-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable webhooks in envtest #3209
Enable webhooks in envtest #3209
Conversation
Welcome @Boutheina-Dab! |
Hi @Boutheina-Dab. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
test/helpers/envtest.go
Outdated
Rule: admissionv1beta1.Rule{ | ||
APIGroups: []string{"apps"}, | ||
APIVersions: []string{"v1"}, | ||
Resources: []string{"deployments"}, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this just a placeholder for testing?
Is the goal to make this parameterized in a way to deploy the webhooks for the CRD resources we are generating? If so, would it be possible to leverage the generated yaml for this somehow? I'd like to see if we can avoid having to replicate content manually for tests where it could get out of sync with the annotations/generated content.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It's to enable webhooks in envtest.
This PR is to fix the issue #2788
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Boutheina-Dab my apologies for not being a bit more clear, I was referencing the hardcoding of apps.v1.deployments
here along with the various other properties of the webhooks (side effects, path, mutating vs non-mutating, etc)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@detiber no problem. I got it. Where can I find the generated yaml file of the CRD resources? Sorry, but I'm still new in the codebase of capi.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If I may add my two cents to this discussion,
If our goal is to add webhooks for the core types, I think that we should try to use the webhook yaml configuration from
- /config/webhook
- boostrap/kubeadm/config/webhook
- controlplane/kubeadm/config/webhook
Instead of hardcoding a copy of the webhook definition here, so there is no effort for keeping things in sync.
From a quick look at the controller runtime code, this can be achieved by setting WebhookInstallOptions.DirectoryPaths
instead of WebhookInstallOptions. ValidatingWebhooks/MutatingWebhooks
(even do it is not clear to me if calling kustomize is on us or on controller runtime)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks @fabriziopandini Actually, yes, I was working on that this morning, and I tried to set DirectoryPaths: []string{filepath.Join("config", "webhooks")}, (instead of WebhookInstallOptions. ValidatingWebhooks/MutatingWebhooks). I am testing it. But, didn't include yet:
- boostrap/kubeadm/config/webhook
- controlplane/kubeadm/config/webhook
(As long as I understand, only manifest yaml file is needed to install webhook, do we need to call kustomization?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's a good question.
AFAIK, kustomization.yaml defines some patches for the webhooks, like e.g. webhookcainjection_patch.yaml, but TBH, I'm not sure this is required for envtest.
@vincepri ^^
In the meantime, you can experiment on using the manifest alone
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It should work using those directly, although it might be worthwhile in the future to run kustomize in memory but let's tackle that when controller-runtime has support for conversion webhooks as well
/retest |
test/helpers/envtest.go
Outdated
@@ -114,6 +121,27 @@ func NewTestEnvironment() *TestEnvironment { | |||
} | |||
} | |||
|
|||
func initializeWebhookInEnvironment() { | |||
namespacedScopeV1Beta1 := admissionv1beta1.NamespacedScope |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tests are failing because those variables are declared but not used.
(In case you don't already know) you can use make lint
or make lint-full
(a little bit slower) to check these types of problems locally before pushing new changes
/reset |
cbf8cf7
to
6f00f92
Compare
Makefile
Outdated
-killall -9 etcd | ||
-killall -9 kube-apiserver |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any reason we need these killall directives? Shouldn't envtest shutdown at the end of each test?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think so. envtest should shutdown at the end of each test. In fact "make clean-envtest" does not find any process to kill ..
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's remove it if that's the case? wdyt?
test/helpers/envtest.go
Outdated
|
||
klog.V(2).Infof("Waiting for webhook port %d to be open prior to running tests", port) | ||
timeout := time.Second | ||
notOpen := true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Seems this is unused?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
WaitForWebhooks() function is used in suites_test here: https://github.com/Boutheina-Dab/cluster-api/blob/432f4986cf09388ccb46f6212bf43af74c32d3e0/controllers/suite_test.go#L118
3d7eb4e
to
a36fb79
Compare
func Init() { | ||
minNodeStartupTimeout = metav1.Duration{Duration: 1 * time.Millisecond} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
func Init() { | |
minNodeStartupTimeout = metav1.Duration{Duration: 1 * time.Millisecond} | |
} | |
func init() { | |
minNodeStartupTimeout = metav1.Duration{Duration: 1 * time.Millisecond} | |
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vincepri init() function does not set minNodeStartupTimeout to 1ms (see test output) for envtest.
That's why I was adding the func SetminNodeStartupTimeoutForTest() in the envtest, which seems like it fixes the issue
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're right, the init
function only works when the api/v1alpha3
package is tested, what about something like this?
diff --git a/api/v1alpha3/machinehealthcheck_webhook.go b/api/v1alpha3/machinehealthcheck_webhook.go
index 67b99bfba..d951cccdd 100644
--- a/api/v1alpha3/machinehealthcheck_webhook.go
+++ b/api/v1alpha3/machinehealthcheck_webhook.go
@@ -18,6 +18,7 @@ package v1alpha3
import (
"fmt"
+ "sync"
"time"
apierrors "k8s.io/apimachinery/pkg/api/errors"
@@ -36,10 +37,23 @@ var (
// 10 minutes should allow the instance to start and the node to join the
// cluster on most providers.
defaultNodeStartupTimeout = metav1.Duration{Duration: 10 * time.Minute}
+
// Minimum time allowed for a node to start up
- minNodeStartupTimeout = metav1.Duration{Duration: 30 * time.Second}
+ minNodeStartupTimeout = metav1.Duration{Duration: 30 * time.Second}
+ minNodeStartupTimeoutOnce sync.Once
)
+// SetMinNodeStartupTimeout allows users to optionally set a custom timeout
+// for the validation webhook.
+//
+// This function is mostly used within envtest (integration tests), and should
+// never be used in a production environment.
+func SetMinNodeStartupTimeout(d metav1.Duration) {
+ minNodeStartupTimeoutOnce.Do(func() {
+ minNodeStartupTimeout = d
+ })
+}
+
func (m *MachineHealthCheck) SetupWebhookWithManager(mgr ctrl.Manager) error {
return ctrl.NewWebhookManagedBy(mgr).
For(m).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It gives this: Exptected failure, but got no error. here: https://github.com/Boutheina-Dab/cluster-api/blob/45a4b6eaa83cc3f81872d1a959da3440b6fe6d65/api/v1alpha3/machinehealthcheck_webhook_test.go#L198
1777053
to
426f75f
Compare
minNodeStartupTimeoutOnce.Do(func() { | ||
minNodeStartupTimeout = d | ||
}) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vincepri, this code doesn't work (i.e. causes MHC tests to fail) unless GODEBUG=asyncpreemptoff=1
is used.
Works fine if it's not wrapped in the sync.once construct.
This is with Go 1.15
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this related to the CI failures? We can avoid using sync.Once, and do a plain unsafe set. We can fix it later using the atomic
package (I don't think this would be a problem though).
Can you provide more information on why it'd make tests fail? To my understanding, we're still using Go 1.13.x in CI
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, it's causing the CI failures (at commit 25686716d
). Have no idea why it's making the tests fail, it's just if I remove it it works again.
Need to address linter statements
|
@Boutheina-Dab please make sure to squash the commits before this merges |
28059e9
to
434b8f1
Compare
Can you rewrite the commit message "commit after rebase with master", and then can lgtm. |
434b8f1
to
7623ecf
Compare
7623ecf
to
9637747
Compare
/lgtm |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
Great work @Boutheina-Dab ! Thank you for working on this 🎉
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vincepri The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Thanks all for your review and comments! Thanks @randomvariable for your precious help :) |
What this PR does / why we need it:
This PR is to enable webhooks in envtest
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged): Fixes #2788