Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

admission-aws: Adapt Secrets webhook to rely on the provider label #551

Merged
merged 2 commits into from
May 30, 2022
Merged

admission-aws: Adapt Secrets webhook to rely on the provider label #551

merged 2 commits into from
May 30, 2022

Conversation

ialidzhikov
Copy link
Member

/area robustness
/area cost
/kind enhancement
/platform aws

What this PR does / why we need it:
This PR:

Which issue(s) this PR fixes:
Part of gardener/gardener-extension-provider-gcp#143 but for admission-aws

Release note:

This version of admission-aws requires the SecretBinding provider controller to be enabled - enabled by default for gardener-controller-manager >= 1.42 or can be enabled via the gardener-controller-manager component config.

The Secrets webhook of admission-aws:
- no longer intercepts every Secret UPDATE request but only requests for Secrets that are associated with a SecretBinding with `provider.type=aws`.
- no longer needs to list Shoots (hence, no cache for Shoots)

The admission-aws component introduces a new SecretBinding validator. It validates requests for SecretBindings and checks whether the SecretBinding refers to a valid AWS Secret.

@ialidzhikov ialidzhikov requested review from a team as code owners May 26, 2022 06:10
@gardener-robot gardener-robot added area/cost Cost related area/robustness Robustness, reliability, resilience related kind/enhancement Enhancement, improvement, extension platform/aws Amazon web services platform/infrastructure needs/review Needs review size/l Size of pull request is large (see gardener-robot robot/bots/size.py) needs/second-opinion Needs second review by someone else labels May 26, 2022
@gardener-robot-ci-2 gardener-robot-ci-2 added the reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) label May 26, 2022
@gardener-robot-ci-1 gardener-robot-ci-1 added needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) and removed reviewed/ok-to-test Has approval for testing (check PR in detail before setting this label because PR is run on CI/CD) labels May 26, 2022
rfranzke
rfranzke approved these changes May 30, 2022
View reviewed changes
Copy link
Member

@rfranzke rfranzke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@gardener-robot gardener-robot added reviewed/lgtm Has approval for merging and removed needs/review Needs review needs/second-opinion Needs second review by someone else labels May 30, 2022
@rfranzke rfranzke merged commit f254635 into gardener:master May 30, 2022
@gardener-robot gardener-robot added the status/closed Issue is closed (either delivered or triaged) label May 30, 2022
@ialidzhikov ialidzhikov deleted the enh/admission-aws branch October 9, 2022 14:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rfranzke rfranzke rfranzke approved these changes

Assignees
No one assigned
Labels
area/cost Cost related area/robustness Robustness, reliability, resilience related kind/enhancement Enhancement, improvement, extension needs/ok-to-test Needs approval for testing (check PR in detail before setting this label because PR is run on CI/CD) platform/aws Amazon web services platform/infrastructure reviewed/lgtm Has approval for merging size/l Size of pull request is large (see gardener-robot robot/bots/size.py) status/closed Issue is closed (either delivered or triaged)
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@ialidzhikov @rfranzke @gardener-robot-ci-1 @gardener-robot-ci-2 @gardener-robot