I can follow manual instructions to build and install validating webhooks #4
Comments
|
Last minute addition: we also want to add a MutatingAdmissionWebhook as part of this work, along with a dedicated no-op mutation endpoint. Similarly, we'll want to ensure that the logs for that endpoint reflect that it's being called when objects as created |
|
Task list:
|
|
@akrishna90 pointed out that the kubebuilder cli can wire up webhooks for you, so we ran it:
This generated all the code and yaml files needed. We also need to uncomment lines related to WEBHOOKS and CERTMANAGER in Finally, to deploy to our cluster we ran...
At the moment this is failing. We'll pick it up tomorrow. Our WIP is on the branch |
|
We decided to hold off on converting the Ginkgo test setup that kubebuilder generates to be spec setup instead. Once we actually start writing tests we'll solve that problem. |
FEAT: Implement GET /v3/apps/:guid - Implements the /v3/apps/:guid endpoint for fetching CFApp CRs - NOTE: This endpoint is using a static rest.Config for provisioning its Kubernetes API client and is not yet using user-provided auth - We expect this will need to be updated after some of the stories in https://github.com/cloudfoundry/cf-k8s-api/labels/Authentication implement that - Vendors in CRDs from cf-k8s-controllers for use by envtest integration tests - Update Github workflow to run `make test` so that it has the binaries needed for `envtest` - Add `.envrc` to set `KUBEBUILDER_ASSETS` for running `envtest` tests without `make` - Resolves #4 Co-authored-by: Andrew Costa <ancosta@vmware.com> Co-authored-by: Tim Downey <tdowney@vmware.com> Co-authored-by: Andrew Wittrock <awittrock@vmware.com> Co-authored-by: Ashwin Krishna <krishnaas@vmware.com>
TL;DR ----- Implements preflight checks to check pre-requisitions Details ------- Enables preflight checks to the Helm chart. Checks are provided by [Troubleshoot](https://troubleshoot.sh) and implemented as a secret within the Helm chart so they can be pulled from the Replicated Platform to run before instllation. Checks for the following: * A currently suppored version of Kubernetes * The containerd runtime * If a specific Kubernetes distribution is running. This check will not fail and is not tied to any dependencies in the upstream application. * Sufficient CPU resources allocatable on the cluster. This not the same as the reosurces being available to request in the cluster. * Required memory allocatable on the cluster. This not the same as the reosurces being available to request in the cluster. * Cert manager installed. * kpack installed. * Contour installed. * Metrics Server installed and ready. * A service bindings controller implementation. This check will not fail since service bindings are optional.
* fix missing ServiceOffering fields * adjust fields
Blockers
Acceptance Criteria
NOTE: At his point the validating web hooks aren't ever rejecting updates, but they are properly wired in so they can do so in future stories
Dev Notes
For this story the webhook just needs to be running and wired into the k8s API. It will approve all requests. Also there is no behavior to test, so we can wait on writing specs
Register this webhook to handle CFApp resources only. We will add additional endpoints for other resources in the future.
This code should live in this repository. Also, the webhook server will also handle mutation in the future, not just validation
If we aren't able to configure the app to run insecurely, then do a one-off solution. For example, we could assume that the cert is in a secret and provide an example one to bootstrap the app, with the intention of properly generating it in the future. We'll solve the certificate generation issue properly in a follow-up story
The text was updated successfully, but these errors were encountered: