-
Notifications
You must be signed in to change notification settings - Fork 671
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Replace init-certs webhook initContainer with Helm template #5558
base: master
Are you sure you want to change the base?
Replace init-certs webhook initContainer with Helm template #5558
Conversation
ba968ac
to
0ca2557
Compare
0ca2557
to
3fd4ed9
Compare
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## master #5558 +/- ##
=======================================
Coverage 60.98% 60.98%
=======================================
Files 796 796
Lines 51647 51647
=======================================
Hits 31498 31498
Misses 17249 17249
Partials 2900 2900
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
3fd4ed9
to
74a5b67
Compare
@@ -56,7 +56,8 @@ ${GOPATH:-~/go}/bin/helm-docs -c ${DIR}/../charts/ | |||
|
|||
# This section is used by GitHub workflow to ensure that the generation step was run | |||
if [ -n "$DELTA_CHECK" ]; then | |||
DIRTY=$(git status --porcelain) | |||
# find only deleted or removed lines, not replaced values | |||
DIRTY=$(git diff --word-diff | grep "^[{\[]") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The CI check needs to be updated to understand that some values may change when regenerating Helm charts
An alternative approach would be to add values.yaml entries and plumb them through -- but that feels a bit overkill
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks like a more fine-grained comparison. What do you think @eapolinario?
- Replicates the functionality from the webhook init-certs cli command from Flyte: https://github.com/flyteorg/flyte/blob/master/flytepropeller/pkg/webhook/init_cert.go This produces a ca.crt, tls.crt and tls.key value needed for the webhook, rather than needing to create a container that needs to have network and Kubernetes access. - Uses the Helm lookup helper to prevent regenerating on upgrades - Update CI check to only fail when lines are deleted or removed from the generated Helm output, not when values are modified Signed-off-by: ddl-ebrown <[email protected]>
74a5b67
to
7070739
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I just reproduced this and can confirm that not only the secret is created but propeller works correctly for a wf execution.
Thanks so much, I think it helps with lower startup times for the backend.
Great - thanks for double checking things on your end! We've been using this patch in our automated / CI deployments since I put up this PR and things are also working great on our side as well. |
Tracking issue
Why are the changes needed?
Removes unnecessary webhook initContainer
What changes were proposed in this pull request?
Replicates the functionality from the webhook init-certs cli command from Flyte:
https://github.com/flyteorg/flyte/blob/master/flytepropeller/pkg/webhook/init_cert.go
This produces a ca.crt, tls.crt and tls.key value needed for the webhook, rather than needing to create a container that needs to have network and Kubernetes access.
Uses the Helm lookup helper to prevent regenerating on upgrades
How was this patch tested?
Setup process
Screenshots
Check all the applicable boxes
Related PRs
Docs link