-
Notifications
You must be signed in to change notification settings - Fork 601
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
support auto generation of SinkBindings identity service account #7327
Conversation
Welcome @rahulii! It looks like this is your first PR to knative/eventing 🎉 |
Hi @rahulii. Thanks for your PR. I'm waiting for a knative member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
@creydr please review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @rahulii,
Thanks a lot for your PR. I left 2 comments so far.
Besides of them, I am getting a crashloop backoff when running your PR locally. Seems like some insufficient permissions. Can you check on them?
/ok-to-test |
here is the o/p - @creydr |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you also fix the goformat/style issues?
@rahulii Thanks for the update. Can you fix the unit tests? eventing/pkg/reconciler/broker/trigger/trigger_test.go Lines 1489 to 1558 in 402f6ac
|
@creydr there are no tests implemented currently for SB reconciler, should I go ahead and create it (a new _test.go file) ? |
Codecov ReportAttention:
Additional details and impacted files@@ Coverage Diff @@
## main #7327 +/- ##
==========================================
+ Coverage 76.90% 76.92% +0.02%
==========================================
Files 252 252
Lines 13693 13701 +8
==========================================
+ Hits 10530 10539 +9
Misses 2637 2637
+ Partials 526 525 -1
☔ View full report in Codecov by Sentry. |
sb.Status.MarkOIDCIdentityCreatedSucceeded() | ||
} else { | ||
sb.Status.Auth = nil | ||
sb.Status.MarkOIDCIdentityCreatedSucceededWithReason(fmt.Sprintf("%s feature disabled", feature.OIDCAuthentication), "") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do we have a constant string we can use across the board for this reason? /cc @creydr
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not yet. But makes sense to introduce one, as we have this at multiple places 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think that can be a part of seperate PR!
// Reconcile SinkBinding when the OIDC service account changes | ||
serviceaccountInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ | ||
FilterFunc: controller.FilterController(&v1.SinkBinding{}), | ||
Handler: controller.HandleAll(impl.EnqueueControllerOf), | ||
}) | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@creydr it's a general common not specific to this PR, but we should evaluate if it makes sense to label all of our service accounts and use a "filtered informer" so that we're not watching all service accounts into a cluster which could be quite large but only "ours"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it makes sense to label the service account 👍🏼
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a good point @pierDipi. I think we can do this in a separate PR
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
created #7341
// reconcile sinkindings on changes on the features configmap | ||
configmapInformer.Informer().AddEventHandler(cache.FilteringResourceEventHandler{ | ||
FilterFunc: controller.FilterWithNameAndNamespace(system.Namespace(), feature.FlagsConfigName), | ||
Handler: controller.HandleAll(func(i interface{}) { | ||
impl.GlobalResync(sbInformer.Informer()) | ||
}), | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of using a cluster-wide configmap informer, we can configure a callback function when calling NewStore
, that saves quite a bit of memory since that watcher is watching only configmaps in the system namespace as opposed to watching every configmap in the cluster /cc @creydr
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
see example in pkg/reconciler/broker/controller.go
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
like featureStore.WatchConfigs(cmw)
, right ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes. featureStore.WatchConfigs(cmw)
takes additional callback functions which get called on configmap updates. E.g.:
var globalResync func(obj interface{})
featureStore := feature.NewStore(logging.FromContext(ctx).Named("feature-config-store"), func(name string, value interface{}) {
if globalResync != nil {
globalResync(nil)
}
})
with globalResync
being something like:
globalResync = func(obj interface{}) {
impl.GlobalResync(sbInformer.Informer())
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @creydr
f214983
to
9800d17
Compare
/ok-to-test |
@rahulii maybe #7285 (comment) helps you too on your e2e test 🤷 |
hmm @creydr do you want to do e2e as part of this PR or create a bug and track it ?
wdyt? |
I see. Works for me. |
thanks @creydr , LMK if you need any more changes on this PR! Thanks! |
@rahulii the verify job failed. Probably because some relevant changes got merged into main in the meantime. Can you rerun |
Signed-off-by: rahulii <[email protected]>
Signed-off-by: rahulii <[email protected]>
Signed-off-by: rahulii <[email protected]>
Signed-off-by: rahulii <[email protected]>
Signed-off-by: rahulii <[email protected]>
Signed-off-by: rahulii <[email protected]>
Signed-off-by: rahulii <[email protected]>
Signed-off-by: rahulii <[email protected]>
Signed-off-by: rahulii <[email protected]>
Signed-off-by: rahulii <[email protected]>
Signed-off-by: rahulii <[email protected]>
cf83f7d
to
fdda99e
Compare
@creydr is the e2e test failure because of this PR changes ? 🤔 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks a lot @rahulii for your work in this PR and your patience!
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: creydr, rahulii The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Fixes #7324
Proposed Changes
Pre-review Checklist
Release Note