Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Introducing a Validating Admission Controller #1021

Merged
merged 33 commits into from
Feb 5, 2021
Merged

feat: Introducing a Validating Admission Controller #1021

merged 33 commits into from
Feb 5, 2021

Conversation

whynowy
Copy link
Member

@whynowy whynowy commented Jan 15, 2021
edited
Loading

This PR introduces a Validating Admission Controller to Argo Events, it validates the input spec and notifies the errors when doing kubectl apply.

Main features:

  1. Validating CREATE actions for EventBus, EventSource and Sensor objects;
  2. Validating UPDATE actions to see:
  • If the new spec is valid;
  • Is there any immutable fields being updated (e.g. spec.nats.native.auth in EventBus can not be updated);

This change brings in a new Deployment and Service for the validating webhook, currently it would be made optional for installation.

Closes #1019.

Checklist:

@whynowy whynowy changed the title Validation feat: Introducing a ValidationWebhook admission controller Jan 15, 2021
@whynowy
manifests
7933dd3 
Signed-off-by: Derek Wang <[email protected]>
VaibhavPage
VaibhavPage reviewed Jan 17, 2021
View reviewed changes
manifests/install-no-extension.yaml Outdated
@@ -0,0 +1,370 @@
apiVersion: apiextensions.k8s.io/v1beta1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's call this file install-with-extension. By default Argo-Events should be installed without Validating webhook as it is an addon.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I made it a separate installation file install-validating-webhook.yaml.

@whynowy whynowy marked this pull request as ready for review January 25, 2021 04:21
@whynowy
more validation
4b3b323 
Signed-off-by: Derek Wang <[email protected]>
@whynowy whynowy marked this pull request as draft January 25, 2021 20:13
@whynowy
Merge branch 'master' into validation
07a9f8d
@whynowy
more test cases
f542b66 
Signed-off-by: Derek Wang <[email protected]>
@whynowy
doc revise
1048ff8 
Signed-off-by: Derek Wang <[email protected]>
@whynowy
minor
f94a238 
Signed-off-by: Derek Wang <[email protected]>
@whynowy
fix test case
188eb8d 
Signed-off-by: Derek Wang <[email protected]>
@whynowy whynowy marked this pull request as ready for review January 26, 2021 02:46
@whynowy
minor
86592ca 
Signed-off-by: Derek Wang <[email protected]>
@whynowy
minor
867ef91 
Signed-off-by: Derek Wang <[email protected]>
@whynowy whynowy changed the title feat: Introducing a ValidationWebhook admission controller feat: Introducing a Validating Admission Controller Jan 26, 2021
@whynowy
port
35bd4cd 
Signed-off-by: Derek Wang <[email protected]>
@whynowy
fix typo and refine rbac
1baee50 
Signed-off-by: Derek Wang <[email protected]>
@whynowy whynowy requested a review from alexec January 27, 2021 22:33
alexec
alexec approved these changes Feb 5, 2021
View reviewed changes
Copy link
Contributor

@alexec alexec left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Conditional approval:

  • I understand this is low-risk change because it is optional and orthogonal.

common/tls/tls.go
serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
if err != nil {
return nil, errors.Wrap(err, "failed to generate serial number")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

minor: I much prefer fmt.Errorf("%w")

go.mod
@@ -25,6 +25,7 @@ require (
github.com/fatih/color v1.9.0 // indirect
github.com/fsnotify/fsnotify v1.4.9
github.com/ghodss/yaml v1.0.1-0.20190212211648-25d852aebe32
github.com/go-openapi/inflect v0.19.0
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what licence?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

MIT.

@whynowy whynowy merged commit 58cc093 into argoproj:master Feb 5, 2021
@whynowy whynowy deleted the validation branch February 5, 2021 19:56
@whynowy whynowy mentioned this pull request Feb 6, 2021
Closed
juliev0 pushed a commit to juliev0/argo-events that referenced this pull request Mar 29, 2022
@whynowy
feat: Introducing a Validating Admission Controller (argoproj#1021)
50257db 
* feat: Introducing a Validating Admission Controller

Signed-off-by: Derek Wang <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexec alexec alexec approved these changes

@VaibhavPage VaibhavPage Awaiting requested review from VaibhavPage

@jessesuen jessesuen Awaiting requested review from jessesuen

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Introducing a ValidatingWebhook admisson controller to validate specs
3 participants
@whynowy @alexec @VaibhavPage