Migrate registry/strategy Updates to webhooks #17
Conversation
|
|
piotrmiskiewicz
force-pushed
the
migrate-registry2webhooks
branch
4 times, most recently
from
260fe11 to
6cf0d40
Compare
piotrmiskiewicz
force-pushed
the
migrate-registry2webhooks
branch
from
6cf0d40 to
483463d
Compare
There was a problem hiding this comment.
In issue that you want to resolve is such comment
For validation take into account that we have already the static validation on CRD, so recheck what else needs to be done in ValidatingAdmissionWebhook.
Check also if we shouldn't remove the static validation from CRD and implement that in ValidatingAdmissionWebhook - take into account how user-friendly is the returned validation error.
Why in your pr it's not done? Right now we have duplicated logic, also the err msgs are not validated and I do not see any statement which approach was chosen and why. Base on my testing we should remove validation from CRDs
What's more right now you have registered validation which cannot work:
- ServiceBinding (ValidateServiceBinding), under the hood, is doing:
if create {
allErrs = append(allErrs, validateServiceBindingCreate(binding)...)
} else {
allErrs = append(allErrs, validateServiceBindingUpdate(binding)...)
}
both operation are validating status which is not provided on normal CREATE operation for ServiceBinding and it will not work.. Checking must be moved to status update handler. Validation for creating is not needed because user is not able to do that.
- ServiceInstance (ValidateServiceInstanceUpdate), under the hood is validating the status entry, why it's not registered in webhook??
| @@ -0,0 +1,251 @@ | |||
| /* | |||
There was a problem hiding this comment.
as discussed. We can remove this copy and just adjust the imports in previous package.
There was a problem hiding this comment.
removed the package and modified the old one (to use proper types/imports which makes API Server version not workig as discussed)
| h.mutateOnUpdate(ctx, mutated) | ||
| originalObj := &sc.ClusterServiceBroker{} | ||
| if err := h.decoder.DecodeRaw(req.OldObject, originalObj); err != nil { | ||
| traced.Errorf("Could not decode request object: %v", err) |
There was a problem hiding this comment.
be more verbose, right now we cannot distinguish if it was problem with oldObj or req.Obj (line 59)
same comment for all other places
| @@ -106,6 +112,17 @@ func (h *CreateUpdateHandler) mutateOnCreate(ctx context.Context, sb *sc.Cluster | |||
| } | |||
| } | |||
|
|
|||
| func (h *CreateUpdateHandler) mutateOnUpdate(ctx context.Context, obj *sc.ClusterServiceBroker) { | |||
| // TODO: implement logic from pkg/registry/servicecatalog/clusterservicebroker/strategy.go | |||
| func (h *CreateUpdateHandler) mutateOnUpdate(ctx context.Context, oldSb, newSb *sc.ClusterServiceBroker) { | |||
There was a problem hiding this comment.
minior: sometimes you are using originalObj sometimes oldSb, please unify that
same comment for all other places
|
|
||
| // Spec updates bump the generation so that we can distinguish between | ||
| // spec changes and other changes to the object. | ||
| if !apiequality.Semantic.DeepEqual(oldSb.Spec, newSb.Spec) { |
There was a problem hiding this comment.
did you check that behavior previously? In the webhook approach, this is not needed at all. Please remove that.
same comment for all other places
| }, | ||
| }, | ||
| }, | ||
| "Should override relist request": { |
There was a problem hiding this comment.
| "Should override relist request": { | |
| "Should restore previous relist request, when not provided (set to 0)": { |
| @@ -97,10 +105,33 @@ func (h *CreateUpdateHandler) mutateOnCreate(ctx context.Context, req admission. | |||
| if utilfeature.DefaultFeatureGate.Enabled(scfeatures.OriginatingIdentity) { | |||
| setServiceBindingUserInfo(req, binding) | |||
| } | |||
|
|
|||
| // Fill in the first entry set to "creating"? | |||
| @@ -84,7 +91,8 @@ func (h *CreateUpdateHandler) InjectDecoder(d *admission.Decoder) error { | |||
| } | |||
|
|
|||
| func (h *CreateUpdateHandler) mutateOnCreate(ctx context.Context, req admission.Request, binding *sc.ServiceBinding) { | |||
| binding.Finalizers = []string{sc.FinalizerServiceCatalog} | |||
| // This feature was copied from Service Catalog registry: https://github.com/kubernetes-incubator/service-catalog/blob/master/pkg/registry/servicecatalog/binding/strategy.go | |||
There was a problem hiding this comment.
this comment is not needed here. The purpose of this comment is to have it in places where you copied a lot of logic, e.g. as you had for validation packages. In this place is more like adjustments because some logic is not ported e.g. as we have with recovering status entries, incrementing generation etc.
| if utilfeature.DefaultFeatureGate.Enabled(scfeatures.OriginatingIdentity) { | ||
| setServiceBindingUserInfo(req, newObj) | ||
| } | ||
| newObj.Generation = oldObj.Generation + 1 |
There was a problem hiding this comment.
please remove it is done by api server
| @@ -91,6 +97,8 @@ func (h *CreateUpdateHandler) Handle(ctx context.Context, req admission.Request) | |||
| return admission.Errored(http.StatusInternalServerError, err) | |||
| } | |||
|
|
|||
| traced.Infof("subresource %v", req.SubResource) | |||
There was a problem hiding this comment.
no, I forgot to remove it. fixed
|
|
||
| func (h *StatusUpdateHandler) Handle(ctx context.Context, req admission.Request) admission.Response { | ||
| traced := webhookutil.NewTracedLogger(req.UID) | ||
| traced.Infof("Start handling operation: %s for %s/%s: %q", req.Operation, req.Kind.Kind, req.SubResource, req.Name) |
There was a problem hiding this comment.
please be more precise. What kind of handler it is? It' will be hard to distinguish between validation sepc, mutation spec, and mutation status entries
piotrmiskiewicz
force-pushed
the
migrate-registry2webhooks
branch
3 times, most recently
from
e6dabe4 to
9f1c183
Compare
charts/catalog/values.yaml
Outdated
| @@ -28,7 +28,7 @@ webhook: | |||
| nodePort: | |||
| # Available port in allowable range (e.g. 30000 - 32767 on minikube) | |||
| # The TLS-enabled endpoint will be exposed here | |||
| securePort: 30443 | |||
| securePort: 30444 | |||
| @@ -38,7 +38,7 @@ var _ admission.Handler = &CreateUpdateHandler{} | |||
| // Handle handles admission requests. | |||
| func (h *CreateUpdateHandler) Handle(ctx context.Context, req admission.Request) admission.Response { | |||
| traced := webhookutil.NewTracedLogger(req.UID) | |||
| traced.Infof("Start handling operation: %s for %s: %q", req.Operation, req.Kind.Kind, req.Name) | |||
| traced.Infof("Start handling validation operation: %s for %s: %q", req.Operation, req.Kind.Kind, req.Name) | |||
piotrmiskiewicz
force-pushed
the
migrate-registry2webhooks
branch
from
0fb33b3 to
ff732c0
Compare
… (CRDs) solution (kubernetes-retired#2630) * Add basic validation to crds * Add webhook skeleton, remove api-server from chart, add webhoook server in chart, move PrepareForCreate login into webhook handler (kyma-incubator#2) * Add webhook skeleton, remove api-server from chart, add webhoook server in chart, move PrepareForCreate login into webhook handler * Add logger and GVK matcher * Add test coverage for webhook (kyma-incubator#6) * Add Status entry initialization in binding and instance controller (kyma-incubator#5) * Change fs to label selector (kyma-incubator#9) * Fix removing finalizer after switching to CRD /status sub-resource (kyma-incubator#8) * Add tests to webhooks (kyma-incubator#11) * Replace changevalidator with webhook (kyma-incubator#14) * Replace default service plan with webhook (kyma-incubator#10) * Add tests to webhooks - fix * Rewrite defaultServicePlan feature to webhook * Replace plugins by webhook (kyma-incubator#16) * Replace ServiceBinding plugin by webhook * Replace Broker plugins by webhook * Adjust webhooks to multi validation handlers * Service Catalog going towards to CRDs (kyma-incubator#18) * Migrate registry/strategy Updates to webhooks (kyma-incubator#17) * Use Update instead of updateReference method (kyma-incubator#19) * Replace tableconvertor with APC (kyma-incubator#20) * Fix svcat tests after the rebase with the upstream master branch * Pre delete jobs - remove CRD after delete helm release (kyma-incubator#21) * Apply fixes after executing `make verify` * Create docs about webhook implementation (kyma-incubator#24) * Change the securePort for the webhook server because colidates with old api-server * Change import paths to kubernetes-sigs, and rebase with master * Apply fixes after rebase Fixes: * makefile targets, * instance deprovision operation * entries under additionalPrinterColumns in crds.yaml * unit tests after rebase * Update documentation (kyma-incubator#40) * Update docs * Fix vendor after rebase with k8s 1.15 bump * Apply changes after review - remove the contrib/hack/crd folder - remove reference to Kyma project - rebase with current master - restore the image in chart - extract CRDs defintion to dedicated folder
This PR is a
What this PR does / why we need it:
Move logic from pkg/registry/*/strategy to webhooks
Which issue(s) this PR fixes
Resolves: kyma-project/kyma#2792
Please leave this checklist in the PR comment so that maintainers can ensure a good PR.
Merge Checklist:
breaking the chart release and existing clients who provide a
flag that will get an error when they try to update