-
Notifications
You must be signed in to change notification settings - Fork 13
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(discovery): configurations for KubeAPI discovery #128
Conversation
941085a
to
02bb841
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, though may need some adjusting after review on cryostatio/cryostat#325 finishes.
@ebaron could you take a quick look over this? I think it looks good and it works well with the accompanying cryostatio/cryostat#325 (which was just merged). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry for the delay in getting to these Helm PRs. This looks good, just wondering if we should use the same kind of DisableBuiltInPort{Names,Numbers} that we settled on in the Operator's CRD: https://github.com/cryostatio/cryostat-operator/blob/b300689a645e3741ccd5468e09acf20b5b9fb4d2/api/v1beta1/cryostat_types.go#L541-L562 Then we don't need to rely on magic values like .
.
I guess if on helm side, if users want to disable built-in port {numbers,names}, they can set, for example,
I think the |
OpenShift has a UI for customizing Helm values on install, think the Operator one but much more primitive. I think this might be hard to represent that way in those kind of UIs. Boolean values are easily rendered as checkboxes.
It makes sense like |
Ahh good to know! I didn't realize that. I will update.
Actually, I haven't yet come across any in k8s with this syntax. Though, this is implemented in Cryostat 3.0 tho: https://github.com/cryostatio/cryostat3/blob/1d991d1889e1d63b84f171afe913cf7cb0469aad/src/main/java/io/cryostat/discovery/KubeApiDiscovery.java#L504. @andrewazores any thoughts? |
Sorry another question. Since those fields (i.e. namespaces, portNumbers, portNames) are lists, they are rendered as below. If the users want to disable defaults, would it make sense for them to just remove that item from the list? For example, installing cryostat with securityContext capabilities (using helm chart UI on OpenShift). Editted: If we are gonna use flag for namespace (see below comment), I think we might as well do it for port{names,numbers}. Thought, it is somewhat nice to remove to disable :)) |
Maybe a flag: Editted: I realized now that's what you meant originally (my bad!) :D I have updated the chart with such flags similar to the operators. This way, it is closer to the operator-side, and avoids magic value installNamespaceDisabled: false
builtInPortNamesDisabled: false
builtInPortNumbersDisabled: false This does mean cryostat3 can just remove its |
I'd like to keep the Otherwise, I'm good with the other changes suggested above. |
Sounds good to me! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is good. @tthvo what do you think about keeping the Role as a Role, and duplicating it in each namespace? I think so far, a namespace admin is able to install Cryostat using the Helm Chart. They may not have permissions to create a ClusterRole.
Oh yes that makes sense! Totally overlooking this aspect :D |
Updated now to copy |
Not related to this PR but one suggestion I think we might benefit from is unit/template testing for helm chart. This can help: https://github.com/helm-unittest/helm-unittest During this PR, it took me a while to see that the |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM other than the one comment typo above
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good, thanks @tthvo!
Related to #119
Depends on cryostatio/cryostat#325
Description of changes
Added options to configure discovery mechanism.
Updated Role to ClusterRole to create the corresponding RoleBinding in each of the watch namespace.
How to test