Removed --webhook option
#1497
Merged
Removed --webhook option
#1497
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Summary: Now that KUDO moves towards a better support of multiple plans (e.g. `kudoctl plan trigger` command), the existing instance admission webhook becomes necessary to guarantee the plan execution consistency. More on KUDO [admission controller](https://kudo.dev/docs/developing-operators/plans.html#admission-controllers) in the documentation. This PR removes the `--webhook` option and thus makes the instance admission webhook required. This is a breaking change since the users will have to either have [cert-manager](https://cert-manager.io/) installed or use the `--unsafe-self-signed-webhook-ca` option when initializing KUDO. For existing installations one would need to run [kudo init](https://kudo.dev/docs/cli.html#examples) to create missing secret/webhook configuration. Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
zen-dog
added
the
release/breaking-change
zen-dog
commented
May 7, 2020
| } | ||
|
|
||
| // ---------- 3. Check if we should start execution of new plan ---------- | ||
| // ---------- 2. Check if we should start execution of new plan ---------- |
There was a problem hiding this comment.
Webhook sets the finalizer on creation
zen-dog
commented
May 7, 2020
| @@ -214,9 +202,9 @@ func (r *Reconciler) Reconcile(request ctrl.Request) (ctrl.Result, error) { | |||
| r.Recorder.Event(instance, "Normal", "PlanStarted", fmt.Sprintf("Execution of plan %s started", convert.StringValue(newExecutionPlan))) | |||
| } | |||
|
|
|||
| // ---------- 4. If there's currently active plan, continue with the execution ---------- | |||
| // ---------- 3. If there's currently active plan, continue with the execution ---------- | |||
There was a problem hiding this comment.
I didn't want to complicate this PR but steps 2. and 3. can be merged now as the logic becomes considerably simpler. I'll do this in a followup.
zen-dog
commented
May 7, 2020
| close(stopMgr) | ||
| mgrStopped.Wait() | ||
|
|
||
| log.Print("And update the instance parameter value") |
There was a problem hiding this comment.
This test is not needed anymore as the webhook will decline Instance updates when the manager is down.
zen-dog
commented
May 7, 2020
| @@ -0,0 +1,19 @@ | |||
| -----BEGIN CERTIFICATE----- | |||
There was a problem hiding this comment.
Below the server certificates (and the bundle just in case) used for integration tests
zen-dog
commented
May 7, 2020
| @@ -48,3 +37,15 @@ spec: | |||
| selector: | |||
| instance: {{ .Name }} | |||
| label: {{ .Params.LABEL }} | |||
|
|
|||
There was a problem hiding this comment.
Fun fact: the order matters: Instance has to be applied after the OperatorVerson of the webhook will decline the CREATE request.
zen-dog
commented
May 7, 2020
| @@ -1,10 +0,0 @@ | |||
| apiVersion: kudo.dev/v1beta1 | |||
There was a problem hiding this comment.
This test checks that you can install Instance before the OperatorVersion. This doesn't work anymore
zen-dog
commented
May 7, 2020
zen-dog
commented
May 7, 2020
| apiVersion: kudo.dev/v1beta1 | ||
| kind: TestStep | ||
| commands: | ||
| - command: kubectl kudo update --instance update-command-instance -p "param2=othervalue" |
There was a problem hiding this comment.
This step would make the same (updating some param) as the previous one (02). I removed it.
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
|
Ignore failing integration tests. This kuttl/#77 PR will make it green again. |
ANeumann82
reviewed
May 8, 2020
nfnt
requested changes
May 8, 2020
ANeumann82
approved these changes
May 8, 2020
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
nfnt
reviewed
May 8, 2020
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
This reverts commit 3f1d82d. Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
zen-dog
force-pushed
the
ad/required-webhook
branch
2 times, most recently
from
9bdb541
to
8f11643
Compare
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
zen-dog
added a commit
to kudobuilder/operators
that referenced
this pull request
May 11, 2020
Summary: With [kudo/#1497](kudobuilder/kudo#1497) KUDO is making the instance admission webhook required. This PR adds the necessary manifests and certificate files to the tests. Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
zen-dog
pushed a commit
to kudobuilder/operators
that referenced
this pull request
May 11, 2020
Summary: With [kudo/#1497](kudobuilder/kudo#1497) KUDO is making the instance admission webhook required. This PR adds the necessary manifests and certificate files to the tests. Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
|
Ok, so the reason e2e operators tests are failing is that we run them with a local ./bin/manager and not with the manager-as-pod like the other e2e tests. We need to change that before the e2e tests get green. |
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
as they are generated by `kudo init` or not needed anymore Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
nfnt
reviewed
May 19, 2020
nfnt
reviewed
May 19, 2020
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
Now that KUDO moves towards a better support of multiple plans (e.g.
kudoctl plan triggercommand), the existing instance admission webhook becomes necessary to guarantee the plan execution consistency. More on KUDO admission controller in the documentation.This PR removes the
--webhookoption and thus makes the instance admission webhook required. This is a breaking change since the users will have to either install cert-manager installed or use the--unsafe-self-signed-webhook-caoption when initializing KUDO. For existing installations, one would need to run kudo init to create the missing secret/webhook configuration.Signed-off-by: Aleksey Dukhovniy alex.dukhovniy@googlemail.com