Migrate to devfile/api v1alpha2 and add conversion webhooks. #197
Conversation
Re-add DevWorkspaceTemplates to CRDs and adjust scripts/gitignore to accomodate them. Signed-off-by: Angel Misevski <[email protected]>
config/components/certificates/cert-manager/kustomizeconfig.yaml
Outdated
Show resolved
Hide resolved
| if err != nil { | ||
| log.Error(err, "Failed to create webhooks") | ||
| os.Exit(1) | ||
| } | ||
|
|
||
| if err := ctrl.NewWebhookManagedBy(mgr).For(&workspacev1alpha1.DevWorkspace{}).Complete(); err != nil { | ||
| log.Error(err, "failed creating conversion webhook") |
There was a problem hiding this comment.
Just curious, if the conversion webhooks fail to create should we exit or just continue without them?
There was a problem hiding this comment.
I believe if the webhooks fail to set up you won't be able to create DevWorkspaces -- when you create a DevWorkspace it calls the conversion webhooks (at least for the v1alpha1 case) and if it can't get a response it blocks creation.
Also surprising info about how conversion works: If you specify conversion: none in the CRD, you can "get" a v1alpha2-spec workspace that is just the v1alpha1 and a wrong GVK 🤷
|
I just tried the testing instructions and everything was working as expected. For some reason my I tried the local run/debug and I get: |
Update dependency on devfile/api to commit 1103496. This is required as this commit contains both v1alpha1 and v1alpha2 APIs as well as conversion code. Signed-off-by: Angel Misevski <[email protected]>
* Configure `make manifests` to generate v1 CRDs (instead of v1beta1) to resolve a validation issue (v1beta CRDs cannot define default fields) * Fix patch_crds.sh to patch v1 CRDs instead of v1beta1 * Add rule for restarting the webhooks server * Add rule for installing cert-manager to a cluster Signed-off-by: Angel Misevski <[email protected]>
Update all code to use v1alpha2 instead of v1alpha1. In general this is a straightforward switching of imports, but some changes are required: * Change in devfile structure (move keys up a level) means that some vistior-based code no longer works in the same way (visitor functions cannot get key), so they're reworked into a switch statement * Some methods can now return an error. * Devfile API v1alpha2 removes a duplicated memoryLimit feild from containers, and other minor changes for compatibility. Signed-off-by: Angel Misevski <[email protected]>
Signed-off-by: Angel Misevski <[email protected]>
Clean up unused/autogenerated code from config/ directory. A lot of it won't work for our use case, and some of it is out of date (e.g. v1beta1 cert-manager certificates when v1 is available) Signed-off-by: Angel Misevski <[email protected]>
Signed-off-by: Angel Misevski <[email protected]>
Signed-off-by: Angel Misevski <[email protected]>
Signed-off-by: Angel Misevski <[email protected]>
Update separate webhooks server to create conversion webhooks. This means we can no longer generate a certificate at runtime, and must instead use a certificate that is included in the DevWorkspace CRD specs. Signed-off-by: Angel Misevski <[email protected]>
Attempting to apply CRDs when they already exist on the cluster hangs indefinitely for unclear reasons. Signed-off-by: Angel Misevski <[email protected]>
Signed-off-by: Angel Misevski <[email protected]>
Signed-off-by: Angel Misevski <[email protected]>
v1alpha2 introduces default values for Endpoint.Exposure and Endpoint.Protocol. When left empty, they are populated by the API server which causes spec vs cluster comparisons to always fail. Signed-off-by: Angel Misevski <[email protected]>
Signed-off-by: Angel Misevski <[email protected]>
Fix issue when running locally, where the operator expects environment variable WEBHOOK_SECRET_NAME to be set according to the secret generated by cert-manager. For now, we export a hard-coded secret name in the Makefile when trying to run/debug locally. Signed-off-by: Angel Misevski <[email protected]>
Reflecting devfile/api PR devfile/api#214 Cherry-picked from commit cdef6dc and adapted slightly Signed-off-by: David Festal <[email protected]>
Signed-off-by: David Festal <[email protected]>
Signed-off-by: David Festal <[email protected]>
Signed-off-by: David Festal <[email protected]>
Signed-off-by: Angel Misevski <[email protected]>
Signed-off-by: David Festal <[email protected]>
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: amisevsk, JPinkney, sleshchenko The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
1 similar comment
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: amisevsk, JPinkney, sleshchenko The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
* Move config/components/certificates/cert-manager to /config/components/cert-manager since there's no other files required for deploying certs * Move common labels to last-step kustomizations * Remove namespace from base as it cannot be changed * Add plantuml diagram documenting structure of kustomize directories Signed-off-by: Angel Misevski <[email protected]>
|
New changes are detected. LGTM label has been removed. |
Signed-off-by: Angel Misevski <[email protected]>
|
Pushed a couple of last-minute fixups:
|
|
/test v5-devworkspaces-operator-e2e |
Signed-off-by: Angel Misevski <[email protected]>
|
/test v5-devworkspaces-operator-e2e |
|
/retest |
| @@ -64,13 +64,3 @@ func (w *Deployment) DeployWorkspacesController() error { | |||
|
|
|||
| return nil | |||
| } | |||
|
|
|||
| func (w *Deployment) CustomResourceDefinitions() error { | |||
There was a problem hiding this comment.
Is it really removed from Makefile https://github.com/amisevsk/devworkspace-operator/blob/add-conversion-v1alpha2/Makefile ?
Or it just does not make sense to execute it separately since e2e tests do make install, which includes crds installing as well?
|
test is failing because it can't initialize CRDs: |
|
/test v5-devworkspaces-operator-e2e |
1 similar comment
|
/test v5-devworkspaces-operator-e2e |
sleshchenko
force-pushed
the
add-conversion-v1alpha2
branch
from
941d553 to
e7e788d
Compare
|
Something strange happens with tests. I think the PR can be merged without this PR check if |
|
/test v5-devworkspaces-operator-e2e |
|
Found a bug which may cause tests failure on CI, at least it cause my local failure, controller tries to update components forever because of difference in sourceMapping See diff from debug logs{
"wanted": {
"spec": {
"workspaceId": "workspace267da45101b44759",
"components": [
{
"name": "dev",
"container": {
"image": "quay.io/wto/web-terminal-tooling:latest",
"env": [
{
"name": "PS1",
"value": "\\[\\e[34m\\]>\\[\\e[m\\]\\[\\e[33m\\]>\\[\\e[m\\]"
}
],
"memoryLimit": "256Mi",
"args": [
"tail",
"-f",
"/dev/null"
]
}
}
]
}
},
"clusterComponent": {
"spec": {
"workspaceId": "workspace267da45101b44759",
"components": [
{
"name": "dev",
"container": {
"image": "quay.io/wto/web-terminal-tooling:latest",
"env": [
{
"name": "PS1",
"value": "\\[\\e[34m\\]>\\[\\e[m\\]\\[\\e[33m\\]>\\[\\e[m\\]"
}
],
"memoryLimit": "256Mi",
"args": [
"tail",
"-f",
"/dev/null"
],
"sourceMapping": "/projects"
}
}
]
}
}
}I assume component CRD needs to be updated. |
|
/test v5-devworkspaces-operator-e2e |
Running an older container (centos:7) causes the update_devworkspace_crds.sh script to fail with error: fatal: reference is not a tree: aeda60d4361911da851 This appears to be due to different behavior for git-fetch in older versions (centos 7 uses 1.8.3.1). Signed-off-by: Angel Misevski <[email protected]>
|
/test v5-devworkspaces-operator-e2e |
|
@sleshchenko I tested again on crc and was able to start up a cloud-shell workspace -- no idea why it's failing in CI now. I'll look into the souremapping issue, it may be causing a problem but it's not clear why. |
The devfile/api ContainerComponent spec sets default values, e.g. for sourceMapping. Once a resource is created on the cluster, these defaults will be applied, and so defaulted fields must have a defined value in the static spec we use to create resources -- otherwise the controller should detect a difference and attempt to reconcile it away. Signed-off-by: Angel Misevski <[email protected]>
|
/test v5-devworkspaces-operator-e2e |
|
Merging to unblock all progress on the operator. |
What does this PR do?
Switches the devworkspace-operator to use
v1alpha2devworkspaces, and implements conversion webhooks. Currently this is done by updatinggo.modto point at devfile/api#213, as that PR is not yet merged.To avoid too many temporary changes in the repo (changing where devworkspace CRDs are downloaded from), you'll have to manually copy in the CRDs generated in devfile/api#213 to
config/crd/bases/:What issues does this PR fix or reference?
Resolves #189
Is it tested? How?
To test this PR (on minikube, for now):
0. Set env vars as usual for development
make install_cert_managermake docker installconversion webhook enabledappears inkubectl logs -f deploy/devworkspace-webhook-serverkubectl apply -f samples/theia.yamlRemaining TODOs
WEBHOOKS_ENABLEDworks, perhaps disabling the mutating and validating webhooks when set to false but still deploying the webhooks serverminikube, without those changes, the secondmake installfails. You can test this bymake install.v1version of the CRD is not an error when a `v1beta1 CRD with the same GVK is present