Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 Added C-R validating webhook for KCP scale subresource #5697

Merged
merged 1 commit into from
Dec 3, 2021
Merged

🌱 Added C-R validating webhook for KCP scale subresource #5697

merged 1 commit into from
Dec 3, 2021

Conversation

dharmjit
Copy link
Contributor

Signed-off-by: Dharmjit Singh sdharmjit@vmware.com

What this PR does / why we need it:
This PR introduces a Controller-Runtime validating webhook for kubeadmControlPlane scale subresource.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #5466

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Nov 18, 2021
@k8s-ci-robot
Copy link
Contributor

Hi @dharmjit. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Nov 18, 2021
@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Nov 18, 2021
@dharmjit dharmjit marked this pull request as draft November 18, 2021 09:27
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 18, 2021
@sbueringer
Copy link
Member

sbueringer commented Nov 18, 2021
edited

/ok-to-test

@dharmjit Can you please rebase on top of main to get rid of the merge conflict? (otherwise the tests won't run)

@k8s-ci-robot k8s-ci-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Nov 18, 2021
@dharmjit dharmjit mentioned this pull request Nov 18, 2021
Closed
@linux-foundation-easycla
Copy link

linux-foundation-easycla bot commented Nov 18, 2021
edited

CLA Signed

The committers are authorized under a signed CLA.

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 18, 2021
sbueringer
sbueringer reviewed Nov 18, 2021
View reviewed changes
Copy link
Member

@sbueringer sbueringer left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thx! A bunch of nits, but nothing major :)

controlplane/kubeadm/config/webhook/manifests.yaml Outdated Show resolved Hide resolved
controlplane/kubeadm/main.go Outdated Show resolved Hide resolved
controlplane/kubeadm/main.go Show resolved Hide resolved
controlplane/kubeadm/webhooks/scale.go Outdated
// +kubebuilder:webhook:verbs=create;update,path=/validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane,mutating=false,failurePolicy=fail,matchPolicy=Equivalent,groups=controlplane.cluster.x-k8s.io,resources=kubeadmcontrolplanes/scale,versions=v1beta1,name=validation-scale.kubeadmcontrolplane.controlplane.cluster.x-k8s.io,sideEffects=None,admissionReviewVersions=v1;v1beta1

// KCPScaleValidator validates KCP for replicas.
type KCPScaleValidator struct {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure about the name, maybe we should call it just KCPScale or KubeadmControlPlane
(let's wait for other opinions before potentially changing it)

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not KubeadmControlPlane as it's distinctly the scale subresource, and it's very much an admission webhook, so it's more or less fine, however maybe ScaleValidator to avoid philosophically stuttering..

controlplane/kubeadm/webhooks/doc.go Outdated Show resolved Hide resolved
controlplane/kubeadm/webhooks/scale.go Outdated Show resolved Hide resolved
controlplane/kubeadm/webhooks/scale.go Outdated Show resolved Hide resolved
controlplane/kubeadm/webhooks/scale.go Outdated Show resolved Hide resolved
controlplane/kubeadm/webhooks/scale.go Outdated Show resolved Hide resolved
controlplane/kubeadm/webhooks/scale.go Outdated
Comment on lines 73 to 74
// KCPScaleValidator implements admission.DecoderInjector.
// A decoder will be automatically injected.

// InjectDecoder injects the decoder.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
// KCPScaleValidator implements admission.DecoderInjector.
// A decoder will be automatically injected.
// InjectDecoder injects the decoder.
// InjectDecoder injects the decoder.
// KCPScaleValidator implements admission.DecoderInjector.
// A decoder will be automatically injected.

@sbueringer
Copy link
Member

Regrading back porting: Let's discuss that later, usually it's just triggering the cherry pick bot (but we have to decide to which branches we want to backport)

Regarding testing: I would suggest a table test ~ like it's done here:

cluster-api/api/v1beta1/machinedeployment_webhook_test.go

Line 60 in ec1fa65

func TestMachineDeploymentValidation(t *testing.T) {

But you have to additionally:

  • create the webhook with a fakeclient (you can see in cluster_test.go how to do that)
  • set a decoder. I think you can do that with admission.NewDecoder(scheme). You probably have to create a scheme for the test and add the KCP types ~:
fakeScheme   = runtime.NewScheme()
_ = kcpv1.AddToScheme(scheme)

@dharmjit dharmjit marked this pull request as ready for review November 25, 2021 16:55
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 25, 2021
@dharmjit
Copy link
Contributor Author

@sbueringer @randomvariable, PTAL, I had fixed the review comments and also added the test for the webhook.

sbueringer
sbueringer reviewed Nov 29, 2021
View reviewed changes
Copy link
Member

@sbueringer sbueringer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thx!!

One last nit from my side, otherwise lgtm.

Feel free to resolve the resolved conversations.

controlplane/kubeadm/webhooks/scale_test.go Outdated Show resolved Hide resolved
@sbueringer
Copy link
Member

/lgtm

/assign @randomvariable

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 29, 2021
vincepri
vincepri reviewed Dec 1, 2021
View reviewed changes
controlplane/kubeadm/main.go
Comment on lines +250 to +254
mgr.GetWebhookServer().Register("/validate-scale-controlplane-cluster-x-k8s-io-v1beta1-kubeadmcontrolplane", &webhook.Admission{
Handler: &kcpwebhooks.ScaleValidator{
Client: mgr.GetClient(),
},
})
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sbueringer Sidenote, the Scale subresource should probably have top-level support in Controller Runtime

controlplane/kubeadm/webhooks/scale.go Outdated

if !externalEtcd {
if scale.Spec.Replicas%2 == 0 {
return admission.Denied("replicas cannot be an even number when using managed etcd")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
return admission.Denied("replicas cannot be an even number when using managed etcd")
return admission.Denied("replicas cannot be an even number when etcd is stacked")

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this message is the same in the regular webhook, if yes, let's update both

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated the message at both places.

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 2, 2021
@sbueringer
Copy link
Member

@dharmjit Looks good, can you please squash the commits?

@dharmjit
Added C-R validating webhook for KCP scale subresource
035e915 
Signed-off-by: Dharmjit Singh <sdharmjit@vmware.com>
@sbueringer
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Dec 3, 2021
@vincepri
Copy link
Member

vincepri commented Dec 3, 2021

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: vincepri

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Dec 3, 2021
@k8s-ci-robot k8s-ci-robot merged commit 137861a into kubernetes-sigs:main Dec 3, 2021
@k8s-ci-robot k8s-ci-robot added this to the v1.1 milestone Dec 3, 2021
@dharmjit dharmjit mentioned this pull request Jan 27, 2022
Closed
7 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@randomvariable randomvariable randomvariable left review comments

@vincepri vincepri vincepri left review comments

@sbueringer sbueringer sbueringer left review comments

@JoelSpeed JoelSpeed Awaiting requested review from JoelSpeed

Assignees

@randomvariable randomvariable

@sbueringer sbueringer

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v1.1
Development

Successfully merging this pull request may close these issues.

Implement validation for the KCP scale sub-resource
5 participants
@dharmjit @k8s-ci-robot @sbueringer @vincepri @randomvariable