Allow selecting which SA should be used to install a Carvel pkg #3883
Conversation
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
antgamdia
changed the title
k, won't look at the code yet :)
I think we want this for both carvel and flux plugins, no?
Yeah, I'd be keen not to add more code to Kubeops right now. This is exactly the thing for the resources plugin, imo, since it's not specific to any packaging format.
at +246, -83 (the current modified/deleted lines) it's absolutely no issue. If it grows significantly then it may be worth splitting to help reviews, just see what you think. |
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> Conflicts: dashboard/src/components/DeploymentForm/DeploymentForm.tsx
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Great; I wasn't sure if the purpose of these resources plugins was solely giving those resources generated by an installation or if it was aimed at covering a wide range of scenarios (like this one or even the can-i). |
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com>
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> Conflicts: cmd/kubeapps-apis/plugins/resources/v1alpha1/server.go dashboard/src/components/AppView/AppView.tsx
| export function getPluginsRequiringSA(): string[] { | ||
| return [PluginNames.PACKAGES_FLUX, PluginNames.PACKAGES_KAPP]; | ||
| } | ||
|
|
||
| export function getPluginsSupportingRollback(): string[] { | ||
| return [PluginNames.PACKAGES_HELM]; | ||
| } |
There was a problem hiding this comment.
Extracting the logic of which plugins are for certain capabilities, to DRY-up the code.
There was a problem hiding this comment.
Excellent - much better to have it all in the one place for when we want to replace it with the plugin-provided items themselves.
| setReconciliationOptions({ | ||
| ...reconciliationOptions, | ||
| serviceAccountName: e.currentTarget.value, |
There was a problem hiding this comment.
In the future, we may want to allow modifying other parameters, like the reconciliation interval, that's why I'm storing this obj instead of just the SA
| if (getPluginsRequiringSA().includes(pluginObj.name)) { | ||
| // We assume the user has enough permissions to do that. Fallback to a simple input maybe? | ||
| Kube.getServiceAccountNames(targetCluster, targetNamespace).then(saList => | ||
| setServiceAccountList(saList.serviceaccountNames), |
There was a problem hiding this comment.
I'm storing the SA list in the component's state solely; as it is not shared by other components.
There was a problem hiding this comment.
Yes, and we need to fetch it whenever the target namespace changes (as you've indicated below with the dependencies), so yep, component state sounds perfect.
| <CdsControlMessage error="valueMissing"> | ||
| The Service Account name this application will be installed with. | ||
| </CdsControlMessage> |
There was a problem hiding this comment.
Using CDS components brings some form validation capabilities out-of-the-box (idem with inputs).
There was a problem hiding this comment.
LGTM. I ignored the generated code and backend changes (which I assume are because you didn't get to rebase on master and remove the commits from #3894).
| setReconciliationOptions({ | ||
| ...reconciliationOptions, | ||
| serviceAccountName: e.currentTarget.value, |
| if (getPluginsRequiringSA().includes(pluginObj.name)) { | ||
| // We assume the user has enough permissions to do that. Fallback to a simple input maybe? | ||
| Kube.getServiceAccountNames(targetCluster, targetNamespace).then(saList => | ||
| setServiceAccountList(saList.serviceaccountNames), |
There was a problem hiding this comment.
Yes, and we need to fetch it whenever the target namespace changes (as you've indicated below with the dependencies), so yep, component state sounds perfect.
| export function getPluginsRequiringSA(): string[] { | ||
| return [PluginNames.PACKAGES_FLUX, PluginNames.PACKAGES_KAPP]; | ||
| } | ||
|
|
||
| export function getPluginsSupportingRollback(): string[] { | ||
| return [PluginNames.PACKAGES_HELM]; | ||
| } |
There was a problem hiding this comment.
Excellent - much better to have it all in the one place for when we want to replace it with the plugin-provided items themselves.
| @@ -377,6 +377,7 @@ func SetupDefaultRoutes(r *mux.Router, namespaceHeaderName, namespaceHeaderPatte | |||
| if err != nil { | |||
| return err | |||
| } | |||
| //TODO(agamez): move these endpoints to a separate plugin when possible | |||
There was a problem hiding this comment.
Yes, though hopefully we won't just move them. For example, we don't want to provide generic endpoints that can return all app repositories. Let's see.
Signed-off-by: Antonio Gamez Diaz <agamez@vmware.com> Conflicts: dashboard/src/shared/Kube.ts
Description of the change
This PR (
still a draft,tests remaining), aims at adding a new service account selector field when deploying a package (iff it is a carvel package, atm).It requires:
corev1.ServiceAccountobject, but just their names (as we don't need the SA secret names at all).I implemented it in Kubeops (as we did for the can-i endpoint); notwithstanding, this code ought to be moved to a separate plugin at some point.The list of changes is not that big, but I'm willing to split each of those ones out to separate PRs.
Benefits
Installing Carvel packages will work as the Carvel folks intended, I guess :P
Possible drawbacks
N/A
Applicable issues
Additional information
I'll work on the tests tomorrowThis PR depends on #3894 (yeah, I could have stacked it, but it would imply recreating the branch upstream and I don't foresee much work on the other, so once merged, it will get simplified (ie, not so many changes as it is atm).