-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow porch namespace in cert/webhook to be configured #26
Allow porch namespace in cert/webhook to be configured #26
Conversation
/assign @johnbelamaric @tliron @efiacor |
/retest |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good.
A few minor comments.
@@ -175,7 +175,7 @@ func createValidatingWebhook(ctx context.Context, caCert []byte) error { | |||
} | |||
|
|||
var ( | |||
webhookNamespace = "porch-system" | |||
webhookNamespace = webhookNs | |||
validationCfgName = "packagerev-deletion-validating-webhook" | |||
webhookService = "api" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks a bit odd also. Hardcoded svc name
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, That and a number of other things need to be cleaned up. The aim with this PR is to allow the namespace to be changed, whihc is a blocker. I have raised another improvement issue which addresses these other hardcoded values. See nephio-project/nephio#554
The proposal is that rather than having a load of configuration in Porch, we allow users to specify their own webhook where they can specify what they want. The self-signed one here will be retained more for development and integration test. For in-service deployments we will recommend users create and configure their own webhooks.
34d6949
to
1a7527b
Compare
/approve |
d089956
to
717b3ea
Compare
717b3ea
to
5ce3d0d
Compare
/lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: efiacor, kushnaidu, liamfallon The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This PR implements a straightforward fix for Issue 553. It allows the namespace that Porch uses for generation of the deletion validation webhook and certs to be configured by setting the new CERT_NAMESPACE environment variable.
Ideally we should allow the certs and the webhook to be externally specified and then passed to Porch in configuration as suggested in the issue description. However, this PR will allow deployment of Porch in namespaces other than "porch-system" for now.
This PR has been tested manually on a Kind cluster with Porch installed on the default "porch-system" namespace and on a different configured namespace porch-nstest. Below is a fragment of the 3-porch-server.yaml Deployment spec, note the new environment variable
CERT_NAMESPACE
. Deletion now works in both cases with the appropriate namespace configuration.