Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: add kyverno patch config #564

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feature: add kyverno patch config #564

wants to merge 1 commit into from

Conversation

abstractmj
Copy link
Contributor

@abstractmj abstractmj commented Dec 28, 2022
edited by dixudx

feature: add kyverno style globalization and localization

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #551
Currently blocked by #611 to help solve the renaming module github.com/google/gnostic.

Special notes for your reviewer:

@abstractmj abstractmj requested review from a team and dixudx as code owners December 28, 2022 15:19
@abstractmj
Copy link
Contributor Author

@dixudx please take a look

based on kyverno/pkg/engine, I made some changes, because the opentelemetry package versions is conflict between kyverno and clusternet ( I cannot use kyverno package in clusternet project ):

  • replace the kyverno logging package dependency
  • remove some code about admission request info

dixudx
dixudx reviewed Dec 29, 2022
View reviewed changes
Copy link
Member

@dixudx dixudx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could we just import module github.com/kyverno/kyverno and use it, instead of adding files in pkg/kyverno?

It seems many files under folder pkg/kyverno are directly copied from package github.com/kyverno/kyverno.

@dixudx dixudx added the kind/feature New feature or request label Dec 29, 2022
@abstractmj
Copy link
Contributor Author

Could we just import module github.com/kyverno/kyverno and use it, instead of adding files in pkg/kyverno?

It seems many files under folder pkg/kyverno are directly copied from package github.com/kyverno/kyverno.

I try to use it directly, but the opentelemetry version of clusternet is conflict with kyverno.
solution 1: upgrade opentelemetry version in github.com/clusternet/apiserver
solution 2: remove the dependency in kyverno

finally i chose the latter.

@abstractmj
Copy link
Contributor Author

It seems many files under folder pkg/kyverno are directly copied from package github.com/kyverno/kyverno.

yes, many files are copied, but i made some changes

  • replace the kyverno logging package dependency
  • remove some code about admission request info in k8s webhook context

Is it better to put code in pkg/kyverno into annother project?

@dixudx
Copy link
Member

dixudx commented Dec 29, 2022

Could we just import module github.com/kyverno/kyverno and use it, instead of adding files in pkg/kyverno?
It seems many files under folder pkg/kyverno are directly copied from package github.com/kyverno/kyverno.

I try to use it directly, but the opentelemetry version of clusternet is conflict with kyverno. solution 1: upgrade opentelemetry version in github.com/clusternet/apiserver solution 2: remove the dependency in kyverno

finally i chose the latter.

I'd prefer to upgrade the dependencies versions, where github.com/clusternet/apiserver is already maintained. Also could we use a lower version kyverno that all the dependencies work with current modules?

yes, many files are copied, but i made some changes

replace the kyverno logging package dependency
remove some code about admission request info in k8s webhook context

Is it better to put code in pkg/kyverno into annother project?

Try to use a lower version kyverno to see whether it works with current dependencies. Or try other ways to solve the module conflict issues.

The main point is that we should avoid copying codes into clusternet. Using modules are more wise, which makes us easy to maintain, upgrade, etc.

@abstractmj
Copy link
Contributor Author

Could we just import module github.com/kyverno/kyverno and use it, instead of adding files in pkg/kyverno?
It seems many files under folder pkg/kyverno are directly copied from package github.com/kyverno/kyverno.

I try to use it directly, but the opentelemetry version of clusternet is conflict with kyverno. solution 1: upgrade opentelemetry version in github.com/clusternet/apiserver solution 2: remove the dependency in kyverno
finally i chose the latter.

I'd prefer to upgrade the dependencies versions, where github.com/clusternet/apiserver is already maintained. Also could we use a lower version kyverno that all the dependencies work with current modules?

yes, many files are copied, but i made some changes
replace the kyverno logging package dependency
remove some code about admission request info in k8s webhook context
Is it better to put code in pkg/kyverno into annother project?

Try to use a lower version kyverno to see whether it works with current dependencies. Or try other ways to solve the module conflict issues.

The main point is that we should avoid copying codes into clusternet. Using modules are more wise, which makes us easy to maintain, upgrade, etc.

Thank you for the advice, I will try a lower version kyverno.
but I am not sure it is better for clusternet to maintian and upgrade. because kyverno has lots of package dependency that we don't need, more conflicts may be introduced.

@dixudx
Copy link
Member

dixudx commented Jan 31, 2023

@abstractmj I've tried and found that using github.com/kyverno/kyverno v1.7.4 can solve the module conflicts. Would you please rebase this PR and replace the module version.

@dixudx dixudx added this to the v0.14.0 milestone Jan 31, 2023
@dixudx dixudx modified the milestones: v0.14.0, v0.15.0 Feb 13, 2023
@dixudx
Copy link
Member

dixudx commented Feb 20, 2023

@abstractmj Do you have time to modify this feature? I'd like to get it merged into next release v0.15.0.

@abstractmj
Copy link
Contributor Author

@dixudx Yes, I'll modify this feature in this week;

@abstractmj
feature: add kyverno patch config
cbd9d8c 
feature: add kyverno style globalization and localization
Signed-off-by: abstractmj <abstractmj@qq.com>
@abstractmj
Copy link
Contributor Author

abstractmj commented Feb 26, 2023
edited

telemetry module conflicts are solved by using kyverno v1.7.4; but I still found conflicts of module gnostic and module client-go when I was compiling the code; so I have to fork the kyverno to my own repository, please look at this commit @dixudx

https://github.com/abstractmj/kyverno/commits/v1.7.4-upgrade-gnostic

@dixudx
Copy link
Member

dixudx commented Feb 27, 2023

@abstractmj I've created a commit based on latest main branch, which imports kyverno v1.7.4 as a module. You can continue your work on this commit.

@abstractmj
Copy link
Contributor Author

@dixudx I've tried this, go mod tidy works fine, but errors occurs when compiling the code; this is why I have to fork the kyverno code

/data/pkg/mod/github.com/kyverno/kyverno@v1.7.4/pkg/dclient/discovery.go:65:9: cannot use c.cachedClient.OpenAPISchema() (value of type *"github.com/google/gnostic/openapiv2".Document) as type *"github.com/googleapis/gnostic/openapiv2".Document in return statement

the module gnostic/openapiv2 is different between client-go v0.23.5 and v0.24.2

@dixudx
Copy link
Member

dixudx commented Feb 27, 2023

I've tried this, go mod tidy works fine, but errors occurs when compiling the code; this is why I have to fork the kyverno code

@abstractmj Would you please create a new branch with this commit and your kyverno integration codes? We could have a collaboration on that branch.

@abstractmj
Copy link
Contributor Author

@dixudx okay

@abstractmj
Copy link
Contributor Author

abstractmj commented Feb 27, 2023
edited

@dixudx I create a pr to kyverno branch in your repository, please take a look
dixudx#1

Error occurs when compiling

@dixudx dixudx modified the milestones: v0.15.0, v0.16.0 Feb 27, 2023
@dixudx
Copy link
Member

dixudx commented Feb 27, 2023
edited

@abstractmj After investigating, the blocking part is the dependency googleapis/gnostic (which has been renamed as google/gnostic). It is such renaming that makes it difficult to converge all the dependencies.

Currently all k8s dependencies in Clusternet use module google/gnostic, but kyverno did not start using it until v1.9.0. What's more, in v1.9.0 kyverno bumped k8s dependencies to v1.26 as well.

/hold this feature until we bump k8s dependencies in Clusternet to v1.26. This is targeted to Clusternet next release v0.16.0.

@dixudx
Copy link
Member

dixudx commented Apr 11, 2023

@abstractmj Current the k8s dependencies in main branch have been upgraded to v1.26. You can rebase this PR and move forward. Thanks.

@abstractmj
Copy link
Contributor Author

great to hear that. I will move forward

@dixudx dixudx modified the milestones: v0.16.0, v0.17.0 Jun 21, 2023
@dixudx dixudx removed this from the v0.17.0 milestone Dec 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dixudx dixudx dixudx left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
do-not-merge/hold kind/feature New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support kyverno-style mutation in globalization and localization
2 participants
@abstractmj @dixudx