Add MachineSet ControlPlane webhooks #617
Conversation
openshift-ci-robot
added
the
do-not-merge/work-in-progress
| apiVersions: | ||
| - v1beta1 | ||
| operations: | ||
| - UPDATE |
There was a problem hiding this comment.
The unit tests don't seem to like this being here.
|
FYI, this PR caused a failure when running |
michaelgugino
force-pushed
the
machineset-cp-vwh
branch
from
fcbca8b to
9c9b3d8
Compare
michaelgugino
changed the title
openshift-ci-robot
removed
the
do-not-merge/work-in-progress
| @@ -39,3 +39,5 @@ replace sigs.k8s.io/cluster-api-provider-aws => github.com/openshift/cluster-api | |||
| replace sigs.k8s.io/cluster-api-provider-azure => github.com/openshift/cluster-api-provider-azure v0.1.0-alpha.3.0.20200529030741-17d4edc5142f | |||
|
|
|||
| replace sigs.k8s.io/cluster-api-provider-gcp => github.com/openshift/cluster-api-provider-gcp v0.0.1-0.20200528175251-4f2fdeb49fe1 | |||
|
|
|||
| replace sigs.k8s.io/controller-runtime => github.com/mgugino-upstream-stage/controller-runtime v0.6.1-0.20200618201807-9d82bf2a7266 | |||
There was a problem hiding this comment.
kubernetes-sigs/controller-runtime#1005
This is an outstanding issue from controller-runtime. If we want to test webhooks dynamically like this, we need this patch or some other alternative.
michaelgugino
force-pushed
the
machineset-cp-vwh
branch
from
13bb386 to
52baca0
Compare
|
|
||
| // TODO(michaelgugino): Ensure we account for MachineDeployment ownership | ||
| // of a CP machineset in the future if we use them. | ||
| return admission.Denied(fmt.Sprintf("Requested %v of Control Plane MachineSet Not Allowed.", req.Operation)) |
There was a problem hiding this comment.
Would be nice to have a better error on this, as in, more descriptive of the actual reason why we are rejecting it, I wonder if we could break the logic up so we have a the update and delete handled separately?
|
|
||
| } | ||
|
|
||
| func isCPMS(ms *MachineSet) bool { |
There was a problem hiding this comment.
Not a fan of acronyms in code, any reason not to call this isControlPlaneMachineSet so that you don't need context to understand it?
|
|
||
| // If the user is updating a CP MachineSet, as long as machine role is | ||
| // unchanged, we're ok. | ||
| if newMS != nil && isCPMS(newMS) && isCPMS(oldMS) { |
There was a problem hiding this comment.
newMS is never nil since you initialise it on line 46, so this will always check newMS for the annotations
| close(done) | ||
| <-stopped | ||
| }() | ||
|
|
There was a problem hiding this comment.
Might be worth checking the server has started with
gs.Eventually(func() (bool, error) {
resp, err := insecureHTTPClient.Get(fmt.Sprintf("https://127.0.0.1:%d", testEnv.WebhookInstallOptions.LocalServingPort))
if err != nil {
return false, err
}
return resp.StatusCode == 404, nil
}).Should(BeTrue())
| close(done) | ||
| <-stopped | ||
| }() | ||
|
|
There was a problem hiding this comment.
Might be worth checking the server has started with
gs.Eventually(func() (bool, error) {
resp, err := insecureHTTPClient.Get(fmt.Sprintf("https://127.0.0.1:%d", testEnv.WebhookInstallOptions.LocalServingPort))
if err != nil {
return false, err
}
return resp.StatusCode == 404, nil
}).Should(BeTrue())
c4f2c30 to
3fdfdb6
Compare
Add webhooks for Delete and Update operations on MachineSets that are identified to be Control Plane members. These webhooks prevent deleting these MachineSets or updating them to become non-CP MachineSets (in order to further prevent them from being deleted or misconfigured)
michaelgugino
force-pushed
the
machineset-cp-vwh
branch
from
3fdfdb6 to
0942080
Compare
|
@michaelgugino: The following tests failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
@michaelgugino: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci-robot
added
the
needs-rebase
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci-robot
added
the
lifecycle/stale
|
@michaelgugino: The following test failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
openshift-ci-robot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
|
@openshift-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/reopen |
|
@michaelgugino: Reopened this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
|
@openshift-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/reopen |
|
@michaelgugino: Reopened this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@michaelgugino: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
|
@openshift-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Add webhooks for Delete and Update operations
on MachineSets that are identified to be
Control Plane members. These webhooks prevent
deleting these MachineSets or updating them
to become non-CP MachineSets (in order to
further prevent them from being deleted or
misconfigured)