Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🌱 Let disable webhooks #4709

Closed
wants to merge 1 commit into from
Closed

🌱 Let disable webhooks #4709

wants to merge 1 commit into from

Conversation

enxebre
Copy link
Member

@enxebre enxebre commented Jun 1, 2021
edited
Loading

What this PR does / why we need it:
This change made webhooks to always run as part of the manager.

I'd like to keep the ability to disable running webhooks. Motivation is as adopting and building atop CAPI I’d like to do so gradually, going all in once with webhooks increase complexisty and resistance.

Also this is necessary to support other type than single controller deployments and should be part of this contract https://master.cluster-api.sigs.k8s.io/developer/architecture/controllers/support-multiple-instances.html#contract

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Jun 1, 2021
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please assign fabriziopandini after the PR has been reviewed.
You can assign the PR to them by writing /assign @fabriziopandini in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@enxebre
Let disable webhooks
f477e28 
[This change](https://github.com/kubernetes-sigs/cluster-api/commit/280db9a796d5e1c2b3b75aa3036fcfe44f669909#diff-a46ea7e53a9e71ee7642[…]57385a613ca5d51cL170-L173) made webhooks to always run as part of the manager.

I'd like to keep the ability to disable running webhooks. Motivation is as adopting and building atop CAPI I’d like to do so gradually, going all in once with webhooks increase complexisty and resistance.

Also this is necessary to support other type than single controller deployments and should be part of this contract https://master.cluster-api.sigs.k8s.io/developer/architecture/controllers/support-multiple-instances.html#contract
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Jun 1, 2021
@enxebre enxebre force-pushed the let-disable-webhooks branch from e89b647 to f477e28 Compare June 1, 2021 10:23
@enxebre enxebre changed the title Let disable webhooks 🌱 Let disable webhooks Jun 1, 2021
@enxebre enxebre mentioned this pull request Jun 1, 2021
Closed
4 tasks
enxebre added a commit to enxebre/hypershift that referenced this pull request Jun 1, 2021
@enxebre
Drop ExternalInfraCluster CRD in favour of AWSCluster
c5f4ec8 
This PR drops the ExternalInfraCluster CRD in favour of AWSCluster.

Originally we added support for externally managed infra in CAPA via the ExternalInfraCluster CRD kubernetes-sigs/cluster-api-provider-aws#2124 and we used that commit of CAPA in hypershift.

Later on we decided to revert that approach upstream and reuse the existing ${infra}Cluster CRDs with an annotation to support externally managed infrastructure kubernetes-sigs/cluster-api#4135

This PR bring latest CAPI/CAPA with one additional patch on top
kubernetes-sigs/cluster-api#4709
kubernetes-sigs/cluster-api-provider-aws#2453
to avoid running webhooks.

As a follow up we need to rebuild the images from the main branch once those patches are merged or otherwise enable webhooks.
enxebre added a commit to enxebre/hypershift that referenced this pull request Jun 1, 2021
@enxebre
Drop ExternalInfraCluster CRD in favour of AWSCluster
9e928c1 
This PR drops the ExternalInfraCluster CRD in favour of AWSCluster.

Originally we added support for externally managed infra in CAPA via the ExternalInfraCluster CRD kubernetes-sigs/cluster-api-provider-aws#2124 and we used that commit of CAPA in hypershift.

Later on we decided to revert that approach upstream and reuse the existing ${infra}Cluster CRDs with an annotation to support externally managed infrastructure kubernetes-sigs/cluster-api#4135

This PR bring latest CAPI/CAPA with one additional patch on top
kubernetes-sigs/cluster-api#4709
kubernetes-sigs/cluster-api-provider-aws#2453
to avoid running webhooks.

As a follow up we need to rebuild the images from the main branch once those patches are merged or otherwise enable webhooks.
@enxebre enxebre mentioned this pull request Jun 1, 2021
Merged
@enxebre
Copy link
Member Author

enxebre commented Jun 1, 2021

@fabriziopandini @vincepri @CecileRobertMichon @JoelSpeed @sbueringer would you have any objection to get this into v1alpha4?

@vincepri
Copy link
Member

vincepri commented Jun 1, 2021

If we do go forward with this change, I'd like to propose that we add a new flag like --disable-webhook or similar. Also the flags need to be propagate on all managers within this repository.

Thinking about it a bit more, even if the webhooks are registered and the server is running, if the service isn't registered within the CRDs or yaml definition truthfully the code won't run.

Motivation is as adopting and building atop CAPI I’d like to do so gradually, going all in once with webhooks increase complexisty and resistance

Webhooks code is treated as part of the codebase, and it's important that it runs on the same version as the manager.

@enxebre
Copy link
Member Author

enxebre commented Jun 2, 2021

Thinking about it a bit more, even if the webhooks are registered and the server is running, if the service isn't registered within the CRDs or yaml definition truthfully the code won't run.

@vincepri I also thought about this, the only drawback I can think of is you still need to provide a tls cert for the webhook server to not break the manager. Is there anything else you can think of? otherwise I think that's ok to satisfy https://master.cluster-api.sigs.k8s.io/developer/architecture/controllers/support-multiple-instances.html#contract

@vincepri
Copy link
Member

vincepri commented Jun 2, 2021

Wouldn't cert-manager generate the certs for you?

@enxebre
Copy link
Member Author

enxebre commented Jun 3, 2021

As discussed, there's no strict requirement to expose the webhooks CRs which would satisfy the contract above
/close

@k8s-ci-robot
Copy link
Contributor

@enxebre: Closed this PR.

In response to this:

As discussed, there's no strict requirement to expose the webhooks CRs which would satisfy the contract above
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@CecileRobertMichon CecileRobertMichon Awaiting requested review from CecileRobertMichon

@justinsb justinsb Awaiting requested review from justinsb

Assignees
No one assigned
Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@enxebre @k8s-ci-robot @vincepri