Add support for conversion webhook 🍸 #2413
Conversation
|
@vdemeester: GitHub didn't allow me to request PR reviews from the following users: mattmoor. Note that only tektoncd members and repo collaborators can review this PR, and authors cannot review their own PRs. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
googlebot
added
the
cla: yes
tekton-robot
added
the
size/XXL
vdemeester
force-pushed
the
2047-conversion-webhook
branch
from
8186199 to
cb1960c
Compare
|
/test pull-tekton-pipeline-build-tests |
|
/test pull-tekton-pipeline-integration-tests |
|
|
||
| // A function that infuses the context passed to ConvertTo/ConvertFrom/SetDefaults with custom metadata | ||
| func(ctx context.Context) context.Context { | ||
| return ctx |
There was a problem hiding this comment.
Did you want the ctx stuff here too?
There was a problem hiding this comment.
I followed what was in knative/serving 😝
|
/test pull-tekton-pipeline-integration-tests |
|
/test pull-tekton-pipeline-integration-tests |
3 similar comments
|
/test pull-tekton-pipeline-integration-tests |
|
/test pull-tekton-pipeline-integration-tests |
|
/test pull-tekton-pipeline-integration-tests |
vdemeester
force-pushed
the
2047-conversion-webhook
branch
from
cb1960c to
b49e956
Compare
tekton-robot
added
size/L
|
/test pull-tekton-pipeline-integration-tests |
1 similar comment
|
/test pull-tekton-pipeline-integration-tests |
| @@ -98,7 +103,7 @@ func NewValidationAdmissionController(ctx context.Context, cmw configmap.Watcher | |||
|
|
|||
| // A function that infuses the context passed to Validate/SetDefaults with custom metadata. | |||
| func(ctx context.Context) context.Context { | |||
| return ctx | |||
| return contexts.WithUpgradeViaDefaulting(store.ToContext(ctx)) | |||
There was a problem hiding this comment.
contexts.WithUpgradeViaDefaulting
Are you using this upgrade marker for anything?
vdemeester
force-pushed
the
2047-conversion-webhook
branch
from
b49e956 to
da932a2
Compare
|
The error is legit in this PR, see #2468 |
|
/hold |
tekton-robot
added
the
do-not-merge/hold
vdemeester
force-pushed
the
2047-conversion-webhook
branch
from
da932a2 to
f3a8be7
Compare
|
yay it is green 🌞 |
There was a problem hiding this comment.
I think all of my feedback is just asking for some more detail in comments - I think it'll be worthwhile for folks like me who don't really know what's going on :D
but i also understand if you want to merge as is and add that afterward - would like to see it tho if possible!
/approve
| @@ -124,6 +129,68 @@ func NewConfigValidationController(ctx context.Context, cmw configmap.Watcher) * | |||
| ) | |||
| } | |||
|
|
|||
| func NewConversionController(ctx context.Context, cmw configmap.Watcher) *controller.Impl { | |||
| // nolint: golint | |||
There was a problem hiding this comment.
why do we not want to lint this?
There was a problem hiding this comment.
😅 well, I need to find a better name than v1beta1_ for the variable.. and I was lazy 😅
There was a problem hiding this comment.
I am not sure what variable name to use to be honest 🙃
| // The path on which to serve the webhook | ||
| "/resource-conversion", | ||
|
|
||
| // Specify the types of custom resource definitions that should be converted |
There was a problem hiding this comment.
so the keys are the types to convert TO and the zygotes are the version to convert FROM is that right? im not 100% clear either way tho so maybe some more detail in the comment might help?
config/200-clusterrole.yaml
Outdated
| @@ -63,6 +63,12 @@ apiVersion: rbac.authorization.k8s.io/v1 | |||
| metadata: | |||
| name: tekton-pipelines-webhook-cluster-access | |||
| rules: | |||
| # The webhook needs to be able to list and update customresourcedefinitions, | |||
| # mainly to update the webhook certificates.ku | |||
config/200-clusterrole.yaml
Outdated
| - apiGroups: ["apiextensions.k8s.io"] | ||
| resources: ["customresourcedefinitions", "customresourcedefinitions/status"] | ||
| verbs: ["get", "list", "update", "patch", "watch"] | ||
| # verbs: ["get", "list", "create", "update", "delete", "patch", "watch"] |
There was a problem hiding this comment.
maybe we can remove this line?
config/300-taskrun.yaml
Outdated
| # this is a work around so we don't need to flush out the | ||
| # schema for each version at this time | ||
| # | ||
| # see issue: https://github.com/knative/serving/issues/912 |
There was a problem hiding this comment.
is it possible to get a bit more detail here on how this works? looking at the issue it's not immediately clear to me, and im wondering how x-kubernetes-preserve-unknown-fields affect unknown fields / typos (making me think of tektoncd/triggers#526)
There was a problem hiding this comment.
Right preserveUnknownFields and this one seems to be required to work with k8s 1.18 and the conversion webhook somehow.
There was a problem hiding this comment.
Updated the comments 👼
| Group: GroupName, | ||
| Resource: "conditions", | ||
| } | ||
| ) |
There was a problem hiding this comment.
im not 100% clear on why these are required now or where they are used? does the conversion webhook automatically detect these?
There was a problem hiding this comment.
We do here : https://github.com/tektoncd/pipeline/pull/2413/files#diff-58de452513b7e8d8d3cfea23eb4ae6a8R170 (and we might do at other parts of the code). It makes it a bit easier to get conditions.tekton.dev or pipelineruns.tekton.dev in code without hard coding those.
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bobcatfish The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
added
the
approved
|
/hold cancel |
tekton-robot
removed
the
do-not-merge/hold
vdemeester
force-pushed
the
2047-conversion-webhook
branch
from
f3a8be7 to
0dbd57e
Compare
Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
This adds a new webhook controller : ConversionController. The `HubVersion` is the stored version, and Zygotes stores the types of supported versions. The CRDs are updated to setup the conversion strategy to webhook, pointing to the tekton-pipelines-webhook. An update in the webhook clusterrole is required for customresourcedefinitions. Signed-off-by: Vincent Demeester <vdemeest@redhat.com>
vdemeester
force-pushed
the
2047-conversion-webhook
branch
from
0dbd57e to
82a934d
Compare
|
ping @sbwsg @bobcatfish @imjasonh this is ready for review and updated |
|
/lgtm /meow rocketship |
|
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
afrittoli
added
the
kind/feature
Changes
This adds a new webhook controller : ConversionController.
The
HubVersionis the stored version, andZygotesstores the typesof supported versions.
The CRDs are updated to setup the conversion strategy to webhook,
pointing to the tekton-pipelines-webhook.
An update in the webhook clusterrole is required for customresourcedefinitions.
Closes #2047
/cc @sbwsg @bobcatfish @mattmoor
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide for more details.
Double check this list of stuff that's easy to miss:
cmddir, please updatethe release Task to build and release this image.
Reviewer Notes
If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.
Release Notes