Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: reconcile policy webhook configurations #576

Merged
merged 7 commits into from
Nov 21, 2023
Merged

feat: reconcile policy webhook configurations #576

merged 7 commits into from
Nov 21, 2023

Conversation

fabriziosestito
Copy link
Contributor

@fabriziosestito fabriziosestito commented Nov 14, 2023
edited
Loading

Description

This PR fixes: #224, adding reconciliation of ValidatingWebhookConfiguration and MutatingWebhookConfiguration if those are changed (by the user).

Test

This PR introduces a k3s testcontainer to test the controllers against a real cluster, by using envtest.
The envtest setup was already there, but not using a real cluster we weren't able to test Kubernetes builtin resources "side-effects", e.g. creating a deployment was not causing a ReplicaSet and Pods to be created. This is because by default envtest spins up a fake control plane with no Kubernetes built-in controllers.
Also, we were lacking tests for the admission policies controllers' happy paths. This PR adds them.

NOTE: Webhooks integration tests are still not running against a real cluster, but using envtest in this case might be overkill.
Consider refactoring these tests to unit tests (see: #579)

@fabriziosestito fabriziosestito self-assigned this Nov 15, 2023
viccuad
viccuad reviewed Nov 16, 2023
View reviewed changes
go.mod Show resolved Hide resolved
@fabriziosestito fabriziosestito force-pushed the feat/webhooks-reconciliation branch 4 times, most recently from 64eefa4 to 0909b3f Compare November 17, 2023 13:23
jvanz
jvanz requested changes Nov 17, 2023
View reviewed changes
controllers/admissionpolicy_controller.go Outdated Show resolved Hide resolved
controllers/clusteradmissionpolicy_controller.go Outdated Show resolved Hide resolved
controllers/suite_test.go Outdated Show resolved Hide resolved
controllers/suite_test.go Show resolved Hide resolved
controllers/utils_test.go Outdated Show resolved Hide resolved
@fabriziosestito fabriziosestito force-pushed the feat/webhooks-reconciliation branch 2 times, most recently from 0118d13 to 84be709 Compare November 18, 2023 08:42
@fabriziosestito fabriziosestito marked this pull request as ready for review November 18, 2023 10:35
@fabriziosestito fabriziosestito requested a review from a team as a code owner November 18, 2023 10:35
viccuad
viccuad reviewed Nov 20, 2023
View reviewed changes
controllers/utils_test.go Outdated Show resolved Hide resolved
viccuad
viccuad approved these changes Nov 20, 2023
View reviewed changes
Copy link
Member

@viccuad viccuad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Good way of ensuring the webhooks stay as they should, plus the tests against a real cluster open a world of possibilities ❤️.

@fabriziosestito
feat: add kubewarden-specific labels and annotations to webhooks; rec…
31b4657 
…oncile if changed

Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito
feat: add validating and mutating webhooks configuration watches to A…
d52fdcc 
…dmissionPolicy and ClusterAdmissionPolicy controllers

Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito
test(integration): run controllers integration tests against a real c…
2d39195 
…luster using a k3s testcontainer

Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito
test(integration): refactor / clean-up existing testsi; add happy path
6f2d9c5 
tests

Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito
test(integration): add webhooks reconcilation test
4d894c8 
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito
chore: use constants for webhooks configuration labels and annotations
1fde808 
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
@fabriziosestito
fix: configure integration tests policy server version via env variable
12c7b72 
Signed-off-by: Fabrizio Sestito <fabrizio.sestito@suse.com>
flavio
flavio approved these changes Nov 21, 2023
View reviewed changes
Copy link
Member

@flavio flavio left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, this is some great work 👏

Makefile Show resolved Hide resolved
@fabriziosestito fabriziosestito mentioned this pull request Nov 21, 2023
Closed
2 tasks
@flavio flavio merged commit b48d736 into kubewarden:main Nov 21, 2023
7 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@viccuad viccuad viccuad approved these changes

@flavio flavio flavio approved these changes

@jvanz jvanz Awaiting requested review from jvanz

Assignees

@fabriziosestito fabriziosestito

Labels
None yet
Projects
Kubewarden
Archived in project
Milestone
No milestone
4 participants
@fabriziosestito @flavio @jvanz @viccuad