Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⚠️ : (kustomize/v2, go/v4): Stop to scaffold CA patch injection since it is unnecessary #3555

Conversation

lentzi90
Copy link

This patch is no longer needed since it is injected by the replacements anyway.

Fixes #3538

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Aug 25, 2023
Copy link
Member

@camilamacedo86 camilamacedo86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you a lot for your contribution 🥇
Following some notes and recommendations.

Please, note that when you do a change you must run make generate to generate the samples.

Also, please be aware that after your change it must pass in the e2e tests so that we can ensure that all still working fine as expected.

By last, the emoji is wrong because it is a change that affects the users. In this case it seems that the best one would to be :bug: or :warning:.

Also, can you update the title for a clear explanation about the change since it is used to generate the release notes? Example: :bug: (kustomize/v2, go/v4): Stop to scaffold CA patch injection since it is unnecessary

@lentzi90 lentzi90 changed the title 🌱 Remove unnecessary patch for CA injection 🐛 (kustomize/v2, go/v4): Stop to scaffold CA patch injection since it is unnecessary Aug 25, 2023
@lentzi90
Copy link
Author

Hmm I'm having some issue running make generate even on master. Will have to dig a bit...

What I'm seeing is this:

git status
On branch master
Your branch is up to date with 'origin/master'.

nothing to commit, working tree cleanmake generate
rm -rf testdata/
./test/testdata/generate.sh
Building kubebuilder
~/workspace/kubebuilder/testdata/project-v2 ~/workspace/kubebuilder
rm: cannot remove '/usr/local/bin/kustomize': Permission denied
make: *** [Makefile:72: generate-testdata] Error 1

@camilamacedo86
Copy link
Member

camilamacedo86 commented Aug 26, 2023

Hi @lentzi90,

It seems that the script is unable to cleanup/remove all from the dir testdata before moveforward.

Run sudo rm-rf testdata/
Then, re-run make generate.

Example:
Screenshot 2023-08-26 at 16 53 24

Also, please ensure that you have your branch rebase with master changes as well.

@lentzi90 lentzi90 force-pushed the lentzi90/remove-unnecessary-patch branch from fdd6fc3 to c0f04db Compare August 28, 2023 05:23
@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Aug 28, 2023
@lentzi90
Copy link
Author

Interesting... I had to do

sudo rm -rf testdata
sudo rm -rf docs/book/src/component-config-tutorial/testdata/project/bin
sudo rm -rf docs/book/src/multiversion-tutorial/testdata/project/bin

to get a successful make generate. I'm curious if/why no one else have these issue 🤔

@lentzi90 lentzi90 force-pushed the lentzi90/remove-unnecessary-patch branch from c0f04db to 79165fb Compare August 28, 2023 05:33
@lentzi90
Copy link
Author

Ok so it is complaining that the API changed. I can understand that, but I'm not sure how to solve it. Should we keep the API but make it a no-op?

@lentzi90 lentzi90 force-pushed the lentzi90/remove-unnecessary-patch branch 3 times, most recently from 244c496 to 6d06a85 Compare August 28, 2023 09:21
@lentzi90
Copy link
Author

Hmm I got a clean e2e test locally before pushing this 🤔
It seems extremely unlikely that it would be a flake but I'm going to check one more time
/test pull-kubebuilder-e2e-k8s-1-27-1

@lentzi90
Copy link
Author

Alright so it somehow was a flake. Weird. Then the only remaining question from my side is this:

Ok so it is complaining that the API changed. I can understand that, but I'm not sure how to solve it. Should we keep the API but make it a no-op?

@camilamacedo86
Copy link
Member

camilamacedo86 commented Aug 31, 2023

Alright so it somehow was a flake. Weird. Then the only remaining question from my side is this:

Ok so it is complaining that the API changed. I can understand that, but I'm not sure how to solve it. Should we keep the API but make it a no-op?

Kubebuilder is a LIB as well. So, it is saying that the change broke the kubebuilder API because the option no longer exist.

sigs.k8s.io/kubebuilder/v3/pkg/plugins/common/kustomize/v2/scaffolds/internal/templates/config/crd/patches
Incompatible changes:

  • EnableCAInjectionPatch: removed

That is fine we can move forward in this case because it does not seems break endusers.
However, we must to use the right emoj and communicate

I am updating the title accordingly

@camilamacedo86 camilamacedo86 changed the title 🐛 (kustomize/v2, go/v4): Stop to scaffold CA patch injection since it is unnecessary ⚠️ : (kustomize/v2, go/v4): Stop to scaffold CA patch injection since it is unnecessary Aug 31, 2023
Copy link
Member

@camilamacedo86 camilamacedo86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It seems make sense for me and the changes shows fine.
It does not seems a breaking change for those who already scaffold a project with the old versions.

So I am /lgtm

But I also would like to get feedback from others from the community

Let's see if others can help either.
Thx

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Aug 31, 2023
The CA injection annotation is now unnecessary since switching from vars
to replacements in the kustomization. The replacements have "create:
true" which means that they will add the annotation if it is not already
there, hence the patch is not needed.
@lentzi90 lentzi90 force-pushed the lentzi90/remove-unnecessary-patch branch from 6d06a85 to 9309399 Compare September 1, 2023 10:42
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Sep 1, 2023
@lowang-bh
Copy link
Member

 remove '/usr/local/bin/kustomize': Permission denied

I also met this error. I try to add write permission to this dir and then works. You can have a try.

#3579

Copy link
Member

@camilamacedo86 camilamacedo86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approved cancel

We will need to check it further

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: lentzi90
Once this PR has been reviewed and has the lgtm label, please assign camilamacedo86 for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. and removed approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Sep 4, 2023
@k8s-ci-robot
Copy link
Contributor

PR needs rebase.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Copy link
Member

@camilamacedo86 camilamacedo86 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lentzi90,

Thank you for raising it.

Upon reviewing your PR (#3555), it seems that the root of the issue might lie in the replacements. We must consider genuine scenarios where users might want to decide which resource should have the cert-manager injected.

Rather than removing the injections altogether, it might be more appropriate to address the replacements. Our goal should be to ensure that the certmanager is only injected into the uncommented files.

Would you like to help us to sorting it out by changing the replacement to ensure that we will ONLY inject the cert-manager in the CRDs and/or webhooks which are uncommented?

Please, see the comment for further information: #3538 (comment)

@lentzi90
Copy link
Author

lentzi90 commented Sep 4, 2023

Thanks for the explanation! I commented on the issue also. I will give it some thought, although I don't have an immediate solution to this. If I come up with something I will try to implement it and push here

@k8s-ci-robot
Copy link
Contributor

@lentzi90: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-kubebuilder-e2e-k8s-1-26-6 9309399 link true /test pull-kubebuilder-e2e-k8s-1-26-6
pull-kubebuilder-e2e-k8s-1-27-3 9309399 link true /test pull-kubebuilder-e2e-k8s-1-27-3
pull-kubebuilder-e2e-k8s-1-28-0 9309399 link true /test pull-kubebuilder-e2e-k8s-1-28-0

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@lentzi90 lentzi90 closed this Oct 27, 2023
@lentzi90 lentzi90 deleted the lentzi90/remove-unnecessary-patch branch October 27, 2023 11:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Unnecessary patch for CA injection
4 participants