⚠️ Run webhooks with managers #3985
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
the
size/XL
k8s-ci-robot
added
the
do-not-merge/work-in-progress
|
/milestone v0.4.0 |
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
|
/hold |
k8s-ci-robot
added
the
do-not-merge/hold
| # This configuration is for teaching kustomize how to update name ref and var substitution | ||
| varReference: | ||
| - kind: Deployment | ||
| path: spec/template/spec/volumes/secret/secretName |
There was a problem hiding this comment.
Is this actually needed? I feel like this was something that we previously used to hack together the separate manager and webhook deployments. I'm not seeing this in the upstream kubuebuilder examples: https://github.com/kubernetes-sigs/kubebuilder/tree/63b35350fe8b4d133c0bdb8fdd9a9a61fe30ac61/testdata/project-v3/config/default
There was a problem hiding this comment.
This is not in the kubuilder example, but I felt that we are on the safe path if we ensure all the webhook services get a different name for each provider, so during the reshuffle I preserved:
secretName: $(SERVICE_NAME)-cert # this secret will not be prefixed since it's not managed by kustomize
in bootstrap/kubeadm/config/certmanager/certificate.yaml and made the necessary changes for it being resolved in config/default/kustomize.yaml which basically consist of creating this file and referencing it
There was a problem hiding this comment.
would be good to also describe these changes in https://github.com/kubernetes-sigs/cluster-api/blob/master/docs/book/src/developer/providers/v1alpha3-to-v1alpha4.md
fabriziopandini
force-pushed
the
run-webhooks-with-managers
branch
from
51427d3 to
c2c839a
Compare
Done! |
|
/test pull-cluster-api-e2e-full-main |
|
/test pull-cluster-api-e2e-full-main |
|
LGTM pending squash |
fabriziopandini
force-pushed
the
run-webhooks-with-managers
branch
from
2b9da96 to
df4014d
Compare
|
@vincepri squashed! |
k8s-ci-robot
added
the
lgtm
|
/test pull-cluster-api-e2e-full-main |
fabriziopandini
force-pushed
the
run-webhooks-with-managers
branch
from
a196908 to
3533800
Compare
k8s-ci-robot
removed
the
lgtm
|
/test pull-cluster-api-e2e-full-main |
|
rebase & fixed error on machine pools test |
k8s-ci-robot
added
the
lgtm
|
/lgtm |
There was a problem hiding this comment.
lgtm overall
sorry for not getting to this earlier @fabriziopandini
fabriziopandini
force-pushed
the
run-webhooks-with-managers
branch
from
3533800 to
fa9edea
Compare
k8s-ci-robot
removed
the
lgtm
|
Rebased + adressed @CecileRobertMichon comments |
fabriziopandini
force-pushed
the
run-webhooks-with-managers
branch
from
fa9edea to
280db9a
Compare
|
/test pull-cluster-api-e2e-full-main |
|
/test pull-cluster-api-e2e-full-main The panic should be resolved in 1.21 |
|
/test pull-cluster-api-test-main |
|
/retest |
k8s-ci-robot
added
the
lgtm
|
/retest |
|
@fabriziopandini: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
/retest |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: CecileRobertMichon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
What this PR does / why we need it:
Given that #3042 for v1alpha4 requires single controllers managing all namespaces, this PR moves the webhooks back in the main manager and run them behind RBAC in case we'll need a client in the future.
Which issue(s) this PR fixes:
Fixes #3822