Skip to content

[WIP] Add Mtls patch to Mutating Webhook #508

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

[WIP] Add Mtls patch to Mutating Webhook #508

wants to merge 5 commits into from
+1,257 −0

Conversation

Bobbins228
Copy link
Contributor

Issue link

What changes have been made

Verification steps

Checks

  • I've made sure the tests are passing.
  • Testing Strategy
    • Unit tests
    • Manual tests
    • Testing is not required for this change

Sorry, something went wrong.

@VanillaSpoon
add: raycluster oauth mutating webhook
Loading
Loading status checks…
76f065f
@openshift-ci OpenShift CI
Copy link

openshift-ci bot commented Apr 11, 2024

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign tedhtchang for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@VanillaSpoon
add: additional configurations
Loading
Loading status checks…
14f66b0
@VanillaSpoon
add: additional configurations
Loading
Loading status checks…
45bc0a0
franciscojavierarceo
franciscojavierarceo reviewed Apr 12, 2024
View reviewed changes
raycluster_webhook/src/patches.go Outdated
svcDomain := rayCluster.Name + "-head-svc." + rayCluster.Namespace + ".svc"
secretName := `ca-secret-` + rayCluster.Name
fmt.Println("Start")
domain, err := getDomainName()
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We know the error starts here.

franciscojavierarceo
franciscojavierarceo reviewed Apr 12, 2024
View reviewed changes
raycluster_webhook/src/patches.go Outdated
func getDomainName() (string, error) {
consoleRoute := &routev1.Route{}
fmt.Println("1")
fmt.Printf(client.ObjectKey{Name: NameConsoleLink, Namespace: NamespaceConsoleLink}.String())
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and that this technically works, which I suppose isn't terribly shocking.

franciscojavierarceo
franciscojavierarceo reviewed Apr 12, 2024
View reviewed changes
raycluster_webhook/src/patches.go
fmt.Println("2")
fmt.Printf(consoleRoute.String())

if err := k8Client.Get(context.TODO(), types.NamespacedName{Name: NameConsoleLink, Namespace: NamespaceConsoleLink}, consoleRoute); err != nil {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But this fails.

So, something is misbehaving into this .Get().

  1. It's probably not the context.TODO()
  2. I think we fixed the types.NamespacedName Struct but we should definitely try to confirm that.
  3. The consoleRoute seemed reasonable from what I recall as that was the object that was passed to be updated.

We should definitely confirm these 3 things though and I'd dig into them slightly differently.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is the error?
Do you run the container locally, connecting to the remote OpenShift cluster, or directly as a Deployment on the cluster?
If the latter, I see that you doesn't provide RBAC for accessing Routes - https://github.com/project-codeflare/codeflare-operator/pull/508/files#diff-d44acd75643a4ccbb2ddc671e641c9f520d495dbc01fe1dbcf305bd4c13915d9R53-R61

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@sutaakar This was the error we were receiving. I will update RBAC:
no kind is registered for the type v1.Route in scheme "go/pkg/mod/k8s.io/[email protected]/pkg/runtime/scheme.go:100"

@Bobbins228
Added mtls initContainer patch
Loading
Loading status checks…
8a97aec
@zdtsw
Copy link
Contributor

zdtsw commented Apr 13, 2024

not sure which one need review either #507 or #508 ? or none 😱
better remove [WIP] / "draft" and have the other one closed.

@ChristianZaccaria ChristianZaccaria mentioned this pull request Apr 15, 2024
Closed
4 tasks
@astefanutti astefanutti mentioned this pull request Apr 16, 2024
Closed
4 tasks
@Bobbins228 Bobbins228 closed this Apr 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@franciscojavierarceo franciscojavierarceo

@MichaelClifford MichaelClifford

@sutaakar sutaakar

Assignees
No one assigned
Labels
do-not-merge/work-in-progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Bobbins228 @zdtsw @franciscojavierarceo @sutaakar @VanillaSpoon