-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
operator: Clean up webhook when disabled #11432
Conversation
testing result before and after webhook enable and disabled srai@192 ~ (disable-webhook-openshift) $ kc get issuers.cert-manager.io
NAME READY AGE
selfsigned-issuer True 3m33s
~/go/src/github.com/rook
srai@192 ~ (disable-webhook-openshift) $ kc get certificates
NAME READY SECRET AGE
rook-admission-controller-cert True rook-ceph-admission-controller 3m33s
~/go/src/github.com/rook
srai@192 ~ (disable-webhook-openshift) $ kc get validatingwebhookconfigurations.admissionregistration.k8s.io
NAME WEBHOOKS AGE
cert-manager-webhook 1 12m
rook-ceph-webhook 5 3m35s
~/go/src/github.com/rook
srai@192 ~ (disable-webhook-openshift) $ kc get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
rook-ceph-admission-controller ClusterIP 10.101.113.45 <none> 443/TCP 3m39s
rook-ceph-mgr ClusterIP 10.109.205.137 <none> 9283/TCP 5m34s
rook-ceph-mgr-dashboard ClusterIP 10.103.84.30 <none> 7000/TCP 5m34s
rook-ceph-mon-a ClusterIP 10.104.13.92 <none> 6789/TCP,3300/TCP 6m22s
~/go/src/github.com/rook
srai@192 ~ (disable-webhook-openshift) $ kc get issuers.cert-manager.io
No resources found in rook-ceph namespace.
~/go/src/github.com/rook
srai@192 ~ (disable-webhook-openshift) $ kc get certificates
No resources found in rook-ceph namespace.
~/go/src/github.com/rook
srai@192 ~ (disable-webhook-openshift) $ kc get validatingwebhookconfigurations.admissionregistration.k8s.io
NAME WEBHOOKS AGE
cert-manager-webhook 1 14m
~/go/src/github.com/rook
srai@192 ~ (disable-webhook-openshift) $ kc get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
rook-ceph-mgr ClusterIP 10.109.205.137 <none> 9283/TCP 8m
rook-ceph-mgr-dashboard ClusterIP 10.103.84.30 <none> 7000/TCP 8m
rook-ceph-mon-a ClusterIP 10.104.13.92 <none> 6789/TCP,3300/TCP 8m48s
rook-ceph-rgw-my-store ClusterIP 10.111.243.80 <none> 80/TCP 28s |
091a28f
to
b7a9163
Compare
btw @travisn anything in the below check needs to be updated rook/pkg/apis/ceph.rook.io/v1/cluster.go Lines 49 to 58 in e90f7ce
since original error is coming from above only
|
b7a9163
to
8f7dd2e
Compare
deploy/olm/generate-rook-csv.sh
Outdated
@@ -213,6 +213,8 @@ function generate_package() { | |||
function apply_rook_op_img() { | |||
"${YQ_CMD_WRITE[@]}" "$CSV_FILE_NAME" metadata.annotations.containerImage "$ROOK_OP_VERSION" | |||
"${YQ_CMD_WRITE[@]}" "$CSV_FILE_NAME" spec.install.spec.deployments[0].spec.template.spec.containers[0].image "$ROOK_OP_VERSION" | |||
"${YQ_CMD_WRITE[@]}" "$CSV_FILE_NAME" spec.install.spec.deployments[0].spec.template.spec.containers[0].env[6].value "true" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The env[6]
could be brittle if another env var is added or removed. Instead of replacing the value like this, I wonder if it would be simpler to leave the env var out of the operator-openshift.yaml, and append the env var here with yq.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this is something I tried most of the time today to make more generalize and I was able to do it is possible wit yq 4.x but currently in rook csv generation its hard requirements 3.x
8f7dd2e
to
6332578
Compare
disable webhook in downstream cluster. Signed-off-by: subhamkrai <srai@redhat.com>
6332578
to
159fe3a
Compare
} | ||
return nil | ||
logger.Info("deleting webhook cert manager Issuer %s", issuerName) | ||
_ = certMgrClient.Issuers(namespace).Delete(ctx, issuerName, metav1.DeleteOptions{}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@travisn should we log this error message for debugging in case of any failures?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
oh, just missed this message. Yes we should at least log the failures even if we don't fail on them.
@subhamkrai How about a follow up PR?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
here #11448
operator: disable webhook by default (backport #11432)
disable webhook in the downstream cluster.
Signed-off-by: subhamkrai srai@redhat.com
Description of your changes:
Which issue is resolved by this Pull Request:
Resolves #
Checklist:
skip-ci
on the PR.