-
Notifications
You must be signed in to change notification settings - Fork 152
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
API: Use new token generation SSP API and remove feature gate #3087
base: main
Are you sure you want to change the base?
Conversation
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
33a9922
to
25eac49
Compare
Pull Request Test Coverage Report for Build 11124276641Details
💛 - Coveralls |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the PR @akrejcir
What will happen on upgrade, if the DeployVMConsoleProxy
FG is set?
Good point, I did not consider update. Does HCO have functionality to run some logic only during update? It would be good, if we can copy the value of the feature gate to the new field in |
HCO does have code that only run during upgrade, but we need to avoid modifying the HyperConverged spec. Another alternative is the mutation webhook. @tiraboschi WDYT? |
hco-e2e-kv-smoke-gcp lane succeeded. |
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-kv-smoke-azure In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
In |
Thanks, I will add a patch there. |
25eac49
to
cf2b009
Compare
cf2b009
to
4355973
Compare
hco-e2e-kv-smoke-gcp lane succeeded. |
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-kv-smoke-azure In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
e44cc2f
to
7dc0c86
Compare
@akrejcir: The following test failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
hco-e2e-kv-smoke-gcp lane succeeded. |
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-kv-smoke-azure In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
The token generation API was stabilized in the SSP, and feature gate was removed: kubevirt/ssp-operator#1018 This commit removes the same feature gate from HCO, and adds a new field in the .spec to enable this feature. Signed-off-by: Andrej Krejcir <akrejcir@redhat.com>
7dc0c86
to
25f2d24
Compare
Quality Gate passedIssues Measures |
hco-e2e-upgrade-prev-operator-sdk-sno-aws lane succeeded. |
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-operator-sdk-gcp, ci/prow/hco-e2e-upgrade-operator-sdk-sno-azure, ci/prow/hco-e2e-upgrade-prev-operator-sdk-azure, ci/prow/hco-e2e-upgrade-prev-operator-sdk-sno-azure In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
hco-e2e-consecutive-operator-sdk-upgrades-azure lane succeeded. |
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-consecutive-operator-sdk-upgrades-aws, ci/prow/hco-e2e-operator-sdk-sno-aws In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
@akrejcir: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
/retest |
Can you please take another look? |
hco-e2e-kv-smoke-gcp lane succeeded. |
@hco-bot: Overrode contexts on behalf of hco-bot: ci/prow/hco-e2e-kv-smoke-azure In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
}, | ||
{ | ||
"semverRange": "<1.14.0", | ||
"jsonPatch": [ | ||
{ | ||
"op": "test", | ||
"path": "/spec/featureGates/deployVmConsoleProxy", | ||
"value": false | ||
}, | ||
{ | ||
"op": "add", | ||
"path": "/spec/enableTokenGenerationApi", | ||
"value": false | ||
} | ||
] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@tiraboschi @akrejcir - are we sure about this logic? the deprecated feature gate is false by default. And we want this field to be true by default.
I'm not sure I have good solution for this - we can't tell if the feature gate is false on purpose or was just left with its default value.
My concern we will carry this potential wrong value for all future upgrades.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wanted to do this update with minimal surprise for the user.
The problem is, as you've written, that we don't know if user decided to disable the feature, or just left it default.
If it was intentionally disabled, it would be a surprise to enable it on update.
But maybe we can enable it by default, and add a note to the documentation.
I'm not sure about this PR. Do we really need a new enabler field to replace the existing feature gate? The term "feature gate" is wrongly used in HCO anyway, and we need to treat the feature gates as "enablers". I think this change will just create mess. We want to introduce a new API, to fix the wrong feature gate naming anyway. I suggest to just replace the default value to true. |
And @akrejcir - sorry for the late response. |
Thanks for the feedback. I don't have any opinion on HCO API change. |
I agree with this:
We need to understand if we simply want to propose a new default for future fresh deployments or if we want also to "silently" change it for all the cluster on upgrades. |
What this PR does / why we need it:
The token generation API was stabilized in the SSP, and feature gate was removed:
kubevirt/ssp-operator#1018
This PR removes the same feature gate from HCO, and adds a new field in the .spec to enable this feature.
Reviewer Checklist
Jira Ticket:
Release note: