Enable setting custom objectSelector for webhook #2407
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
Hi @Shreya027. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
size/S
Codecov Report
@@ Coverage Diff @@
## main #2407 +/- ##
=======================================
Coverage 53.35% 53.35%
=======================================
Files 140 140
Lines 7962 7962
=======================================
Hits 4248 4248
Misses 3397 3397
Partials 317 317 Continue to review full report at Codecov.
|
| @@ -232,3 +232,13 @@ backendSecurityGroup: | |||
|
|
|||
| # disableRestrictedSecurityGroupRules specifies whether to disable creating port-range restricted security group rules for traffic | |||
| disableRestrictedSecurityGroupRules: | |||
|
|
|||
| #objectSelector for webhook | |||
| #objectSelector for webhook | ||
| objectSelector: | ||
| matchExpressions: | ||
| #- key: <key> |
k8s-ci-robot
added
size/XXL
k8s-ci-robot
added
size/S
|
@kishorj Hi have added section in README for the change. I'm guessing doc will be updated separately. |
kishorj
added
the
tide/merge-method-squash
| @@ -214,3 +214,5 @@ The default values set by the application itself can be confirmed [here](https:/ | |||
| | `enableBackendSecurityGroup` | If enabled, controller uses shared security group for backend traffic | `true` | | |||
| | `backendSecurityGroup` | Backend security group to use instead of auto created one if the feature is enabled | `` | | |||
| | `disableRestrictedSecurityGroupRules` | If disabled, controller will not specify port range restriction in the backend security group rules | `false` | | |||
| | `objectSelector.matchExpressions` | Webhook configuration to select specific pods by specifying the expression to be matched | `app.kubernetes.io/name NotIn {{ include "aws-load-balancer-controller.name" . }}` | | |||
There was a problem hiding this comment.
The default should be None in this case. The load balancer controller name is currently hardcoded in the template and not configurable.
| @@ -214,3 +214,5 @@ The default values set by the application itself can be confirmed [here](https:/ | |||
| | `enableBackendSecurityGroup` | If enabled, controller uses shared security group for backend traffic | `true` | | |||
| | `backendSecurityGroup` | Backend security group to use instead of auto created one if the feature is enabled | `` | | |||
| | `disableRestrictedSecurityGroupRules` | If disabled, controller will not specify port range restriction in the backend security group rules | `false` | | |||
| | `objectSelector.matchExpressions` | Webhook configuration to select specific pods by specifying the expression to be matched | `app.kubernetes.io/name NotIn {{ include "aws-load-balancer-controller.name" . }}` | | |||
There was a problem hiding this comment.
| | `objectSelector.matchExpressions` | Webhook configuration to select specific pods by specifying the expression to be matched | `app.kubernetes.io/name NotIn {{ include "aws-load-balancer-controller.name" . }}` | | |
| | `objectSelector.matchExpressions` | Webhook configuration to select specific pods by specifying the expression to be matched | None | |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: kishorj, Shreya027 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
/ok-to-test |
k8s-ci-robot
added
approved
|
/retest |
1 similar comment
|
/retest |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
* Enable setting custom objectSelector for webhook kubernetes-sigs#650 * Add formatting changes * Add webhook changes to README * Read update suggestion * Update READ table header to original
Issue
#2363
Description
Currently when we install the aws load balancer controller via Helm chart, the objectSelector for Pod Readiness Gate is hard coded without any option to extend it. I have added code to allow custom additions using a template format in webhook.yaml with additional custom values fetched from values.yaml
Checklist
README.md, or thedocsdirectory)BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯
I have Tested 4 sample scenarios:
Test Scenario 1:
One entry added for matchLabels besides matchExpressions default entry.
webhook config snippet:
Sample deployment 2048-pods.yaml snippet
Corresponding output with no readiness gates configured:
Sample deployment 2048-pods-labels.yaml snippet
Corresponding output with readiness gates configured:
Test Scenario 2:
One entry added for matchLabels and additional entry added to matchExpressions besides default entry.
webhook config snippet :
Test Scenario 3:
No entry added for matchLabels and additional entry added to matchExpressions besides default entry.
webhook config snippet:
Test Scenario 4:
No addition entry added to matchLabels or matchExpressions besides matchExpressions default entry.
webhook config snippet
I was able to observe the correct behaviour for all the 4 scenarios listed