Bundle validate failing for webhooks due to missing spec.conversion.webhookClientConfig.service.port #3673
Comments
|
Hi @estroz, Is possible to integrate a project with OLM using webhooks? Do you know if webhooks are supported by OLM? |
camilamacedo86
added
olm-integration
|
I'm also having this same issue, for now I added the missing fields: spec:
preserveUnknownFields: false # added this
conversion:
strategy: Webhook
webhookClientConfig:
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convert
port: 443 # added this, used 443 bc it's the default from the k8s docs
|
|
It looks like port is a required field in a CSV’s webhook description, which I imagine is because OLM reconstructs their configs before creating them. The webhook configs generated by I think the right here to do is check if a webhook is configured to run from a service defined by a |
|
Disregard what I said above, this appears to be a CRD validation issue. This may actually be a decoding bug in the validator's code: an uninitialized port value, intended to mean this value was not set in the manifest, should not cause this validation error, while an initialized but unset value should and will. |
Yes - OLM supports admission and conversion webhooks with a few constraints. |
|
As @estroz suggested, this seems to be an issue with the validation library or the CRD itself. @ahmedwaleedmalik could you share the CRD you used which caused this issue? |
estroz
added
kind/bug
|
Hi @awgreene, it seems like an issue with generation of CRD rather the validation. Since, it is an auto-generated CRD we expect it to map The CRD that is missing port field: apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: projects.jiraservicedesk.stakater.com
spec:
preserveUnknownFields: false
conversion:
strategy: Webhook
webhookClientConfig:
# this is "\n" used as a placeholder, otherwise it will be rejected by the apiserver for being blank,
# but we're going to set it later using the cert-manager (or potentially a patch if not using cert-manager)
caBundle: Cg==
service:
namespace: system
name: webhook-service
path: /convertThe resultant CRD that fails bundle validation: apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
cert-manager.io/inject-ca-from: jira-service-desk-operator-system/jira-service-desk-operator-serving-cert
controller-gen.kubebuilder.io/version: v0.3.0
creationTimestamp: null
name: projects.jiraservicedesk.stakater.com
spec:
conversion:
strategy: Webhook
webhookClientConfig:
caBundle: Cg==
service:
name: jira-service-desk-operator-webhook-service
namespace: jira-service-desk-operator-system
path: /convert
group: jiraservicedesk.stakater.com
names:
kind: Project
listKind: ProjectList
plural: projects
singular: project
preserveUnknownFields: false
scope: Cluster
subresources:
status: {}
validation:
openAPIV3Schema:
description: Project is the Schema for the projects API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ProjectSpec defines the desired state of Project
properties:
assigneeType:
description: Task assignee type
enum:
- PROJECT_LEAD
- UNASSIGNED
type: string
avatarId:
description: An integer value for the project's avatar.
type: integer
categoryId:
description: The ID of the project's category
type: integer
description:
description: Description for project
type: string
issueSecurityScheme:
description: The ID of the issue security scheme for the project, which
enables you to control who can and cannot view issues
type: integer
key:
description: The project key is used as the prefix of your project's
issue keys
type: string
leadAccountId:
description: ID of project lead
maxLength: 128
type: string
name:
description: Name of the project
type: string
notificationScheme:
description: The ID of the notification scheme for the project
type: integer
permissionScheme:
description: The ID of the permission scheme for the project
type: integer
projectTemplateKey:
description: A prebuilt configuration for a project
type: string
projectTypeKey:
description: The project type, which dictates the application-specific
feature set
enum:
- business
- service_desk
- software
type: string
url:
description: A link to information about this project, such as project
documentation
type: string
type: object
status:
description: ProjectStatus defines the observed state of Project
properties:
conditions:
description: Status conditions
items:
description: "Condition represents an observation of an object's state.
Conditions are an extension mechanism intended to be used when the
details of an observation are not a priori known or would not apply
to all instances of a given Kind. \n Conditions should be added
to explicitly convey properties that users and components care about
rather than requiring those properties to be inferred from other
observations. Once defined, the meaning of a Condition can not be
changed arbitrarily - it becomes part of the API, and has the same
backwards- and forwards-compatibility concerns of any other part
of the API."
properties:
lastTransitionTime:
format: date-time
type: string
message:
type: string
reason:
description: ConditionReason is intended to be a one-word, CamelCase
representation of the category of cause of the current status.
It is intended to be used in concise output, such as one-line
kubectl get output, and in summarizing occurrences of causes.
type: string
status:
type: string
type:
description: "ConditionType is the type of the condition and is
typically a CamelCased word or short phrase. \n Condition types
should indicate state in the \"abnormal-true\" polarity. For
example, if the condition indicates when a policy is invalid,
the \"is valid\" case is probably the norm, so the condition
should be called \"Invalid\"."
type: string
required:
- status
- type
type: object
type: array
id:
description: Jira service desk project ID
type: string
required:
- id
type: object
type: object
version: v1alpha1
versions:
- name: v1alpha1
served: true
storage: true
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []This is open source and the port fix was done against this PR: stakater/jira-service-desk-operator#10 |
|
Closing this since i couldn't reproduce this issue in |
Bug Report
What did you do?
I followed the guide from the official documentation to add webhook. I have configured and set it up but when i try to generate bundle manifests. It fails at validation step with error:
What did you see instead? Under which circumstances?
I am getting the following error:
Environment
operator-sdk version:
v0.19.0
go version:
v1.14.4
Kubernetes version information:
v1.17.3
Are you writing your operator in ansible, helm, or go?
go
The text was updated successfully, but these errors were encountered: