From a3a4050526cc530ba96fe504a334a2ee6321cfd6 Mon Sep 17 00:00:00 2001 From: prateekpandey14 Date: Mon, 29 Jun 2020 21:33:09 +0530 Subject: [PATCH 1/2] refact(webhook): make webhook config failure policy configurable commit enable the webhook validatingwebhookconfiguration failure policy configurable using a env called ADMISSION_WEBHOOK_FAILURE_POLICY. There are 2 types of failure policy which can be configurable are `Fail` and `Ignore`. `Fail` will be the default policy Signed-off-by: prateekpandey14 --- pkg/webhook/configuration.go | 29 +++++++++++++++++++++++++++-- 1 file changed, 27 insertions(+), 2 deletions(-) diff --git a/pkg/webhook/configuration.go b/pkg/webhook/configuration.go index 9de41170a6..810e52a4b0 100644 --- a/pkg/webhook/configuration.go +++ b/pkg/webhook/configuration.go @@ -37,6 +37,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/util/intstr" + "k8s.io/klog" ) const ( @@ -70,7 +71,9 @@ var ( Ignore = v1beta1.Ignore // Fail means that an error calling the webhook causes the admission to fail. Fail = v1beta1.Fail - + // WebhookFailurePolicye represents failure policy env name to make it configurable + // via ENV + WebhookFailurePolicy = "ADMISSION_WEBHOOK_FAILURE_POLICY" // transformation function lists to upgrade webhook resources transformSecret = []transformSecretFunc{} transformSvc = []transformSvcFunc{} @@ -221,7 +224,7 @@ func createValidatingWebhookConfig( CABundle: signingCert, }, TimeoutSeconds: &five, - FailurePolicy: &Fail, + FailurePolicy: failurePolicy(), } validator := &v1beta1.ValidatingWebhookConfiguration{ @@ -656,3 +659,25 @@ func preUpgrade(openebsNamespace string) error { return nil } + +// failurePolicy returns the admission webhook configuration failurePolicy +// based on the given WebhookFailurePolicy ENV set on admission server +// deployments. +// +// Default failure Policy is `Fail` if not provided. +func failurePolicy() *v1beta1.FailurePolicyType { + var policyType *v1beta1.FailurePolicyType + policy, present := os.LookupEnv(WebhookFailurePolicy) + if !present { + policyType = &Fail + } + + switch strings.ToLower(policy) { + default: + policyType = &Fail + case "no", "false", "ignore": + policyType = &Ignore + } + klog.Infof("Using webhook configuration failure policy as %q", *policyType) + return policyType +} From 33039958350b334fc70c10884dc06ec90c939be7 Mon Sep 17 00:00:00 2001 From: prateekpandey14 Date: Wed, 1 Jul 2020 13:46:25 +0530 Subject: [PATCH 2/2] refact(webhook): recreate validation config with version upgrade Signed-off-by: prateekpandey14 --- pkg/webhook/configuration.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/webhook/configuration.go b/pkg/webhook/configuration.go index 810e52a4b0..30e1cd034c 100644 --- a/pkg/webhook/configuration.go +++ b/pkg/webhook/configuration.go @@ -638,7 +638,7 @@ func preUpgrade(openebsNamespace string) error { for _, config := range webhookConfigList.Items { if config.Labels[string(apis.OpenEBSVersionKey)] != version.Current() { if config.Labels[string(apis.OpenEBSVersionKey)] == "" || - util.IsCurrentLessThanNewVersion(config.Labels[string(apis.OpenEBSVersionKey)], "1.10.0") { + util.IsCurrentLessThanNewVersion(config.Labels[string(apis.OpenEBSVersionKey)], "1.12.0") { err = validate.KubeClient().Delete(config.Name, &metav1.DeleteOptions{}) if err != nil { return fmt.Errorf("failed to delete older webhook config %s: %s", config.Name, err.Error())