Skip to content

feat: validate envFrom secret/cm references exist#63

Merged
k8s-ci-robot merged 1 commit into
kubernetes-sigs:mainfrom
Cali0707:validate-cm-secret-envfrom
Mar 26, 2026
Merged

feat: validate envFrom secret/cm references exist#63
k8s-ci-robot merged 1 commit into
kubernetes-sigs:mainfrom
Cali0707:validate-cm-secret-envfrom

Conversation

@Cali0707
Copy link
Copy Markdown
Member

@Cali0707 Cali0707 commented Mar 24, 2026

Fixes #10

This finished up the validation that was mostly already implemented. In particular, while we were validating secrets/configmaps when mounting them to the deployment, we were not validating them when using in envFrom.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Mar 24, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 24, 2026

Hi @Cali0707. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work.

Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@Cali0707
Copy link
Copy Markdown
Member Author

Cali0707 commented Mar 24, 2026

/cc @aliok @jaideepr97 @matzew

@k8s-ci-robot k8s-ci-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Mar 24, 2026
@k8s-ci-robot k8s-ci-robot requested a review from matzew March 24, 2026 19:05
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 24, 2026

@Cali0707: GitHub didn't allow me to request PR reviews from the following users: aliok, jaideepr97.

Note that only kubernetes-sigs members and repo collaborators can review this PR, and authors cannot review their own PRs.

Details

In response to this:

/cc @aliok @jaideepr97 @matzew

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

jaideepr97
jaideepr97 approved these changes Mar 24, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jaideepr97 jaideepr97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

thanks @Cali0707!
one minor nit but LGTM overall

Comment thread internal/controller/mcpserver_controller.go Outdated
}
if len(mcpServer.Spec.Config.EnvFrom) > 0 {
container.EnvFrom = mcpServer.Spec.Config.EnvFrom

Copy link
Copy Markdown
Member

@jaideepr97 jaideepr97 Mar 24, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: maybe the verification logic should come before the assignment of container.EnvFrom

Copy link
Copy Markdown
Member

@matzew matzew Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1 on that

@aliok
Copy link
Copy Markdown
Member

aliok commented Mar 25, 2026

/approve
LGTM!

@matzew
Copy link
Copy Markdown
Member

matzew commented Mar 25, 2026

@Cali0707 needs a rebase

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 25, 2026
@Cali0707 Cali0707 force-pushed the validate-cm-secret-envfrom branch from 8e9fb5b to 801bb17 Compare March 25, 2026 14:09
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 25, 2026
@Cali0707
Copy link
Copy Markdown
Member Author

Cali0707 commented Mar 25, 2026

@matzew rebased and fixed the nit from @jaideepr97

matzew
matzew reviewed Mar 25, 2026
View reviewed changes
Comment thread internal/controller/mcpserver_controller_test.go
EnvFrom: []corev1.EnvFromSource{
{
ConfigMapRef: &corev1.ConfigMapEnvSource{
LocalObjectReference: corev1.LocalObjectReference{Name: "nonexistent-configmap"},
Copy link
Copy Markdown
Member

@matzew matzew Mar 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we have equivalent test with a SecretRef pointing to a nonexistent Secret ?

@Cali0707
feat: validate envFrom secret/cm references exist
d4f12e7 
Signed-off-by: Calum Murray <cmurray@redhat.com>
@Cali0707 Cali0707 force-pushed the validate-cm-secret-envfrom branch from 801bb17 to d4f12e7 Compare March 25, 2026 19:11
jaideepr97
jaideepr97 approved these changes Mar 25, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@jaideepr97 jaideepr97 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks @Cali0707 !

matzew
matzew approved these changes Mar 26, 2026
View reviewed changes
Copy link
Copy Markdown
Member

@matzew matzew left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 26, 2026
@k8s-ci-robot
Copy link
Copy Markdown
Contributor

k8s-ci-robot commented Mar 26, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: aliok, Cali0707, jaideepr97, matzew

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 26, 2026
@k8s-ci-robot k8s-ci-robot merged commit 32e0ae7 into kubernetes-sigs:main Mar 26, 2026
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@matzew matzew matzew approved these changes

@ArangoGutierrez ArangoGutierrez Awaiting requested review from ArangoGutierrez

@soltysh soltysh Awaiting requested review from soltysh

+1 more reviewer

@jaideepr97 jaideepr97 jaideepr97 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@matzew matzew

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Better UX when CM/others can't be mounted

5 participants

@Cali0707 @k8s-ci-robot @aliok @matzew @jaideepr97