Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delete validation for Validator interface is broken on k8s versions < 1.15 #845

Closed
mrparkers opened this issue Mar 9, 2020 · 11 comments
Closed

Delete validation for Validator interface is broken on k8s versions < 1.15 #845

mrparkers opened this issue Mar 9, 2020 · 11 comments
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done.
Milestone
Next

Comments

@mrparkers
Copy link

mrparkers commented Mar 9, 2020
edited
Loading

Hi, I'm using controller-runtime@v0.4.0 on a local Kubernetes cluster (v1.14.7). I'm running into an issue with implementing the Validator interface for a ValidatingAdmissionWebhook.

After implementing this interface, create/update works just fine, but delete always fails with this error message:

Error from server: error when deleting "crd.yaml": admission webhook "vcrd.example.com" denied the request: there is no content to decode

It looks like the code that consumes the Validator interface assumes that req.OldObject exists:

controller-runtime/pkg/webhook/admission/validator.go

Line 96 in d0de78d

err := h.decoder.DecodeRaw(req.OldObject, obj)

The Kubernetes PR that is referenced in the comments (kubernetes/kubernetes#76346) adds this field to the request that the API server sends to the webhook. This PR landed in 1.15, which is an issue for users that run local Kubernetes via Docker for Mac, which currently uses 1.14 in the stable channel, or Amazon EKS customers, which does not yet support 1.15.

If you'd like, I'd be willing to attempt a PR to fix this problem.

Thanks!
@YangKeao YangKeao mentioned this issue Mar 16, 2020
Merged
@vincepri
Copy link
Member

/help
/priority awaiting-more-evidence

@k8s-ci-robot
Copy link
Contributor

@vincepri:
This request has been marked as needing help from a contributor.

Please ensure the request meets the requirements listed here.

If this request no longer meets these requirements, the label can be removed
by commenting with the /remove-help command.

In response to this:

/help
/priority awaiting-more-evidence

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done. help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. labels Mar 26, 2020
@vincepri vincepri added this to the Next milestone Mar 26, 2020
@mengqiy
Copy link
Member

mengqiy commented Mar 26, 2020

controller-runtime/pkg/webhook/admission/validator.go

Lines 94 to 96 in fc39662

// In reference to PR: https://github.com/kubernetes/kubernetes/pull/76346
// OldObject contains the object being deleted
err := h.decoder.DecodeRaw(req.OldObject, obj)

kubernetes/kubernetes#76346 this PR only started to be avavilable in 1.15+.
In <=1.14, the old object is not passed in the admission request body for delete operation.
I guess the fix is to check if req.OldObject is empty in the Delete operation. If empty, just skip it.

@yiqigao217 yiqigao217 mentioned this issue Apr 28, 2020
Closed
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Jun 24, 2020
@binoue binoue mentioned this issue Jul 17, 2020
Closed
@YangKeao
Copy link

@mrparkers Are you working on this issue? If not, I will submit a PR to fix this 🍻 .

@YangKeao YangKeao mentioned this issue Jul 20, 2020
Closed
7 tasks
@mrparkers
Copy link
Author

@YangKeao this isn't something I'm worried about anymore since AWS EKS supports 1.15+ where this issue is not present. Feel free to take this on if you'd like 👍

@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Aug 19, 2020
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@felipeweb
Copy link

I'm having this issue on kind v0.9.0 go1.15.2 linux/amd64

/reopen

@k8s-ci-robot
Copy link
Contributor

@felipeweb: You can't reopen an issue/PR unless you authored it or you are a collaborator.

In response to this:

I'm having this issue on kind v0.9.0 go1.15.2 linux/amd64

/reopen

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. priority/awaiting-more-evidence Lowest priority. Possibly useful, but not yet enough support to actually get it done.
Projects
None yet
Milestone
Next
Development

No branches or pull requests
7 participants
@mengqiy @vincepri @mrparkers @felipeweb @YangKeao @k8s-ci-robot @fejta-bot