Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Deletion verb interrupted by mutating handler #1762

Closed
AnyISalIn opened this issue Dec 31, 2021 · 14 comments
Closed

Deletion verb interrupted by mutating handler #1762

AnyISalIn opened this issue Dec 31, 2021 · 14 comments
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.

Comments

@AnyISalIn
Copy link
Contributor

Environment

  • kubebuilder v3.1.0
  • controller-runtime v0.8.3
  • kubernetes 1.20.3

How to reproduce

  • enable deletion validation for CRD
  • enable mutating handler for CRD
  • execute kubectl delete <crd> <cr>, its should returns Error from server: admission webhook "xxxxxx" denied the request: there is no content to decode

Possible Problems

when you want to delete a CR, mutaing handler want to Decode(req.Object), however it doesn't work, cause Kubernetes DELETE Admission Request Body only contains OldObject and the deletion verb is broken.

can we skip deletion verb in the mutating handler?

Reference Issues

#1278
@AnyISalIn AnyISalIn changed the title Deletion verb interrupted by muting handler Deletion verb interrupted by mutating handler Dec 31, 2021
@FillZpp
Copy link
Contributor

FillZpp commented Dec 31, 2021
edited

Yeah, it used to be in req.Object and has been moved to req.OldObject since Kubernetes 1.16 for both validating and mutating DELETE.

I'm not sure should we just skip for deletion request here, or improve it like this:

	reqObj := req.Object
	if req.Operation == admissionv1.Delete {
		reqObj = req.OldObject
	}
	if err := h.decoder.DecodeRaw(reqObj, obj); err != nil {
		return Errored(http.StatusBadRequest, err)
	}

	...
	return PatchResponseFromRaw(reqObj.Raw, marshalled)

I prefer the latter one, for it is a little weird if users enabled DELETE mutation and got nothing when objects deleted.

@AnyISalIn
Copy link
Contributor Author

@FillZpp Thanks! but I don't know what happens when mutations return some diff patches when sending DELETE verb?

@FillZpp
Copy link
Contributor

FillZpp commented Dec 31, 2021

@FillZpp Thanks! but I don't know what happens when mutations return some diff patches when sending DELETE verb?

That's the problem. Could you run a test for the scenario? Or I can do this when I'm free in the new year :)

@AnyISalIn
Copy link
Contributor Author

@FillZpp Thanks! but I don't know what happens when mutations return some diff patches when sending DELETE verb?

That's the problem. Could you run a test for the scenario? Or I can do this when I'm free in the new year :)

Okay, I will try later, Happy New Year.

@AnyISalIn
Copy link
Contributor Author

AnyISalIn commented Jan 4, 2022
edited

@FillZpp Kubernetes seems unable to handle patches on DELETE verb in mutation handler, see from here mutating/dispatcher.go#L315, may we need to skip it?

Error from server (InternalError): Internal error occurred: admission webhook "mmutatingtest.kb.io" attempted to modify the object, which is not supported for this operation

@AnyISalIn AnyISalIn mentioned this issue Jan 4, 2022
Merged
@FillZpp
Copy link
Contributor

FillZpp commented Jan 5, 2022

Kubernetes seems unable to handle patches on DELETE verb in mutation handler, see from here mutating/dispatcher.go#L315

Alright, if so, I think it is reasonable to skip this verb.

What's more, I'm not sure if we should disable the DELETE verb in controller-tools so that it will not generate it in MutatingWebhookConfiguration or return an error to warn users that DELETE can not be used in mutating webhook?

Any suggestions? @alvaroaleman @vincepri

@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 5, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels May 5, 2022
@FillZpp
Copy link
Contributor

FillZpp commented May 5, 2022

/remove-lifecycle rotten

@k8s-ci-robot k8s-ci-robot removed the lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. label May 5, 2022
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 3, 2022
@FillZpp
Copy link
Contributor

FillZpp commented Aug 3, 2022

/remove-lifecycle rotten

@alvaroaleman
Copy link
Member

The fix was merged, why are we keeping this open?

@FillZpp
Copy link
Contributor

FillZpp commented Aug 4, 2022

The fix was merged, why are we keeping this open?

Oh sorry, my mistake.

/close

@k8s-ci-robot
Copy link
Contributor

@FillZpp: Closing this issue.

In response to this:

The fix was merged, why are we keeping this open?

Oh sorry, my mistake.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@iiiceoo iiiceoo mentioned this issue Nov 18, 2022
Closed
@arielsepton arielsepton mentioned this issue Apr 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@alvaroaleman @FillZpp @AnyISalIn @k8s-ci-robot @k8s-triage-robot