Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

set webhooks ownerReferences to namespace #2098

Merged
merged 1 commit into from
Jun 11, 2021

Conversation

novahe
Copy link
Contributor

@novahe novahe commented Apr 20, 2021

Changes

  • set webhooks ownerReferences to namespace

/kind cleanup

Fixes #2044

Release Note

NONE

Docs

@knative-prow-robot knative-prow-robot added the kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. label Apr 20, 2021
@google-cla google-cla bot added the cla: yes Indicates the PR's author has signed the CLA. label Apr 20, 2021
@knative-prow-robot knative-prow-robot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Apr 20, 2021
@knative-prow-robot
Copy link
Contributor

Welcome @novahe! It looks like this is your first PR to knative/pkg 🎉

@knative-prow-robot
Copy link
Contributor

Hi @novahe. Thanks for your PR.

I'm waiting for a knative member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@knative-prow-robot knative-prow-robot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Apr 20, 2021
@codecov
Copy link

codecov bot commented Apr 20, 2021

Codecov Report

Merging #2098 (603d3f7) into main (b51994e) will increase coverage by 0.22%.
The diff coverage is 60.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #2098      +/-   ##
==========================================
+ Coverage   67.31%   67.54%   +0.22%     
==========================================
  Files         215      215              
  Lines        9092     9110      +18     
==========================================
+ Hits         6120     6153      +33     
+ Misses       2697     2679      -18     
- Partials      275      278       +3     
Impacted Files Coverage Δ
webhook/configmaps/configmaps.go 86.45% <60.00%> (-1.59%) ⬇️
webhook/resourcesemantics/defaulting/defaulting.go 80.12% <60.00%> (-0.75%) ⬇️
...k/resourcesemantics/validation/reconcile_config.go 86.95% <60.00%> (-2.28%) ⬇️
apis/duck/v1beta1/destination.go 96.49% <0.00%> (-0.12%) ⬇️
test/ha/ha.go 17.39% <0.00%> (ø)
tracing/zipkin.go 68.42% <0.00%> (ø)
injection/config.go 0.00% <0.00%> (ø)
reconciler/events.go 100.00% <0.00%> (ø)
reconciler/filter.go 100.00% <0.00%> (ø)
webhook/admission.go 82.22% <0.00%> (ø)
... and 12 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b80a192...603d3f7. Read the comment docs.

@novahe novahe force-pushed the setWebhookOwnerReferences branch from 1b3b751 to 20349ea Compare April 20, 2021 17:07
@markusthoemmes
Copy link
Contributor

/ok-to-test

The code looks spot on, thanks! Have we tested this is actually fixing the referenced bug? Let's also make sure the OwnerReference doesn't cause the webhook config to be garbage collected. I guess manual tests for both of those are fine.

@knative-prow-robot knative-prow-robot added ok-to-test Indicates a non-member PR verified by an org member that is safe to test. and removed needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Apr 21, 2021
@novahe
Copy link
Contributor Author

novahe commented Apr 21, 2021

Thank you for reviewing @markusthoemmes

In my test environment
I tested to delete the ns, webhook config can be deleted:

image

I deleted webhook pod twice, The webhook config has not changed
image
only updated once

Am I missing something? What else do I need to do?

Copy link
Contributor

@markusthoemmes markusthoemmes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/assign @dprotaso

Sorry for having this dangling for a while. Adding Dave to assert if this isn't breaking assumptions in K8s API.

webhook/configmaps/configmaps.go Outdated Show resolved Hide resolved
webhook/resourcesemantics/validation/reconcile_config.go Outdated Show resolved Hide resolved
webhook/resourcesemantics/defaulting/defaulting.go Outdated Show resolved Hide resolved
@novahe novahe force-pushed the setWebhookOwnerReferences branch from 20349ea to 603d3f7 Compare June 7, 2021 15:16
@novahe
Copy link
Contributor Author

novahe commented Jun 7, 2021

/test pull-knative-pkg-unit-tests

@novahe novahe requested a review from markusthoemmes June 7, 2021 15:39
@novahe
Copy link
Contributor Author

novahe commented Jun 7, 2021

I fixed it, PTAL thanks

@dprotaso
Copy link
Member

🎉 tested it out and it works

/lgtm
/approve

@knative-prow-robot knative-prow-robot added the lgtm Indicates that a PR is ready to be merged. label Jun 11, 2021
@knative-prow-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dprotaso, novahe

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@knative-prow-robot knative-prow-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jun 11, 2021
@novahe
Copy link
Contributor Author

novahe commented Jun 11, 2021

/test pull-knative-pkg-unit-tests

@knative-prow-robot knative-prow-robot merged commit 8d21ce6 into knative:main Jun 11, 2021
@novahe novahe deleted the setWebhookOwnerReferences branch June 11, 2021 02:27
@julz
Copy link
Member

julz commented Jun 11, 2021

This is going to avoid a lot of user confusion, thanks @novahe 🎉🎉

cc @omerbensaadon @csantanapr I think you will like!

nak3 added a commit to nak3/serving that referenced this pull request Jun 14, 2021
This patch adds the permission to update `namespaces/finalizers`.

Since knative/pkg#2098 added ownerRef refers to namespace for webhook,
we need the permission. Without it, cluster which has a stricter RBAC
rules gets the following error:

```
cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on:
```
nak3 added a commit to nak3/serving that referenced this pull request Jun 14, 2021
This patch adds the permission to update `namespaces/finalizers`.

Since knative/pkg#2098 added ownerRef refers to namespace for webhook,
we need the permission. Without it, cluster which has a stricter RBAC
rules gets the following error:

```
cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on:
```
knative-prow-robot pushed a commit to knative/serving that referenced this pull request Jun 15, 2021
* Add permission to update namespace finalizer

This patch adds the permission to update `namespaces/finalizers`.

Since knative/pkg#2098 added ownerRef refers to namespace for webhook,
we need the permission. Without it, cluster which has a stricter RBAC
rules gets the following error:

```
cannot set blockOwnerDeletion if an ownerReference refers to a resource you can't set finalizers on:
```

* Add kapp workaround

* Add comment

* Remove white space

* Move kapp config into test/config/ytt/core

* remove unnecessary change
pierDipi added a commit to pierDipi/eventing-kafka-broker that referenced this pull request Jun 15, 2021
(similar to knative/eventing#5501)

This patch adds the permission to update `namespaces/finalizers`.

Since knative/pkg#2098 added ownerRef refers to namespace for webhook,
we need this permission. Without it, cluster which has a stricter RBAC
rules gets the following error:

```
cannot set blockOwnerDeletion if an ownerReference refers to a resource
you can't set finalizers on ...
```

Signed-off-by: Pierangelo Di Pilato <[email protected]>
knative-prow-robot pushed a commit to knative-extensions/eventing-kafka-broker that referenced this pull request Jun 15, 2021
…#1000)

(similar to knative/eventing#5501)

This patch adds the permission to update `namespaces/finalizers`.

Since knative/pkg#2098 added ownerRef refers to namespace for webhook,
we need this permission. Without it, cluster which has a stricter RBAC
rules gets the following error:

```
cannot set blockOwnerDeletion if an ownerReference refers to a resource
you can't set finalizers on ...
```

Signed-off-by: Pierangelo Di Pilato <[email protected]>
slinkydeveloper pushed a commit to slinkydeveloper/eventing-kafka-broker that referenced this pull request Jun 18, 2021
…knative-extensions#1000)

(similar to knative/eventing#5501)

This patch adds the permission to update `namespaces/finalizers`.

Since knative/pkg#2098 added ownerRef refers to namespace for webhook,
we need this permission. Without it, cluster which has a stricter RBAC
rules gets the following error:

```
cannot set blockOwnerDeletion if an ownerReference refers to a resource
you can't set finalizers on ...
```

Signed-off-by: Pierangelo Di Pilato <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cla: yes Indicates the PR's author has signed the CLA. kind/cleanup Categorizes issue or PR as related to cleaning up code, process, or technical debt. lgtm Indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Webhooks should get OwnerRef to namespace
5 participants