Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a flag to disable/enable the webhook while rendering Operator #57

Open
dashanji opened this issue Nov 16, 2022 · 9 comments · May be fixed by #102
Open

Add a flag to disable/enable the webhook while rendering Operator #57

dashanji opened this issue Nov 16, 2022 · 9 comments · May be fixed by #102

Comments

@dashanji
Copy link
Contributor

Hi, there, could we provide a flag to add a judgment in webhooks and relevant resources(service, volume, etc) while rendering Operator built by kubebuilder?
@dashanji dashanji mentioned this issue Nov 17, 2022
Closed
@arttor
Copy link
Owner

arttor commented Nov 26, 2022

Hi @dashanji can you please provide sample operator manifest along with actual and expected helmify output? it will help to write e2e test and fix the issue.

@arttor arttor mentioned this issue Nov 26, 2022
Open
@dashanji
Copy link
Contributor Author

Okay, In fact, we developed an operator using kubebuilder, and automatically generated a helm chart using helmify. If we can add the webhook option, as implemented in this commit, I believe many kubebuilder users are willing to use it to automatically generate helm charts and it is relatively perfect for helm users.

Refer kubernetes-sigs/kubebuilder#3074

@dashanji
Copy link
Contributor Author

@arttor Hi, are you working on this? If possible, I can help add the feature.

@arttor
Copy link
Owner

arttor commented Mar 24, 2023

@dashanji yes, you can create PR or help with the proposal.
In commit disabling webhook affects several manifests. For example, it removes volumeMounts from deployment:

        {{- if .Values.webhook.enabled }}
        volumeMounts:
        - mountPath: /tmp/k8s-webhook-server/serving-certs
          name: cert
          readOnly: true
        {{- end }}

The problem with this approach is that it is hard to define which volume is related to the webhook and which is not.

Will it work if we will just disable MutatingWebhookConfiguration or is there any better way to isolate webhook control?

@dashanji
Copy link
Contributor Author

If we only disable the MutatingWebhookConfiguration, it may not work as the deployment can't find the volume. Actually, for a standard operator created by kubebuilder, the generated volume is the same. So we can add a flag to disable/enable the webhook for a standard operator, and ignore the some corner cases (such as changing the volumes, etc). WDYT?

@arttor
Copy link
Owner

arttor commented Mar 24, 2023

If the goal is to simply disable webhook validation for CRD, then we can just disable webhook and leave volume, claim, service, and stuff. You can try to disable the default volume in deployment but it will require a lot of effort.

@arttor
Copy link
Owner

arttor commented Mar 29, 2023

@dashanji thank you for your contribution! #97 is merged and available in v0.3.34 release. Should we close this issue?

@dashanji
Copy link
Contributor Author

@dashanji thank you for your contribution! #97 is merged and available in v0.3.34 release. Should we close this issue?

I'm sorry not now. Actually, #97 is to add the cert-manager as a subchart rather than enable/disable the webhook. I'm still working on it and will ping you if finished. WDUT?

@dashanji dashanji linked a pull request Apr 3, 2023 that will close this issue
Open
@dashanji
Copy link
Contributor Author

Hi @arttor, the relevant pr is ready, could you please take a look?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@arttor @dashanji