Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail controller startup when conflicting webhook definition present #588

Merged
merged 1 commit into from
Sep 10, 2021
Merged

Fail controller startup when conflicting webhook definition present #588

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion build/make/deploy.mk
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ restart_webhook:
$(K8S_CLI) rollout restart -n $(NAMESPACE) deployment/devworkspace-webhook-server

### uninstall: Removes the controller resources from the cluster
uninstall: generate_deployment
uninstall: _print_vars generate_deployment
# It's safer to delete all workspaces before deleting the controller; otherwise we could
# leave workspaces in a hanging state if we add finalizers.
$(K8S_CLI) delete devworkspaces.workspace.devfile.io --all-namespaces --all --wait || true
Expand Down
20 changes: 18 additions & 2 deletions pkg/webhook/init_cfg.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,10 +16,12 @@ import (
"context"
"fmt"

admv1 "k8s.io/api/admissionregistration/v1"
apierrors "k8s.io/apimachinery/pkg/api/errors"
"k8s.io/apimachinery/pkg/types"
crclient "sigs.k8s.io/controller-runtime/pkg/client"

"github.com/devfile/devworkspace-operator/webhook/workspace"
apierrors "k8s.io/apimachinery/pkg/api/errors"
)

// WebhookCfgsInit initializes the webhook that denies everything until webhook server is started successfully
Expand All @@ -30,11 +32,25 @@ func WebhookCfgsInit(client crclient.Client, ctx context.Context, namespace stri
if err != nil {
if apierrors.IsAlreadyExists(err) {
log.Info(fmt.Sprintf("Mutating webhooks configuration %s already exists", configuration.Name))
return nil
return checkExistingConfigForConflict(client, ctx, namespace)
} else {
return err
}
}
log.Info(fmt.Sprintf("Created webhooks configuration %s", configuration.Name))
return nil
}

func checkExistingConfigForConflict(client crclient.Client, ctx context.Context, serviceNamespace string) error {
existingCfg := &admv1.MutatingWebhookConfiguration{}
err := client.Get(ctx, types.NamespacedName{Name: workspace.MutateWebhookCfgName}, existingCfg)
if err != nil {
return err
}
for _, webhook := range existingCfg.Webhooks {
if webhook.ClientConfig.Service.Namespace != serviceNamespace {
return fmt.Errorf("conflicting webhook definition found on cluster, webhook %s clientConfig points at namespace %s", webhook.Name, webhook.ClientConfig.Service.Namespace)
}
}
return nil
}