configurable failurePolicy for validating webhooks #1623

attiss · 2022-10-03T17:47:01Z

This PR adds a new configuration option to the helm chart: crds.validationFailurePolicy. The value is injected into the validating webhook's failurePolicy field. Defaults to Fail (current behavior).

Closes #1598

attiss · 2022-10-03T17:51:03Z

test: default value

helm install --dry-run --debug metallb .

install.go:192: [debug] Original chart version: ""
install.go:209: [debug] CHART PATH: /Users/attiss/git/metallb/charts/metallb

NAME: metallb
LAST DEPLOYED: Mon Oct  3 19:34:10 2022
NAMESPACE: default
STATUS: pending-install
REVISION: 1
TEST SUITE: None
USER-SUPPLIED VALUES:
{}

COMPUTED VALUES:
controller:
  affinity: {}
  enabled: true
  image:
    pullPolicy: null
    repository: quay.io/metallb/controller
    tag: null
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  logLevel: info
  nodeSelector: {}
  podAnnotations: {}
  priorityClassName: ""
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  resources: {}
  runtimeClassName: ""
  securityContext:
    fsGroup: 65534
    runAsNonRoot: true
    runAsUser: 65534
  serviceAccount:
    annotations: {}
    create: true
    name: ""
  strategy:
    type: RollingUpdate
  tolerations: []
crds:
  enabled: true
  global: {}
  validationFailurePolicy: Fail
fullnameOverride: ""
imagePullSecrets: []
loadBalancerClass: ""
nameOverride: ""
prometheus:
  controllerMetricsTLSSecret: ""
  metricsPort: 7472
  namespace: ""
  podMonitor:
    additionalLabels: {}
    annotations: {}
    enabled: false
    interval: null
    jobLabel: app.kubernetes.io/name
    metricRelabelings: []
    relabelings: []
  prometheusRule:
    additionalLabels: {}
    addressPoolExhausted:
      enabled: true
      labels:
        severity: alert
    addressPoolUsage:
      enabled: true
      thresholds:
      - labels:
          severity: warning
        percent: 75
      - labels:
          severity: warning
        percent: 85
      - labels:
          severity: alert
        percent: 95
    annotations: {}
    bgpSessionDown:
      enabled: true
      labels:
        severity: alert
    configNotLoaded:
      enabled: true
      labels:
        severity: warning
    enabled: false
    extraAlerts: []
    staleConfig:
      enabled: true
      labels:
        severity: warning
  rbacPrometheus: true
  rbacProxy:
    repository: gcr.io/kubebuilder/kube-rbac-proxy
    tag: v0.12.0
  scrapeAnnotations: false
  serviceAccount: ""
  serviceMonitor:
    controller:
      additionalLabels: {}
      annotations: {}
      tlsConfig:
        insecureSkipVerify: true
    enabled: false
    interval: null
    jobLabel: app.kubernetes.io/name
    metricRelabelings: []
    relabelings: []
    speaker:
      additionalLabels: {}
      annotations: {}
      tlsConfig:
        insecureSkipVerify: true
  speakerMetricsTLSSecret: ""
rbac:
  create: true
speaker:
  affinity: {}
  enabled: true
  frr:
    enabled: false
    image:
      pullPolicy: null
      repository: frrouting/frr
      tag: v7.5.1
    metricsPort: 7473
  image:
    pullPolicy: null
    repository: quay.io/metallb/speaker
    tag: null
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  logLevel: info
  memberlist:
    enabled: true
    mlBindPort: 7946
  nodeSelector: {}
  podAnnotations: {}
  priorityClassName: ""
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  resources: {}
  runtimeClassName: ""
  serviceAccount:
    annotations: {}
    create: true
    name: ""
  tolerateMaster: true
  tolerations: []
  updateStrategy:
    type: RollingUpdate

HOOKS:
MANIFEST:
<output omitted>
---
# Source: metallb/templates/webhooks.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: metallb-webhook-configuration
  labels:
    helm.sh/chart: metallb-0.0.0
    app.kubernetes.io/name: metallb
    app.kubernetes.io/instance: metallb
    app.kubernetes.io/version: "v0.0.0"
    app.kubernetes.io/managed-by: Helm
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-addresspool
  failurePolicy: Fail
  name: addresspoolvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - addresspools
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta2-bgppeer
  failurePolicy: Fail
  name: bgppeervalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta2
    operations:
    - CREATE
    - UPDATE
    resources:
    - bgppeers
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-ipaddresspool
  failurePolicy: Fail
  name: ipaddresspoolvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - ipaddresspools
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-bgpadvertisement
  failurePolicy: Fail
  name: bgpadvertisementvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - bgpadvertisements
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-community
  failurePolicy: Fail
  name: communityvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - communities
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-bfdprofile
  failurePolicy: Fail
  name: bfdprofilevalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - DELETE
    resources:
    - bfdprofiles
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-l2advertisement
  failurePolicy: Fail
  name: l2advertisementvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - l2advertisements
  sideEffects: None

NOTES:
MetalLB is now running in the cluster.

Now you can configure it via its CRs. Please refer to the metallb official docs
on how to use the CRs.

attiss · 2022-10-03T17:53:23Z

test: `Fail`

helm install --dry-run --debug --set crds.validationFailurePolicy=Fail metallb .

install.go:192: [debug] Original chart version: ""
install.go:209: [debug] CHART PATH: /Users/attiss/git/metallb/charts/metallb

NAME: metallb
LAST DEPLOYED: Mon Oct  3 19:29:42 2022
NAMESPACE: default
STATUS: pending-install
REVISION: 1
TEST SUITE: None
USER-SUPPLIED VALUES:
crds:
  validationFailurePolicy: Fail

COMPUTED VALUES:
controller:
  affinity: {}
  enabled: true
  image:
    pullPolicy: null
    repository: quay.io/metallb/controller
    tag: null
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  logLevel: info
  nodeSelector: {}
  podAnnotations: {}
  priorityClassName: ""
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  resources: {}
  runtimeClassName: ""
  securityContext:
    fsGroup: 65534
    runAsNonRoot: true
    runAsUser: 65534
  serviceAccount:
    annotations: {}
    create: true
    name: ""
  strategy:
    type: RollingUpdate
  tolerations: []
crds:
  enabled: true
  global: {}
  validationFailurePolicy: Fail
fullnameOverride: ""
imagePullSecrets: []
loadBalancerClass: ""
nameOverride: ""
prometheus:
  controllerMetricsTLSSecret: ""
  metricsPort: 7472
  namespace: ""
  podMonitor:
    additionalLabels: {}
    annotations: {}
    enabled: false
    interval: null
    jobLabel: app.kubernetes.io/name
    metricRelabelings: []
    relabelings: []
  prometheusRule:
    additionalLabels: {}
    addressPoolExhausted:
      enabled: true
      labels:
        severity: alert
    addressPoolUsage:
      enabled: true
      thresholds:
      - labels:
          severity: warning
        percent: 75
      - labels:
          severity: warning
        percent: 85
      - labels:
          severity: alert
        percent: 95
    annotations: {}
    bgpSessionDown:
      enabled: true
      labels:
        severity: alert
    configNotLoaded:
      enabled: true
      labels:
        severity: warning
    enabled: false
    extraAlerts: []
    staleConfig:
      enabled: true
      labels:
        severity: warning
  rbacPrometheus: true
  rbacProxy:
    repository: gcr.io/kubebuilder/kube-rbac-proxy
    tag: v0.12.0
  scrapeAnnotations: false
  serviceAccount: ""
  serviceMonitor:
    controller:
      additionalLabels: {}
      annotations: {}
      tlsConfig:
        insecureSkipVerify: true
    enabled: false
    interval: null
    jobLabel: app.kubernetes.io/name
    metricRelabelings: []
    relabelings: []
    speaker:
      additionalLabels: {}
      annotations: {}
      tlsConfig:
        insecureSkipVerify: true
  speakerMetricsTLSSecret: ""
rbac:
  create: true
speaker:
  affinity: {}
  enabled: true
  frr:
    enabled: false
    image:
      pullPolicy: null
      repository: frrouting/frr
      tag: v7.5.1
    metricsPort: 7473
  image:
    pullPolicy: null
    repository: quay.io/metallb/speaker
    tag: null
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  logLevel: info
  memberlist:
    enabled: true
    mlBindPort: 7946
  nodeSelector: {}
  podAnnotations: {}
  priorityClassName: ""
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  resources: {}
  runtimeClassName: ""
  serviceAccount:
    annotations: {}
    create: true
    name: ""
  tolerateMaster: true
  tolerations: []
  updateStrategy:
    type: RollingUpdate

HOOKS:
MANIFEST:
<output omitted>
---
# Source: metallb/templates/webhooks.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: metallb-webhook-configuration
  labels:
    helm.sh/chart: metallb-0.0.0
    app.kubernetes.io/name: metallb
    app.kubernetes.io/instance: metallb
    app.kubernetes.io/version: "v0.0.0"
    app.kubernetes.io/managed-by: Helm
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-addresspool
  failurePolicy: Fail
  name: addresspoolvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - addresspools
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta2-bgppeer
  failurePolicy: Fail
  name: bgppeervalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta2
    operations:
    - CREATE
    - UPDATE
    resources:
    - bgppeers
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-ipaddresspool
  failurePolicy: Fail
  name: ipaddresspoolvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - ipaddresspools
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-bgpadvertisement
  failurePolicy: Fail
  name: bgpadvertisementvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - bgpadvertisements
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-community
  failurePolicy: Fail
  name: communityvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - communities
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-bfdprofile
  failurePolicy: Fail
  name: bfdprofilevalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - DELETE
    resources:
    - bfdprofiles
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-l2advertisement
  failurePolicy: Fail
  name: l2advertisementvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - l2advertisements
  sideEffects: None

NOTES:
MetalLB is now running in the cluster.

Now you can configure it via its CRs. Please refer to the metallb official docs
on how to use the CRs.

attiss · 2022-10-03T17:55:57Z

test: `Ignore`

helm install --dry-run --debug --set crds.validationFailurePolicy=Ignore metallb .

install.go:192: [debug] Original chart version: ""
install.go:209: [debug] CHART PATH: /Users/attiss/git/metallb/charts/metallb

NAME: metallb
LAST DEPLOYED: Mon Oct  3 19:30:45 2022
NAMESPACE: default
STATUS: pending-install
REVISION: 1
TEST SUITE: None
USER-SUPPLIED VALUES:
crds:
  validationFailurePolicy: Ignore

COMPUTED VALUES:
controller:
  affinity: {}
  enabled: true
  image:
    pullPolicy: null
    repository: quay.io/metallb/controller
    tag: null
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  logLevel: info
  nodeSelector: {}
  podAnnotations: {}
  priorityClassName: ""
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  resources: {}
  runtimeClassName: ""
  securityContext:
    fsGroup: 65534
    runAsNonRoot: true
    runAsUser: 65534
  serviceAccount:
    annotations: {}
    create: true
    name: ""
  strategy:
    type: RollingUpdate
  tolerations: []
crds:
  enabled: true
  global: {}
  validationFailurePolicy: Ignore
fullnameOverride: ""
imagePullSecrets: []
loadBalancerClass: ""
nameOverride: ""
prometheus:
  controllerMetricsTLSSecret: ""
  metricsPort: 7472
  namespace: ""
  podMonitor:
    additionalLabels: {}
    annotations: {}
    enabled: false
    interval: null
    jobLabel: app.kubernetes.io/name
    metricRelabelings: []
    relabelings: []
  prometheusRule:
    additionalLabels: {}
    addressPoolExhausted:
      enabled: true
      labels:
        severity: alert
    addressPoolUsage:
      enabled: true
      thresholds:
      - labels:
          severity: warning
        percent: 75
      - labels:
          severity: warning
        percent: 85
      - labels:
          severity: alert
        percent: 95
    annotations: {}
    bgpSessionDown:
      enabled: true
      labels:
        severity: alert
    configNotLoaded:
      enabled: true
      labels:
        severity: warning
    enabled: false
    extraAlerts: []
    staleConfig:
      enabled: true
      labels:
        severity: warning
  rbacPrometheus: true
  rbacProxy:
    repository: gcr.io/kubebuilder/kube-rbac-proxy
    tag: v0.12.0
  scrapeAnnotations: false
  serviceAccount: ""
  serviceMonitor:
    controller:
      additionalLabels: {}
      annotations: {}
      tlsConfig:
        insecureSkipVerify: true
    enabled: false
    interval: null
    jobLabel: app.kubernetes.io/name
    metricRelabelings: []
    relabelings: []
    speaker:
      additionalLabels: {}
      annotations: {}
      tlsConfig:
        insecureSkipVerify: true
  speakerMetricsTLSSecret: ""
rbac:
  create: true
speaker:
  affinity: {}
  enabled: true
  frr:
    enabled: false
    image:
      pullPolicy: null
      repository: frrouting/frr
      tag: v7.5.1
    metricsPort: 7473
  image:
    pullPolicy: null
    repository: quay.io/metallb/speaker
    tag: null
  livenessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  logLevel: info
  memberlist:
    enabled: true
    mlBindPort: 7946
  nodeSelector: {}
  podAnnotations: {}
  priorityClassName: ""
  readinessProbe:
    enabled: true
    failureThreshold: 3
    initialDelaySeconds: 10
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 1
  resources: {}
  runtimeClassName: ""
  serviceAccount:
    annotations: {}
    create: true
    name: ""
  tolerateMaster: true
  tolerations: []
  updateStrategy:
    type: RollingUpdate

HOOKS:
MANIFEST:
<output omitted>
---
# Source: metallb/templates/webhooks.yaml
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  name: metallb-webhook-configuration
  labels:
    helm.sh/chart: metallb-0.0.0
    app.kubernetes.io/name: metallb
    app.kubernetes.io/instance: metallb
    app.kubernetes.io/version: "v0.0.0"
    app.kubernetes.io/managed-by: Helm
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-addresspool
  failurePolicy: Ignore
  name: addresspoolvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - addresspools
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta2-bgppeer
  failurePolicy: Ignore
  name: bgppeervalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta2
    operations:
    - CREATE
    - UPDATE
    resources:
    - bgppeers
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-ipaddresspool
  failurePolicy: Ignore
  name: ipaddresspoolvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - ipaddresspools
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-bgpadvertisement
  failurePolicy: Ignore
  name: bgpadvertisementvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - bgpadvertisements
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-community
  failurePolicy: Ignore
  name: communityvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - communities
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-bfdprofile
  failurePolicy: Ignore
  name: bfdprofilevalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - DELETE
    resources:
    - bfdprofiles
  sideEffects: None
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: metallb-webhook-service
      namespace: default
      path: /validate-metallb-io-v1beta1-l2advertisement
  failurePolicy: Ignore
  name: l2advertisementvalidationwebhook.metallb.io
  rules:
  - apiGroups:
    - metallb.io
    apiVersions:
    - v1beta1
    operations:
    - CREATE
    - UPDATE
    resources:
    - l2advertisements
  sideEffects: None

NOTES:
MetalLB is now running in the cluster.

Now you can configure it via its CRs. Please refer to the metallb official docs
on how to use the CRs.

attiss · 2022-10-03T17:57:00Z

test: invalid value

helm install --dry-run --debug --set crds.validationFailurePolicy=Invalid metallb .

install.go:192: [debug] Original chart version: ""
install.go:209: [debug] CHART PATH: /Users/attiss/git/metallb/charts/metallb

Error: INSTALLATION FAILED: values don't meet the specifications of the schema(s) in the following chart(s):
metallb:
- crds.validationFailurePolicy: crds.validationFailurePolicy must be one of the following: "Ignore", "Fail"

helm.go:84: [debug] values don't meet the specifications of the schema(s) in the following chart(s):
metallb:
- crds.validationFailurePolicy: crds.validationFailurePolicy must be one of the following: "Ignore", "Fail"

INSTALLATION FAILED
main.newInstallCmd.func2
	helm.sh/helm/v3/cmd/helm/install.go:141
github.com/spf13/cobra.(*Command).execute
	github.com/spf13/cobra@v1.5.0/command.go:872
github.com/spf13/cobra.(*Command).ExecuteC
	github.com/spf13/cobra@v1.5.0/command.go:990
github.com/spf13/cobra.(*Command).Execute
	github.com/spf13/cobra@v1.5.0/command.go:918
main.main
	helm.sh/helm/v3/cmd/helm/helm.go:83
runtime.main
	runtime/proc.go:250
runtime.goexit
	runtime/asm_amd64.s:1594

fedepaol · 2022-10-05T09:46:06Z

@attiss can you run inv helm-docs to regenerate the docs?
Thanks

fedepaol · 2022-10-05T09:47:31Z

charts/metallb/templates/webhooks.yaml

      namespace: {{ .Release.Namespace }}
      path: /validate-metallb-io-v1beta1-addresspool
-  failurePolicy: Fail
+  failurePolicy: {{ default "Fail" .Values.crds.validationFailurePolicy }}


I think there's no need to specify the default here, as long as we add it in values.yaml
same for the following.
cc @gclawes

fair point, it's unnecessary duplication of the default value, updated

fedepaol · 2022-10-05T15:35:11Z

Since you have to change the pr, can you adjust the commit subject and message following our reference https://chris.beams.io/posts/git-commit/ ?
Thanks!

attiss · 2022-10-05T22:35:48Z

Since you have to change the pr, can you adjust the commit subject and message following our reference https://chris.beams.io/posts/git-commit/ ?

Sure, updated! Thank you!

This commit adds a new configuration option to the helm chart: `crds.validationFailurePolicy`. The value is injected into the validating webhook's `failurePolicy` field. Defaults to `Fail`.

fedepaol · 2022-10-06T07:29:18Z

LGTM, thanks!

attiss requested review from fedepaol, gclawes, johananl, oribon, rata and russellb as code owners October 3, 2022 17:47

attiss mentioned this pull request Oct 3, 2022

Provide a deployment option for disabling the webhooks #1598

Closed

fedepaol reviewed Oct 5, 2022

View reviewed changes

Helm: configurable failurePolicy for validating webhooks

af02f48

This commit adds a new configuration option to the helm chart: `crds.validationFailurePolicy`. The value is injected into the validating webhook's `failurePolicy` field. Defaults to `Fail`.

attiss requested review from fedepaol and removed request for gclawes, johananl, oribon, rata and russellb October 5, 2022 22:38

fedepaol added the hacktoberfest-accepted label Oct 6, 2022

Merge branch 'main' into webhook-failurepolicy

076195a

fedepaol merged commit 7aa51fb into metallb:main Oct 6, 2022

cprivitere mentioned this pull request Oct 12, 2022

Add MetalLB 0.13 support kubernetes-sigs/cloud-provider-equinix-metal#322

Closed

eyenx mentioned this pull request Oct 19, 2022

chore(misc/metallb): update to 0.13.x adfinis/helm-charts#834

Merged

6 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

configurable failurePolicy for validating webhooks #1623

configurable failurePolicy for validating webhooks #1623

Uh oh!

attiss commented Oct 3, 2022

Uh oh!

attiss commented Oct 3, 2022

Uh oh!

attiss commented Oct 3, 2022 •

edited

Loading

Uh oh!

attiss commented Oct 3, 2022

Uh oh!

attiss commented Oct 3, 2022

Uh oh!

fedepaol commented Oct 5, 2022

Uh oh!

fedepaol Oct 5, 2022

Uh oh!

attiss Oct 5, 2022

Uh oh!

fedepaol commented Oct 5, 2022

Uh oh!

attiss commented Oct 5, 2022

Uh oh!

fedepaol commented Oct 6, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

configurable failurePolicy for validating webhooks #1623

configurable failurePolicy for validating webhooks #1623

Uh oh!

Conversation

attiss commented Oct 3, 2022

Uh oh!

attiss commented Oct 3, 2022

test: default value

Uh oh!

attiss commented Oct 3, 2022 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

test: Fail

Uh oh!

attiss commented Oct 3, 2022

test: Ignore

Uh oh!

attiss commented Oct 3, 2022

test: invalid value

Uh oh!

fedepaol commented Oct 5, 2022

Uh oh!

fedepaol Oct 5, 2022

Choose a reason for hiding this comment

Uh oh!

attiss Oct 5, 2022

Choose a reason for hiding this comment

Uh oh!

fedepaol commented Oct 5, 2022

Uh oh!

attiss commented Oct 5, 2022

Uh oh!

fedepaol commented Oct 6, 2022

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

attiss commented Oct 3, 2022 •

edited

Loading

test: `Fail`

test: `Ignore`