Skip to content

Commit

Permalink
Switch to failurePolicy: Ignore by default for webhooks (#309)
Browse files Browse the repository at this point in the history 
Signed-off-by: Tamal Saha <tamal@appscode.com>
  • Loading branch information
@tamalsaha
tamalsaha committed Jul 15, 2023
1 parent 3cf0dd9 commit 05218a8
Show file tree
Hide file tree
Showing 15 changed files with 92 additions and 30 deletions.
2 changes: 1 addition & 1 deletion apis/installer/v1alpha1/stash_community_types.go
View file
Expand Up @@ -78,7 +78,7 @@ type StashCommunitySpec struct {
// +optional
PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"`
ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
Apiserver WebHookSpec `json:"apiserver"`
Apiserver WebhookAPIServerSpec `json:"apiserver"`
Monitoring Monitoring `json:"monitoring"`
Security SecuritySpec `json:"security"`
//+optional
Expand Down
2 changes: 1 addition & 1 deletion apis/installer/v1alpha1/stash_enterprise_types.go
View file
Expand Up @@ -78,7 +78,7 @@ type StashEnterpriseSpec struct {
// +optional
PodSecurityContext *core.PodSecurityContext `json:"podSecurityContext"`
ServiceAccount ServiceAccountSpec `json:"serviceAccount"`
Apiserver WebHookSpec `json:"apiserver"`
Apiserver WebhookAPIServerSpec `json:"apiserver"`
Monitoring Monitoring `json:"monitoring"`
Security SecuritySpec `json:"security"`
//+optional
Expand Down
7 changes: 6 additions & 1 deletion apis/installer/v1alpha1/types.go
View file
Expand Up @@ -62,7 +62,7 @@ type ServiceAccountSpec struct {
Annotations map[string]string `json:"annotations"`
}

type WebHookSpec struct {
type WebhookAPIServerSpec struct {
GroupPriorityMinimum int32 `json:"groupPriorityMinimum"`
VersionPriority int32 `json:"versionPriority"`
EnableMutatingWebhook bool `json:"enableMutatingWebhook"`
Expand All @@ -73,6 +73,11 @@ type WebHookSpec struct {
UseKubeapiserverFqdnForAks bool `json:"useKubeapiserverFqdnForAks"`
Healthcheck HealthcheckSpec `json:"healthcheck"`
ServingCerts ServingCerts `json:"servingCerts"`
Webhook WebhookSpec `json:"webhook"`
}

type WebhookSpec struct {
FailurePolicy string `json:"failurePolicy"`
}

type ServingCerts struct {
Expand Down
25 changes: 21 additions & 4 deletions apis/installer/v1alpha1/zz_generated.deepcopy.go
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

1 change: 1 addition & 0 deletions charts/stash-community/README.md
View file
Expand Up @@ -99,6 +99,7 @@ The following table lists the configurable parameters of the `stash-community` c
| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | <code>""</code> |
| apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | <code>""</code> |
| apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | <code>""</code> |
| apiserver.webhook.failurePolicy | | <code>Ignore</code> |
| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | <code>""</code> |
| monitoring.backup | Specify whether to monitor Stash backup and recovery | <code>false</code> |
| monitoring.operator | Specify whether to monitor Stash operator | <code>false</code> |
Expand Down
10 changes: 5 additions & 5 deletions charts/stash-community/templates/mutating-webhook.yaml
View file
Expand Up @@ -31,7 +31,7 @@ webhooks:
resources:
- deployments
admissionReviewVersions: ["v1beta1"]
failurePolicy: Ignore
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -54,7 +54,7 @@ webhooks:
resources:
- daemonsets
admissionReviewVersions: ["v1beta1"]
failurePolicy: Ignore
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -75,7 +75,7 @@ webhooks:
resources:
- statefulsets
admissionReviewVersions: ["v1beta1"]
failurePolicy: Ignore
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -97,7 +97,7 @@ webhooks:
resources:
- deploymentconfigs
admissionReviewVersions: ["v1beta1"]
failurePolicy: Ignore
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -119,7 +119,7 @@ webhooks:
resources:
- restoresessions
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand Down
10 changes: 5 additions & 5 deletions charts/stash-community/templates/validating-webhook.yaml
View file
Expand Up @@ -30,7 +30,7 @@ webhooks:
resources:
- restics
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -52,7 +52,7 @@ webhooks:
resources:
- recoveries
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -74,7 +74,7 @@ webhooks:
resources:
- repositories
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -96,7 +96,7 @@ webhooks:
resources:
- restoresessions
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -118,7 +118,7 @@ webhooks:
resources:
- backupconfigurations
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand Down
8 changes: 8 additions & 0 deletions charts/stash-community/values.openapiv3_schema.yaml
View file
Expand Up @@ -790,6 +790,13 @@ properties:
versionPriority:
format: int32
type: integer
webhook:
properties:
failurePolicy:
type: string
required:
- failurePolicy
type: object
required:
- ca
- enableMutatingWebhook
Expand All @@ -799,6 +806,7 @@ properties:
- servingCerts
- useKubeapiserverFqdnForAks
- versionPriority
- webhook
type: object
cleaner:
properties:
Expand Down
3 changes: 3 additions & 0 deletions charts/stash-community/values.yaml
View file
Expand Up @@ -171,6 +171,9 @@ apiserver:
serverCrt: ""
# Private key for the serving certificate used by webhook server.
serverKey: ""
webhook:
failurePolicy: Ignore

monitoring:
# Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin")
agent: ""
Expand Down
1 change: 1 addition & 0 deletions charts/stash-enterprise/README.md
View file
Expand Up @@ -99,6 +99,7 @@ The following table lists the configurable parameters of the `stash-enterprise`
| apiserver.servingCerts.caCrt | CA certficate used by serving certificate of webhook server. | <code>""</code> |
| apiserver.servingCerts.serverCrt | Serving certficate used by webhook server. | <code>""</code> |
| apiserver.servingCerts.serverKey | Private key for the serving certificate used by webhook server. | <code>""</code> |
| apiserver.webhook.failurePolicy | | <code>Ignore</code> |
| monitoring.agent | Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin") | <code>""</code> |
| monitoring.backup | Specify whether to monitor Stash backup and recovery | <code>false</code> |
| monitoring.operator | Specify whether to monitor Stash operator | <code>false</code> |
Expand Down
10 changes: 5 additions & 5 deletions charts/stash-enterprise/templates/mutating-webhook.yaml
View file
Expand Up @@ -31,7 +31,7 @@ webhooks:
resources:
- deployments
admissionReviewVersions: ["v1beta1"]
failurePolicy: Ignore
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -54,7 +54,7 @@ webhooks:
resources:
- daemonsets
admissionReviewVersions: ["v1beta1"]
failurePolicy: Ignore
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -75,7 +75,7 @@ webhooks:
resources:
- statefulsets
admissionReviewVersions: ["v1beta1"]
failurePolicy: Ignore
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -97,7 +97,7 @@ webhooks:
resources:
- deploymentconfigs
admissionReviewVersions: ["v1beta1"]
failurePolicy: Ignore
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -119,7 +119,7 @@ webhooks:
resources:
- restoresessions
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand Down
16 changes: 8 additions & 8 deletions charts/stash-enterprise/templates/validating-webhook.yaml
View file
Expand Up @@ -30,7 +30,7 @@ webhooks:
resources:
- restics
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -52,7 +52,7 @@ webhooks:
resources:
- recoveries
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -74,7 +74,7 @@ webhooks:
resources:
- repositories
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -96,7 +96,7 @@ webhooks:
resources:
- restoresessions
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -118,7 +118,7 @@ webhooks:
resources:
- restorebatches
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -140,7 +140,7 @@ webhooks:
resources:
- backupconfigurations
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -162,7 +162,7 @@ webhooks:
resources:
- backupbatches
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand All @@ -184,7 +184,7 @@ webhooks:
resources:
- backupblueprints
admissionReviewVersions: ["v1beta1"]
failurePolicy: Fail
failurePolicy: {{ .Values.apiserver.webhook.failurePolicy }}
{{- if and (ge $major 1) (ge $minor 12) }}
sideEffects: None
{{- end }}
Expand Down
8 changes: 8 additions & 0 deletions charts/stash-enterprise/values.openapiv3_schema.yaml
View file
Expand Up @@ -790,6 +790,13 @@ properties:
versionPriority:
format: int32
type: integer
webhook:
properties:
failurePolicy:
type: string
required:
- failurePolicy
type: object
required:
- ca
- enableMutatingWebhook
Expand All @@ -799,6 +806,7 @@ properties:
- servingCerts
- useKubeapiserverFqdnForAks
- versionPriority
- webhook
type: object
cleaner:
properties:
Expand Down
3 changes: 3 additions & 0 deletions charts/stash-enterprise/values.yaml
View file
Expand Up @@ -171,6 +171,9 @@ apiserver:
serverCrt: ""
# Private key for the serving certificate used by webhook server.
serverKey: ""
webhook:
failurePolicy: Ignore

monitoring:
# Name of monitoring agent (one of "prometheus.io", "prometheus.io/operator", "prometheus.io/builtin")
agent: ""
Expand Down

0 comments on commit 05218a8

Please sign in to comment.