Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🏃 Loosen webhook validation on control plane to allow etcd changes #2553

Merged
merged 1 commit into from
Mar 6, 2020
Merged

🏃 Loosen webhook validation on control plane to allow etcd changes #2553

merged 1 commit into from
Mar 6, 2020

Conversation

chuckha
Copy link
Contributor

@chuckha chuckha commented Mar 5, 2020

Signed-off-by: Chuck Ha [email protected]

What this PR does / why we need it:
This PR loosens the web hook restriction allowing for changes to the etcd field but disallowing any other ClusterConfiguation field change.

Allows setting the etcd local image metadata after creation
Allows unsetting the etcd local image metadata after having set it
Denies changing any non-etcd local image metadata (either setting or unsetting)

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Related to #2543

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Mar 5, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: chuckha

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 5, 2020
@k8s-ci-robot k8s-ci-robot requested review from detiber and ncdc March 5, 2020 19:02
@chuckha chuckha force-pushed the control-plane-webhook branch from 74486ef to 83b1e7a Compare March 5, 2020 19:32
@chuckha chuckha force-pushed the control-plane-webhook branch from 83b1e7a to 8fc979b Compare March 5, 2020 22:22
chuckha
chuckha commented Mar 5, 2020
View reviewed changes
Copy link
Contributor Author

@chuckha chuckha left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@vincepri I'm gonna clean this up tomorrow but wanted to show you the direction this ended up going in

@chuckha chuckha force-pushed the control-plane-webhook branch 2 times, most recently from 7b22536 to 67c4676 Compare March 6, 2020 15:20
@vincepri
Copy link
Member

vincepri commented Mar 6, 2020

/milestone v0.3.0

@k8s-ci-robot k8s-ci-robot added this to the v0.3.0 milestone Mar 6, 2020
@chuckha
Copy link
Contributor Author

chuckha commented Mar 6, 2020

/test pull-cluster-api-test

@chuckha chuckha force-pushed the control-plane-webhook branch 4 times, most recently from e4cfa6c to 0af767d Compare March 6, 2020 18:45
@randomvariable
Copy link
Member

/test pull-cluster-api-capd-e2e

@chuckha
Copy link
Contributor Author

chuckha commented Mar 6, 2020

/assign @vincepri

This is ready to go if you're good with it

ncdc
ncdc reviewed Mar 6, 2020
View reviewed changes
controlplane/kubeadm/api/v1alpha3/kubeadm_control_plane_webhook.go Outdated Show resolved Hide resolved
controlplane/kubeadm/api/v1alpha3/kubeadm_control_plane_webhook_test.go
kcp: scheduler,
},
{
name: "should fail when making a change to the cluster config's dns",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We'll need this to be allowed as part of #2574, either here or as part of @wfernandes's PR, just FYI

controlplane/kubeadm/api/v1alpha3/kubeadm_control_plane_webhook.go Outdated Show resolved Hide resolved
@chuckha chuckha mentioned this pull request Mar 6, 2020
Merged
@vincepri
Copy link
Member

vincepri commented Mar 6, 2020

LGTM pending @ncdc's comments, looks great thanks for doing this @chuckha !

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 6, 2020
@chuckha chuckha force-pushed the control-plane-webhook branch from 0af767d to 81719e3 Compare March 6, 2020 21:25
@k8s-ci-robot k8s-ci-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Mar 6, 2020
@chuckha
Copy link
Contributor Author

chuckha commented Mar 6, 2020

@vincepri addressed the feedback. I'm not completely sure on the types of errors I chose to return (apierrors.InternalError) but they seemed to fit the best

vincepri
vincepri approved these changes Mar 6, 2020
View reviewed changes
Copy link
Member

@vincepri vincepri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 6, 2020
@vincepri
Copy link
Member

vincepri commented Mar 6, 2020

InternalError does seems the most appropriate, I'd expect users to file a bug if any of that happens

@k8s-ci-robot k8s-ci-robot merged commit a447c9f into kubernetes-sigs:master Mar 6, 2020
@k8s-ci-robot
Copy link
Contributor

@chuckha: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pull-cluster-api-capd-e2e 81719e3 link /test pull-cluster-api-capd-e2e

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@detiber detiber detiber left review comments

@ncdc ncdc ncdc left review comments

@vincepri vincepri vincepri approved these changes

Assignees

@vincepri vincepri

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
v0.3.0
Development

Successfully merging this pull request may close these issues.
6 participants
@chuckha @k8s-ci-robot @vincepri @randomvariable @ncdc @detiber