kubernetes-sigs
✨ Make webhook setup conditional based on user provided config
Make webhook configuration apply only if it's specified by the user through:
.WebhookInstallOptions.ValidatingWebhooks.WebhookInstallOptions.MutatingWebhooks- either of provided CRDs having
.Spec.Conversion.Webhookset
Without this change, environments with CRDs that have multiple versions receive the following errors:
Create error: conversion webhook for apigroup.com/v1beta1, Kind=MyCustomKind failed: Post "https://127.0.0.1:59762/convert?timeout=30s": dial tcp 127.0.0.1:59762: connect: connection refused
x-ref: https://kubernetes.slack.com/archives/C02MRBMN00Z/p1763049500384929
Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all
[APPROVALNOTIFIER] This PR is NOT APPROVED
This pull-request has been approved by: pmalek Once this PR has been reviewed and has the lgtm label, please assign sbueringer for approval. For more information see the Code Review Process.
The full list of commands accepted by this bot can be found here.
Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment
Am I understanding correctly that the use case is to have CRDs with multiple apiVersions without conversion? How does this work?
@pmalek: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:
| Test name | Commit | Details | Required | Rerun command |
|---|---|---|---|---|
| pull-controller-runtime-test | 6b65009604f671a37df168ec0c4e2801350dacc7 | link | true | /test pull-controller-runtime-test |
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.
Am I understanding correctly that the use case is to have CRDs with multiple apiVersions without conversion? How does this work?
For my particular use case I don't need the conversion as I'm only testing the CRD CEL expressions and not controller's behavior.
After looking at the test code in controller-runtime I came up with a stub conversion webhook server:
ws := webhook.NewServer(webhook.Options{
Port: testEnv.WebhookInstallOptions.LocalServingPort,
Host: testEnv.WebhookInstallOptions.LocalServingHost,
CertDir: testEnv.WebhookInstallOptions.LocalServingCertDir,
})
ws.Register("/convert", conversion.NewWebhookHandler(scheme))
go func() {
require.NoError(t, ws.Start(ctx))
}()
which fulfilled my needs.
I think we can close this one unless there's something that I missed which would make it reasonable to skip webhook altogether for use cases like mine.
I'm mostly wondering why it just doesn't work out of the box.
If the schema is configured correctly and conversion is implemented correctly envtest should just create a fully functioning conversion endpoint
I'm mostly wondering why it just doesn't work out of the box.
If the schema is configured correctly and conversion is implemented correctly envtest should just create a fully functioning conversion endpoint
For historical reference (in case someone want to debug this):
- This is the code for envtest setup: https://github.com/Kong/kong-operator/blob/5bacab4eb36d952a015ea7b6ac95507f8ca5c2f6/test/envtest/setup.go#L48-L62
- This is the scheme constructor function which is used in every test: https://github.com/Kong/kong-operator/blob/378bd036120af98ac5f5bab84ed96dcccee0b19b/modules/manager/scheme/scheme.go#L22-L43
- This is the CRD in question: https://github.com/Kong/kong-operator/blob/4ce3b776313be72315b98109d8163be5ab1d9bbb/config/crd/kong-operator/gateway-operator.konghq.com_controlplanes.yaml