Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Docs: Please elaborate topolvm.io/webhook=ignore #907

Closed
guettli opened this issue May 3, 2024 · 7 comments · Fixed by #920
Closed

Docs: Please elaborate topolvm.io/webhook=ignore #907

guettli opened this issue May 3, 2024 · 7 comments · Fixed by #920
Labels
request

Comments

@guettli
Copy link
Contributor

guettli commented May 3, 2024

What should the feature do:

In the future, the reader of getting started docs should understand this:

TopoLVM uses webhooks. To work webhooks properly, add a label to the target namespace. We also recommend to use a dedicated namespace.

kubectl label namespace topolvm-system topolvm.io/webhook=ignore
kubectl label namespace kube-system topolvm.io/webhook=ignore

Please elaborate the markdown-file and explain why this is needed.

webhook=ignore looks like disabling webhooks.

Thank you very much for topolvm!
@guettli guettli added the request label May 3, 2024
@guettli guettli changed the title Docs: Docs: Please elaborate topolvm.io/webhook=ignore May 3, 2024
@cupnes
Copy link
Contributor

cupnes commented May 7, 2024

@guettli
If the namespace is not labeled topolvm.io/webhook=ignore, mutating webhooks of topolvm-controller are executed for pods and PVCs. These webhooks are for resources managed by TopoLVM. Therefore, topolvm-system and kube-system are labeled with topolvm.io/webhook=ignore to prevent those webhooks from being executed.
I will add the above explanation to getting started docs.

@guettli
Copy link
Contributor Author

guettli commented May 7, 2024

What would happen, if you don't set the label on the namespace?

Why do the mutating webhooks of topolvm-controller not handle that? Then it would be a bit easier to configure topolvm.

@cupnes
Copy link
Contributor

cupnes commented May 8, 2024

@guettli
If topolvm.io/webhook=ignore isn't set for the namespace, Pods and PVCs in that namespace are handled by mutating webhooks. In the case of Pods, this means adding annotations about capacity, etc. In the case of PVCs, this means adding finalizers, etc.

Whether mutating webhooks in topolvm-controller works or not should be configured by the user. At first glance, a possible implementation is that the webhooks handler should do nothing for the topolvm-system or kube-system namespace, but in some environments, the Kubernetes system may not be a kube-system namespace.

@guettli
Copy link
Contributor Author

guettli commented May 8, 2024

What happens if you don't set the topolvm.io/webhook=ignore for both namespaces? I guess this gets done to avoid some kind of risk. Maybe I am just too new to the topic. I don't see any reason to skip these two namespaces. Please let us know your arguments so that we can understand the reasons.

@cupnes
Copy link
Contributor

cupnes commented May 10, 2024

@guettli
There was another more important reason. When using the topolvm-scheduler, mutating webhooks are triggered for pods. Since the topolvm-controller executes the webhooks, it has to be excluded from webhooks when it does not exist itself, otherwise, the dependency will loop and topolvm will not start up.
The current topolvm chart configuration has capacity tracking enabled by default and no mutating webhooks. Therefore, by default, there is no problem without the topolvm.io/webhook=ignore setting.
About PVCs, there may be user PVCs, especially in the kube-system. It is also not necessarily the case that there are no user PVCs in the topolvm-system. It is, therefore, safer to set topolvm.io/webhook=ignore for topolvm-system and kube-system.

@guettli
Copy link
Contributor Author

guettli commented May 17, 2024

@cupnes thank you very much for the last reply. Now I understood it.

cupnes added a commit that referenced this issue May 20, 2024
@cupnes
docs: add a note explaining the need for topolvm.io/webhook=ignore
3ff8162 
In getting started, it is not clear why `topolvm.io/webhook=ignore` is
needed. Add a note explaining it.

Closes: #907

Signed-off-by: Yuma Ogami <yuma-ogami@cybozu.co.jp>
@cupnes cupnes mentioned this issue May 20, 2024
Merged
@cupnes
Copy link
Contributor

cupnes commented May 20, 2024

I created this PR to add a note explaining the need for topolvm.io/webhook=ignore.

cupnes added a commit that referenced this issue May 23, 2024
@cupnes
docs: add a note explaining the need for topolvm.io/webhook=ignore
2275580 
In getting started, it is not clear why `topolvm.io/webhook=ignore` is
needed. Add a note explaining it.

Closes: #907

Signed-off-by: Yuma Ogami <yuma-ogami@cybozu.co.jp>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
request
Projects
Development
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: add a note explaining the need for topolvm.io/webhook=ignore topolvm/topolvm
2 participants
@guettli @cupnes