-
Notifications
You must be signed in to change notification settings - Fork 326
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CRD Controller #353
CRD Controller #353
Conversation
Co-authored-by: Luke Kysow <[email protected]>
Also run go mod tidy
Merge POC into consul-k8s Signed-off-by: Ashwin Venkatesh <[email protected]> Co-authored-by: Luke Kysow <[email protected]>
Will create an ACL token for controller. No Consul Enterprise support right now.
* Support Consul Ent NS's for CRDs
* Add defaults and validation for ServiceDefaults
* Provision webhooks with self-generated certs Co-authored-by: Iryna Shustava <[email protected]> Co-authored-by: Luke Kysow <[email protected]>
* Ensure system recovers quickly from failures or drift in state - helm upgrades will cause the caBundle to get reset on the mutating webhooks. By "reconciling" the state of the system every second, we ensure the drift in this state has a minimal impact on the uptime of the system. it will now verify that the certificates as well as the CA bundle are "correct" every second and update them if they arent. * Compare CABundle on webhook with the CA cert on the bundle without encoding Co-authored-by: Iryna Shustava <[email protected]>
* Also make controller and webhook code generic * Update to controller-runtime 0.6.3 to fix spurious log error message.
Would always return invalid
- Pass the path down to the validation methods so they don't need to know where in the struct they are placed. - Also use .Index() and .Key() instead of fmt.Sprintf to indicate where in a slice/map we are.
- if running ent and namespace mirroring is enabled then allow multiple resources with the same name across namespaces. - make Validator structs public and remove constructors
- defaults to true - replaces ENABLE_WEBHOOKS environment variable
Proxy Defaults controller and webhook
* ServiceRouter support * controllers => controller for logger name
Also, update the version of controller-tools to 0.4.0 to support float types. With this version, we can pass allowDangerousTypes marker to allow CRDs to have float32 types. This comes with a breaking change to CRD and webhook versions, where now we have to explicitly set versions to v1beta1 since controller-tools now defaults to v1.
* Replace reflect.DeepEqual with gocmp.Equal • go-cmp has a more robust library for compares as it allows ignoring unexported fields. • Replace other usages of reflect.DeepEqual with cmp.Equal • Remove unnecessary matchesConsul methods • Restructure MatchesConsul test to test against mismatched type • Explicitly ignore fields instead of zero-ing them out during a comapare
* Rework Controller Enterprise tests to reduce duplication
* add ci config to pull s3 dev builds for tests * pick some initial oss/ent hashes of dev builds * use env var properly * use the directory flag properly to untar * use sudo for tar to access /usr/local/bin
* Use metadata field from configEntry to determine if resource is managed in external cluster * Add tests for controller not updating unowned entries * Add error message in logs if Consul entry isnt deleted. * Extract private method to share meta across resources.
* Add support for L4 service-intentions config entry
* Add -log-level flag to controller
* crds: Add support for L7 intentions Co-authored-by: Iryna Shustava <[email protected]>
.circleci/config.yml
Outdated
- CONSUL_VERSION: aa0f5ff839c515aad3baa38c7936b4630263ca89 # Consul's OSS version to use in tests | ||
- CONSUL_ENT_VERSION: 511f5942610bfa3ae53a40ca05db1858b25c2263 # Consul's enterprise version to use in tests |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Todo: we need these to point at 1.9.0 so the controller tests pass.
Tests will run against more up-to-date master versions
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🦊 🐧 This is all approved so who am i to get in the way
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Excellent work!
Changes proposed in this PR:
controller
andwebhook-cert-manager
Checklist:
=> changelog will be added in upcoming PR