-
Notifications
You must be signed in to change notification settings - Fork 407
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[POC] Can serverless-webhook be removed ? #17562
Comments
This issue or PR has been automatically marked as stale due to the lack of recent activity. This bot triages issues and PRs according to the following rules:
You can:
If you think that I work incorrectly, kindly raise an issue with the problem. /lifecycle stale |
Our current validation rules for function CR:
Opened ticket: kubernetes-sigs/controller-tools#827
PoC PR: #18034 Webhook secret:
Out secrer is created in chart and has .dockerconfigjson no matter if is internal or not. Consits of following fields:
Our controller uses The distinction between User can create registry secret by kubectl: kubectl create secret docker-registry my-secret --docker-server=DOCKER_REGISTRY_SERVER --docker-username=DOCKER_USER
--docker-password=DOCKER_PASSWORD --docker-email=DOCKER_EMAIL From out perspective this webhook is unnecesary if we point users to create registry secret using kubectl. |
The following steps would allow us to remove serverless webhook
|
Description
This exercise it to verify if we can get rid of serverless-webhook in favor of validation rules that can be defined in the Function CRD itself.
Find out which features of serverless webhook would be sacrified if only validation rules on CRD would be used.
Could we introduce the rules and cover the same validation/defaulting rules w/o api breaking changes?
Reasons
Webhooks are intercepting calls to apiserver and introduce another point of failure.
By getting rid of our webhook we can improve resiliency of serverless module and remove the problem of CA generation.
Also, atm user can apply functions CR only after webhook is up, and it takes it a while until its up.
If we get rid of webhooks we will enable true declarative way of defining function.
Attachments
https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#validation-rules
The text was updated successfully, but these errors were encountered: