan schedules #375
Add enhancement for suspending and resuming scan schedules #375
Conversation
stable feature of Kubernetes. | ||
|
||
### Operational Aspects of API Extensions | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This functionality will add an additional API call to deal with CronJobs during the ComplianceScan reconcile loops, which we already have to deal with as we setup the scan rerunners.
- Minor version upgrades - you only need to support `x.N->x.N+1` upgrade | ||
steps. So, for example, it is acceptable to require a user running 4.3 to | ||
upgrade to 4.5 with a `4.3->4.4` step followed by a `4.4->4.5` step. | ||
- While an upgrade is in progress, new component versions should |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't understand this enough. I am concern though if the paused scan will still hold reliable results after the upgrade of a cluster. Or, on another hand, if there is an upgrade in the scan profile - how do we apply this retroactively to a paused scan. To me it still feels maybe better to delete a scan and start a new after maintenance then resume an old scan.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I attempted to describe this is in more detail in the next revision of the patch.
Here we're specifically pausing the scan schedule, and not stopping a scan while it is in progress. Does that help clarify?
dca7884
to
a5f2141
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think the proposal looks good overall, just have some concerns on where annotation should be applied.
a5f2141
to
29306d6
Compare
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
/retest |
I can update to rebase to exclude e2e tests for this patch, since they're not relevant and consume resources. |
@rhmdnd: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
29306d6
to
cc37f13
Compare
@Vincent056 let me know if the latest revision addresses your concerns. |
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
/hold for test |
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
I think I updated all references for that in the enhancement and implementation. Let me know if you see any other issues. |
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
This commit implements the logic and tests necessary to suspend and resume scan schedules using the `ScanSetting` custom resource. You can find more details on the overall justification, use cases, and implementation details in the enhancement: ComplianceAsCode#375
/unhold |
This commit includes an enhancement for implementing a feature that suspends and resumes existing ComplianceScans schedules.
cc37f13
to
d75ca49
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
Thank you for the well written reasoning and implementation details.
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rhmdnd, yuumasato The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This commit includes an enhancement for implementing a feature that
pauses and resumes existing ComplianceScans.