-
Notifications
You must be signed in to change notification settings - Fork 543
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Admission webhoooks #1436
Admission webhoooks #1436
Conversation
@@ -45,6 +47,14 @@ func NewInstallStrategyDeploymentClient(opClient operatorclient.ClientInterface, | |||
} | |||
} | |||
|
|||
func (c *InstallStrategyDeploymentClientForNamespace) GetOpClient() operatorclient.ClientInterface { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be cleaned up in refactor.
return c.opClient | ||
} | ||
|
||
func (c *InstallStrategyDeploymentClientForNamespace) GetOpLister() operatorlister.OperatorLister { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should be cleaned up in refactor.
77bc8a4
to
2c60954
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two suggestions
ec8d5e3
to
2c029d5
Compare
How will this be exposed to Ansible operators? |
/retest |
1 similar comment
/retest |
/retest The following tests failed but ran locally
|
/retest |
That's probably a question for operator-sdk. This is for packaging / installing an admission webhook with your operator, and doesn't have any opinions about how the webhook is implemented. @jmazzitelli |
2c029d5
to
46ce701
Compare
e77a2bf
to
8838e17
Compare
@@ -163,6 +246,7 @@ type ClusterServiceVersionSpec struct { | |||
Maturity string | |||
CustomResourceDefinitions CustomResourceDefinitions | |||
APIServiceDefinitions APIServiceDefinitions | |||
WebhookDefinitions []WebhookDescription |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo: the slice should be []WebhookDefinitions
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wanted to keep it similar to APIServiceDefinitions
, I'm not opposed to changing the variable (API) name though.
@@ -191,6 +276,8 @@ type ClusterServiceVersionSpec struct { | |||
CustomResourceDefinitions CustomResourceDefinitions `json:"customresourcedefinitions,omitempty"` | |||
APIServiceDefinitions APIServiceDefinitions `json:"apiservicedefinitions,omitempty"` | |||
// +listType=set | |||
WebhookDefinitions []WebhookDescription `json:"webhookdefinitions,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
typo: the slice should be []WebhookDefinitions ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See this comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks really good, and I think you've set it up well for the planned refactoring to these parts.
I left a few comments for small things, the only thing that I'm concerned about addressing is the 0.14.2 release (should be my first comment in this review)
previousStrategy: previousStrategy, | ||
templateAnnotations: templateAnnotations, | ||
initializers: initializers, | ||
apiServiceDescriptions: apiDescs, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
refactor suggestion: is there a way we can model the apidescriptions/webhookdescriptions as just more initializer
functions?
@@ -1366,6 +1367,14 @@ func (a *Operator) transitionCSVState(in v1alpha1.ClusterServiceVersion) (out *v | |||
return | |||
} | |||
|
|||
// Check if Webhooks have valid rules | |||
for _, desc := range out.Spec.WebhookDefinitions { | |||
if syncError = install.ValidWebhookRules(desc.Rules); syncError != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
future nit: we should tie these validations to the the validation library used in opm
/test e2e-gcp |
/retest |
3 similar comments
/retest |
/retest |
/retest |
/retest Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest Please review the full test history for this PR and help us cut down flakes. |
/retest |
Closed and reopened to kick off tests after another PR was merged. |
/retest |
3 similar comments
/retest |
/retest |
/retest |
This commit introduces a change that moves the APIService install logic to the installer.
This commit introduces OLM support for validating and mutating admission webhooks by updating the ClusterServiceVersion CRD to include a WebhooksDefinitions array. In the current iteration, OLM supports cycling the CA Certs required for webhooks.
2ca6a24
to
468d1f6
Compare
New changes are detected. LGTM label has been removed. |
/retest |
2 similar comments
/retest |
/retest |
@awgreene: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
Passing e2e-aws, e2e-gcp is broken right now - manually merging as a result |
This PR introduces OLM support for validating and mutating admission
webhooks by updating the ClusterServiceVersion CRD to include a
WebhooksDefinitions array. In the current iteration, OLM supports
cycling the CA Certs required for webhooks.