-
Notifications
You must be signed in to change notification settings - Fork 702
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow selecting which SA should be used to install a Carvel pkg #3883
Conversation
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
k, won't look at the code yet :)
I think we want this for both carvel and flux plugins, no?
Yeah, I'd be keen not to add more code to Kubeops right now. This is exactly the thing for the resources plugin, imo, since it's not specific to any packaging format.
at +246, -83 (the current modified/deleted lines) it's absolutely no issue. If it grows significantly then it may be worth splitting to help reviews, just see what you think. |
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> Conflicts: dashboard/src/components/DeploymentForm/DeploymentForm.tsx
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Great; I wasn't sure if the purpose of these resources plugins was solely giving those resources generated by an installation or if it was aimed at covering a wide range of scenarios (like this one or even the can-i). |
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> Conflicts: cmd/kubeapps-apis/plugins/resources/v1alpha1/server.go dashboard/src/components/AppView/AppView.tsx
export function getPluginsRequiringSA(): string[] { | ||
return [PluginNames.PACKAGES_FLUX, PluginNames.PACKAGES_KAPP]; | ||
} | ||
|
||
export function getPluginsSupportingRollback(): string[] { | ||
return [PluginNames.PACKAGES_HELM]; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Extracting the logic of which plugins are for certain capabilities, to DRY-up the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent - much better to have it all in the one place for when we want to replace it with the plugin-provided items themselves.
setReconciliationOptions({ | ||
...reconciliationOptions, | ||
serviceAccountName: e.currentTarget.value, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In the future, we may want to allow modifying other parameters, like the reconciliation interval, that's why I'm storing this obj instead of just the SA
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, sound good.
if (getPluginsRequiringSA().includes(pluginObj.name)) { | ||
// We assume the user has enough permissions to do that. Fallback to a simple input maybe? | ||
Kube.getServiceAccountNames(targetCluster, targetNamespace).then(saList => | ||
setServiceAccountList(saList.serviceaccountNames), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm storing the SA list in the component's state solely; as it is not shared by other components.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, and we need to fetch it whenever the target namespace changes (as you've indicated below with the dependencies), so yep, component state sounds perfect.
<CdsControlMessage error="valueMissing"> | ||
The Service Account name this application will be installed with. | ||
</CdsControlMessage> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Using CDS components brings some form validation capabilities out-of-the-box (idem with inputs).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. I ignored the generated code and backend changes (which I assume are because you didn't get to rebase on master and remove the commits from #3894).
setReconciliationOptions({ | ||
...reconciliationOptions, | ||
serviceAccountName: e.currentTarget.value, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yep, sound good.
if (getPluginsRequiringSA().includes(pluginObj.name)) { | ||
// We assume the user has enough permissions to do that. Fallback to a simple input maybe? | ||
Kube.getServiceAccountNames(targetCluster, targetNamespace).then(saList => | ||
setServiceAccountList(saList.serviceaccountNames), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, and we need to fetch it whenever the target namespace changes (as you've indicated below with the dependencies), so yep, component state sounds perfect.
export function getPluginsRequiringSA(): string[] { | ||
return [PluginNames.PACKAGES_FLUX, PluginNames.PACKAGES_KAPP]; | ||
} | ||
|
||
export function getPluginsSupportingRollback(): string[] { | ||
return [PluginNames.PACKAGES_HELM]; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent - much better to have it all in the one place for when we want to replace it with the plugin-provided items themselves.
@@ -377,6 +377,7 @@ func SetupDefaultRoutes(r *mux.Router, namespaceHeaderName, namespaceHeaderPatte | |||
if err != nil { | |||
return err | |||
} | |||
//TODO(agamez): move these endpoints to a separate plugin when possible |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, though hopefully we won't just move them. For example, we don't want to provide generic endpoints that can return all app repositories. Let's see.
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> Conflicts: dashboard/src/shared/Kube.ts
Description of the change
This PR (
still a draft,tests remaining), aims at adding a new service account selector field when deploying a package (iff it is a carvel package, atm).It requires:
corev1.ServiceAccount
object, but just their names (as we don't need the SA secret names at all).I implemented it in Kubeops (as we did for the can-i endpoint); notwithstanding, this code ought to be moved to a separate plugin at some point.The list of changes is not that big, but I'm willing to split each of those ones out to separate PRs.
Benefits
Installing Carvel packages will work as the Carvel folks intended, I guess :P
Possible drawbacks
N/A
Applicable issues
Additional information
I'll work on the tests tomorrowThis PR depends on #3894 (yeah, I could have stacked it, but it would imply recreating the branch upstream and I don't foresee much work on the other, so once merged, it will get simplified (ie, not so many changes as it is atm).