Admission webhoooks #1436
Admission webhoooks #1436
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
| @@ -45,6 +47,14 @@ func NewInstallStrategyDeploymentClient(opClient operatorclient.ClientInterface, | |||
| } | |||
| } | |||
|
|
|||
| func (c *InstallStrategyDeploymentClientForNamespace) GetOpClient() operatorclient.ClientInterface { | |||
There was a problem hiding this comment.
Should be cleaned up in refactor.
| return c.opClient | ||
| } | ||
|
|
||
| func (c *InstallStrategyDeploymentClientForNamespace) GetOpLister() operatorlister.OperatorLister { |
There was a problem hiding this comment.
Should be cleaned up in refactor.
awgreene
force-pushed
the
admission-webhoooks
branch
2 times, most recently
from
77bc8a4
to
2c60954
Compare
awgreene
force-pushed
the
admission-webhoooks
branch
4 times, most recently
from
ec8d5e3
to
2c029d5
Compare
|
How will this be exposed to Ansible operators? |
|
/retest |
1 similar comment
|
/retest |
|
/retest The following tests failed but ran locally |
|
/retest |
That's probably a question for operator-sdk. This is for packaging / installing an admission webhook with your operator, and doesn't have any opinions about how the webhook is implemented. @jmazzitelli |
awgreene
force-pushed
the
admission-webhoooks
branch
from
2c029d5
to
46ce701
Compare
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
awgreene
force-pushed
the
admission-webhoooks
branch
from
e77a2bf
to
8838e17
Compare
| @@ -163,6 +246,7 @@ type ClusterServiceVersionSpec struct { | |||
| Maturity string | |||
| CustomResourceDefinitions CustomResourceDefinitions | |||
| APIServiceDefinitions APIServiceDefinitions | |||
| WebhookDefinitions []WebhookDescription | |||
There was a problem hiding this comment.
typo: the slice should be []WebhookDefinitions ?
There was a problem hiding this comment.
I wanted to keep it similar to APIServiceDefinitions, I'm not opposed to changing the variable (API) name though.
| @@ -191,6 +276,8 @@ type ClusterServiceVersionSpec struct { | |||
| CustomResourceDefinitions CustomResourceDefinitions `json:"customresourcedefinitions,omitempty"` | |||
| APIServiceDefinitions APIServiceDefinitions `json:"apiservicedefinitions,omitempty"` | |||
| // +listType=set | |||
| WebhookDefinitions []WebhookDescription `json:"webhookdefinitions,omitempty"` | |||
There was a problem hiding this comment.
typo: the slice should be []WebhookDefinitions ?
| previousStrategy: previousStrategy, | ||
| templateAnnotations: templateAnnotations, | ||
| initializers: initializers, | ||
| apiServiceDescriptions: apiDescs, |
There was a problem hiding this comment.
refactor suggestion: is there a way we can model the apidescriptions/webhookdescriptions as just more initializer functions?
| @@ -1366,6 +1367,14 @@ func (a *Operator) transitionCSVState(in v1alpha1.ClusterServiceVersion) (out *v | |||
| return | |||
| } | |||
|
|
|||
| // Check if Webhooks have valid rules | |||
| for _, desc := range out.Spec.WebhookDefinitions { | |||
| if syncError = install.ValidWebhookRules(desc.Rules); syncError != nil { | |||
There was a problem hiding this comment.
future nit: we should tie these validations to the the validation library used in opm
|
/test e2e-gcp |
|
/retest |
3 similar comments
|
/retest |
|
/retest |
|
/retest |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
2 similar comments
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
/retest |
|
Closed and reopened to kick off tests after another PR was merged. |
|
/retest |
3 similar comments
|
/retest |
|
/retest |
|
/retest |
This commit introduces a change that moves the APIService install logic to the installer.
This commit introduces OLM support for validating and mutating admission webhooks by updating the ClusterServiceVersion CRD to include a WebhooksDefinitions array. In the current iteration, OLM supports cycling the CA Certs required for webhooks.
awgreene
force-pushed
the
admission-webhoooks
branch
from
2ca6a24
to
468d1f6
Compare
|
New changes are detected. LGTM label has been removed. |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
|
@awgreene: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Passing e2e-aws, e2e-gcp is broken right now - manually merging as a result |
This PR introduces OLM support for validating and mutating admission
webhooks by updating the ClusterServiceVersion CRD to include a
WebhooksDefinitions array. In the current iteration, OLM supports
cycling the CA Certs required for webhooks.