Skip to content
This repository has been archived by the owner on May 6, 2022. It is now read-only.

Enable namespaced brokers by default #2248

Merged
merged 1 commit into from
Aug 2, 2018
Merged

Enable namespaced brokers by default #2248

merged 1 commit into from
Aug 2, 2018

Conversation

jberkhahn
Copy link
Contributor

This is ready to be turned on per #2244.

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jul 31, 2018
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jul 31, 2018
@jberkhahn jberkhahn requested review from eriknelson and MHBauer July 31, 2018 23:45
@MHBauer
Copy link
Contributor

MHBauer commented Aug 1, 2018

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Aug 1, 2018
@eriknelson
Copy link
Contributor

/lgtm

@jboyd01
Copy link
Contributor

jboyd01 commented Aug 1, 2018

Looks like we need to update this as well so it's on by default when installing with Helm:

https://github.com/kubernetes-incubator/service-catalog/blob/f6f0e41fae6c4f1bdc5c507942ee7f1719555a19/charts/catalog/values.yaml#L155-L156

@MHBauer
Copy link
Contributor

MHBauer commented Aug 1, 2018

@jberkhahn the chart needs to change too. Give it another scrub.
/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 1, 2018
@MHBauer
Copy link
Contributor

MHBauer commented Aug 1, 2018

conditionals in templates need to be cleaned up or removed.

charts/catalog/templates/controller-manager-deployment.yaml
83-        {{- end }}
84:        {{- if .Values.namespacedServiceBrokerEnabled }}
85-        - --feature-gates
86:        - NamespacedServiceBroker=true
87-        {{- end }}

charts/catalog/templates/rbac.yaml
108-    verbs:     ["update"]
109:  {{- if .Values.namespacedServiceBrokerEnabled }}
110-  - apiGroups: ["servicecatalog.k8s.io"]

charts/catalog/templates/apiserver-deployment.yaml
62-        {{- end }}
63:        {{- if .Values.namespacedServiceBrokerEnabled }}
64-        - --feature-gates
65:        - NamespacedServiceBroker=true
66-        {{- end }}

docs too

docs/namespaced-broker-resources.md
78-to pass an argument to the API Server when you install Service Catalog:
79: `--feature-gates NamespacedServiceBroker=true`.
80-
81:If you are using Helm, you can use the `namespacedServiceBrokerEnabled` setting
82- to control that flag:
--
87-   --namespace catalog \
88:   --set namespacedServiceBrokerEnabled=true
89-```

@MHBauer
Copy link
Contributor

MHBauer commented Aug 1, 2018

/lgtm cancel
/approve cancel
/woof

@k8s-ci-robot
Copy link
Contributor

@MHBauer: dog image

In response to this:

/lgtm cancel
/approve cancel
/woof

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot removed lgtm Indicates that a PR is ready to be merged. approved Indicates a PR has been approved by an approver from all required OWNERS files. labels Aug 1, 2018
MHBauer
MHBauer previously requested changes Aug 1, 2018
View reviewed changes
Copy link
Contributor

@MHBauer MHBauer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

see comments

@jberkhahn
Copy link
Contributor Author

Why did that stuff not get done for originating identity?

@MHBauer
Copy link
Contributor

MHBauer commented Aug 1, 2018

I am not sure what you are looking at specifically. Feel free to file an issue if you see a problem.

@jboyd01
Copy link
Contributor

jboyd01 commented Aug 1, 2018

@jberkhahn It probably should be done for Originating Identity. I created a new issue for it: #2252

@jboyd01
Copy link
Contributor

jboyd01 commented Aug 1, 2018

@jberkhahn I looked at this too quickly - - that is the Originating Identity Locking locking that is defaulted to on. So I'm wrong, OI was never enabled by default. I think it should be, but I'm wrong in here where I said it was done already. I believe all the comments above are correct though in terms of what needs to be cleaned up for the NamespaceScoped broker feature gate.

@jberkhahn jberkhahn force-pushed the enable_namespaced_brokers branch from 7f4c760 to fa5aa2f Compare August 1, 2018 21:01
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Aug 1, 2018
@jberkhahn
Copy link
Contributor Author

Ok, fixed the charts and added a bit to the docs about it.

@jberkhahn jberkhahn force-pushed the enable_namespaced_brokers branch from fa5aa2f to 57a0b69 Compare August 1, 2018 21:04
jboyd01
jboyd01 reviewed Aug 1, 2018
View reviewed changes
charts/catalog/templates/apiserver-deployment.yaml Outdated
@@ -60,9 +60,9 @@ spec:
- --feature-gates
- OriginatingIdentity=true
{{- end }}
{{- if .Values.namespacedServiceBrokerEnabled }}
{{- if not .Values.namespacedServiceBrokerEnabled }}
Copy link
Contributor

@jboyd01 jboyd01 Aug 1, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My quick read on this is if the value is set to false or not defined, it will set the NamespacedServiceBroker to false. I'd prefer to see this only set it to false if the value is explicitly set to false in values.yaml. I was originally thinking we'd remove the NSB variable from values.yaml, but I guess as long as its present and set to true it's going to do the right thing. WDYT? Probably not worth changing, ok as is.

jboyd01
jboyd01 reviewed Aug 1, 2018
View reviewed changes
charts/catalog/templates/controller-manager-deployment.yaml Outdated
@@ -81,9 +81,9 @@ spec:
- --feature-gates
- CatalogRestrictions=true
{{- end }}
{{- if .Values.namespacedServiceBrokerEnabled }}
{{- if not .Values.namespacedServiceBrokerEnabled }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same as above

jboyd01
jboyd01 reviewed Aug 1, 2018
View reviewed changes
charts/catalog/values.yaml Outdated
@@ -1,6 +1,6 @@
# Default values for Service Catalog
# service-catalog image to use
image: quay.io/kubernetes-service-catalog/service-catalog:v0.1.27
image: docker.io/jberkhahn/service-catalog:canary
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is unintentional and should be reverted right?

jboyd01
jboyd01 previously requested changes Aug 1, 2018
View reviewed changes
Copy link
Contributor

@jboyd01 jboyd01 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this looks good, thanks for doing it. Looks like an accidental change of the repo that should not be in here though.

@jberkhahn jberkhahn force-pushed the enable_namespaced_brokers branch from 57a0b69 to 72ce783 Compare August 1, 2018 22:27
@jberkhahn
Copy link
Contributor Author

Hmm, it seems Jay was right. If you don't pass in an option to Helm, it interprets it as being false. So if you don't pass in EnableNamespaced brokers, it would evaluate to false and set the option to false. So I had to change it to an affirmative DisableNamespacedBrokers flag.

also, cleaned up the typo.

Thoughts?

@jboyd01 jboyd01 dismissed their stale review August 2, 2018 12:51

the repo issue was addressed, thanks!

@jboyd01
Copy link
Contributor

jboyd01 commented Aug 2, 2018

/LGTM
Thanks for hashing through this @jberkhahn!

@k8s-ci-robot k8s-ci-robot added the lgtm Indicates that a PR is ready to be merged. label Aug 2, 2018
@MHBauer
Copy link
Contributor

MHBauer commented Aug 2, 2018

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: MHBauer

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Aug 2, 2018
@MHBauer
Copy link
Contributor

MHBauer commented Aug 2, 2018

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Aug 2, 2018
@k8s-ci-robot k8s-ci-robot merged commit 94100a8 into kubernetes-retired:master Aug 2, 2018
@MHBauer MHBauer mentioned this pull request Aug 2, 2018
Merged
@jboyd01 jboyd01 mentioned this pull request Aug 14, 2018
Merged
@jboyd01 jboyd01 mentioned this pull request Aug 28, 2018
Closed
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@MHBauer MHBauer MHBauer left review comments

@jboyd01 jboyd01 jboyd01 left review comments

@kibbles-n-bytes kibbles-n-bytes Awaiting requested review from kibbles-n-bytes

@pmorie pmorie Awaiting requested review from pmorie

@eriknelson eriknelson Awaiting requested review from eriknelson

Assignees
No one assigned
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm Indicates that a PR is ready to be merged. LGTM1 LGTM2 size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jberkhahn @MHBauer @eriknelson @jboyd01 @k8s-ci-robot