Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integration test for proxy-injector reinvocation #6309

Merged
merged 4 commits into from
Jun 19, 2021
Merged

Integration test for proxy-injector reinvocation #6309

merged 4 commits into from
Jun 19, 2021

Conversation

alpeb
Copy link
Member

@alpeb alpeb commented Jun 18, 2021
edited

Preliminary for #3750 and #6267

This uses kubemod, a generic mutating webhook, in a new integration test to prove that the proxy-injector is ignoring changes made by webhooks that run after it.

Once we implement reinvocation for the injector, this test should also be changed to reflect that.

@alpeb
Integration test for proxy-injector reinvocation
b97d1de 
Preliminary for #3750 and #6267

This uses a generic [kubemod](https://github.com/kubemod/kubemod), a
generic mutating webhook, in a new integration test to prove that the
proxy-injector is ignoring changes made by webhooks run after it.

Once we implement reinvocation for the injector, this test should also
be changed to reflect that.
@alpeb alpeb requested a review from a team as a code owner June 18, 2021 15:52
adleong
adleong approved these changes Jun 18, 2021
View reviewed changes
Copy link
Member

@adleong adleong left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice test

kleimkuhler
kleimkuhler approved these changes Jun 19, 2021
View reviewed changes
Copy link
Contributor

@kleimkuhler kleimkuhler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good aside from some nit comments!

test/integration/reinvocation/reinvocation_test.go Outdated Show resolved Hide resolved
test/integration/reinvocation/testdata/inject_test.yaml Outdated Show resolved Hide resolved
alpeb and others added 2 commits June 19, 2021 08:18
@alpeb @kleimkuhler
Update test/integration/reinvocation/reinvocation_test.go
ee2677b 
Co-authored-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
@alpeb @kleimkuhler
Update test/integration/reinvocation/testdata/inject_test.yaml
926e293 
Co-authored-by: Kevin Leimkuhler <kevin@kleimkuhler.com>
@alpeb alpeb merged commit f6891ca into main Jun 19, 2021
@alpeb alpeb deleted the alpeb/injector-reinvoke branch June 19, 2021 14:26
alpeb added a commit that referenced this pull request Jun 22, 2021
@alpeb
Add support for proxy injector reinvocation
2532298 
Fixes #3750 and partially #6267

As of k8s 1.15 mutating webhooks can be reinvoked whenever another mutating webhook running after the current one mutates the pod being persisted.
Enabling reinvocation for the injector will allow configuring the proxy with annotations generated by such other mutating webhooks.

The implementation consists on adding "remove" statements into the json patch returned by the injector, implemented mostly in the new file `pkg/inject/pod_patch.go` which now holds the `podPatch`, moved from `pkg/inject/inject.go`.

This also updates the "reinvocation" integration test introduced in #6309 to properly verify the reinvocation is happening.

And this also means the "existing proxy sidecar" check is no longer relevant, and has been limited to "existing 3rd party sidecar".

Possible followup: refactor the CLI inject and uninject commands to properly leverage the cleanup done by this patch.
@alpeb alpeb mentioned this pull request Jun 22, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@adleong adleong adleong approved these changes

@kleimkuhler kleimkuhler kleimkuhler approved these changes

Assignees
No one assigned
Labels
area/injector
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@alpeb @adleong @kleimkuhler