-
Notifications
You must be signed in to change notification settings - Fork 104
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removed --webhook
option
#1497
Removed --webhook
option
#1497
Conversation
Summary: Now that KUDO moves towards a better support of multiple plans (e.g. `kudoctl plan trigger` command), the existing instance admission webhook becomes necessary to guarantee the plan execution consistency. More on KUDO [admission controller](https://kudo.dev/docs/developing-operators/plans.html#admission-controllers) in the documentation. This PR removes the `--webhook` option and thus makes the instance admission webhook required. This is a breaking change since the users will have to either have [cert-manager](https://cert-manager.io/) installed or use the `--unsafe-self-signed-webhook-ca` option when initializing KUDO. For existing installations one would need to run [kudo init](https://kudo.dev/docs/cli.html#examples) to create missing secret/webhook configuration. Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
} | ||
|
||
// ---------- 3. Check if we should start execution of new plan ---------- | ||
// ---------- 2. Check if we should start execution of new plan ---------- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Webhook sets the finalizer on creation
@@ -214,9 +202,9 @@ func (r *Reconciler) Reconcile(request ctrl.Request) (ctrl.Result, error) { | |||
r.Recorder.Event(instance, "Normal", "PlanStarted", fmt.Sprintf("Execution of plan %s started", convert.StringValue(newExecutionPlan))) | |||
} | |||
|
|||
// ---------- 4. If there's currently active plan, continue with the execution ---------- | |||
// ---------- 3. If there's currently active plan, continue with the execution ---------- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I didn't want to complicate this PR but steps 2. and 3. can be merged now as the logic becomes considerably simpler. I'll do this in a followup.
close(stopMgr) | ||
mgrStopped.Wait() | ||
|
||
log.Print("And update the instance parameter value") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test is not needed anymore as the webhook will decline Instance updates when the manager is down.
@@ -0,0 +1,19 @@ | |||
-----BEGIN CERTIFICATE----- |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Below the server certificates (and the bundle just in case) used for integration tests
@@ -48,3 +37,15 @@ spec: | |||
selector: | |||
instance: {{ .Name }} | |||
label: {{ .Params.LABEL }} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fun fact: the order matters: Instance
has to be applied after the OperatorVerson
of the webhook will decline the CREATE request.
@@ -1,10 +0,0 @@ | |||
apiVersion: kudo.dev/v1beta1 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This test checks that you can install Instance
before the OperatorVersion
. This doesn't work anymore
apiVersion: kudo.dev/v1beta1 | ||
kind: TestStep | ||
commands: | ||
- command: kubectl kudo update --instance update-command-instance -p "param2=othervalue" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This step would make the same (updating some param) as the previous one (02
). I removed it.
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Ignore failing integration tests. This kuttl/#77 PR will make it green again. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is looking great and removing quite a lot of "if"-s, awesome! Have some minor comments and nitpicks though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, apart from the things @nfnt mentioned
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good! 🚢
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
This reverts commit 3f1d82d. Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
9bdb541
to
8f11643
Compare
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Summary: With [kudo/#1497](kudobuilder/kudo#1497) KUDO is making the instance admission webhook required. This PR adds the necessary manifests and certificate files to the tests. Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Summary: With [kudo/#1497](kudobuilder/kudo#1497) KUDO is making the instance admission webhook required. This PR adds the necessary manifests and certificate files to the tests. Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Ok, so the reason e2e operators tests are failing is that we run them with a local ./bin/manager and not with the manager-as-pod like the other e2e tests. We need to change that before the e2e tests get green. |
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
as they are generated by `kudo init` or not needed anymore Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Summary:
Now that KUDO moves towards a better support of multiple plans (e.g.
kudoctl plan trigger
command), the existing instance admission webhook becomes necessary to guarantee the plan execution consistency. More on KUDO admission controller in the documentation.This PR removes the
--webhook
option and thus makes the instance admission webhook required. This is a breaking change since the users will have to either install cert-manager installed or use the--unsafe-self-signed-webhook-ca
option when initializing KUDO. For existing installations, one would need to run kudo init to create the missing secret/webhook configuration.Signed-off-by: Aleksey Dukhovniy alex.dukhovniy@googlemail.com