⚠️ split webhook server and manifest generation #300
Conversation
|
The PR is not polished yet. |
8f03a29 to
4589fd6
Compare
| "sigs.k8s.io/controller-runtime/pkg/internal/webhookgenerator/types" | ||
| ) | ||
|
|
||
| // Webhook represents each individual webhook. |
There was a problem hiding this comment.
May be we can describe it a bit more:
Webhook contains bits needed for generating a Webhook Configuration/manifest ?
| ) | ||
|
|
||
| // ServerOptions are options for configuring an admission webhook server. | ||
| type ServerOptions struct { |
There was a problem hiding this comment.
may be we should rename the filename to be also server_options.go ?
| // store it in this directory. | ||
| // If using SecretCertWriter in Provisioner, the server will provision the certificate in a secret, | ||
| // the user is responsible to mount the secret to the this location for the server to consume. | ||
| CertDir string |
There was a problem hiding this comment.
I think most of these comments need to be re-written from the new purely generation perspective. Currently they read as if webhook server itself is going to use these options to install webhook configuration.
| s.setDefault() | ||
|
|
||
| return s.InstallWebhookManifests() | ||
| } |
There was a problem hiding this comment.
Same comment as above. Some of these methods Register and Start doesn't seem relevant from purely generation perspective.
03c3f1b to
b2ea9dc
Compare
fda3ed5 to
2ddd02d
Compare
|
PTAL |
|
Pushed a little more changes on top of the earlier commit. |
pkg/webhook/server.go
Outdated
| ServerOptions: options, | ||
| manager: mgr, | ||
| } | ||
|
|
||
| return as, nil | ||
| } | ||
|
|
||
| // setDefault does defaulting for the Server. | ||
| func (s *Server) setDefault() { | ||
| if len(s.Name) == 0 { |
There was a problem hiding this comment.
I think we can remove this name field (I've removed it in #323 IIRC, so we can just wait till that if you want)
There was a problem hiding this comment.
Yup.
It was for the name (identifier) of each individual webhook, but it is no longer used anywhere in CR.
pkg/webhook/server.go
Outdated
| s.registry = map[string]http.Handler{} | ||
| } | ||
| if s.sMux == nil { | ||
| s.sMux = http.DefaultServeMux |
There was a problem hiding this comment.
why is the default mux different from the mux used if you call the constructor?
There was a problem hiding this comment.
for that matter, why do we have a constructor if we've got the setDefaults style?
There was a problem hiding this comment.
why is the default mux different from the mux used if you call the constructor?
Thanks for catching this.
I agree we should use the same mux. i.e. use http.NewServeMux().
for that matter, why do we have a constructor if we've got the
setDefaultsstyle?
Because some users may use the public Server struct directly, we need to ensure it get sane defaulting and works.
pkg/webhook/server.go
Outdated
| s.CertDir = path.Join("k8s-webhook-server", "cert") | ||
| } | ||
|
|
||
| if s.Client == nil { |
There was a problem hiding this comment.
we shouldn't be auto-initializing the client like this. We don't actually use this anywhere, so we shouldn't have a client field at all
There was a problem hiding this comment.
I realized it too when fixing the injector for webhook. I have dropped it in #316.
pkg/webhook/server.go
Outdated
|
|
||
| // manager is the manager that this webhook server will be registered. | ||
| manager manager.Manager | ||
|
|
||
| // httpServer is the actual server that serves the traffic. | ||
| httpServer *http.Server | ||
| // err will be non-nil if there is an error occur during initialization. |
There was a problem hiding this comment.
this design is weird. We can leave this in for now, but I don't think it makes much sense to leave in long-term
There was a problem hiding this comment.
(e.g. multiple registrations will overwrite errors)
There was a problem hiding this comment.
It is kind of the same pattern as kubectl resource builder.
e.g. multiple registrations will overwrite errors
You are right. We can probably make it an array of errors i.e. []error.
If you really don't like it, we rethink how to handle it :)
pkg/webhook/server.go
Outdated
| return err | ||
| for path := range s.registry { | ||
| // TODO(mengqiy): remove this in PR #316 | ||
| if wh, ok := s.registry[path].(Webhook); ok { |
There was a problem hiding this comment.
this inject code isn't quite right the way it's written, since someone could write their own webhook impl that needed the info. If webhook isn't an interface, this isn't a problem.
There was a problem hiding this comment.
This is fixed in a4ef929#diff-fbc18bb07cdd05391b7081acc1dfe170R209
I tried to avoid putting everything in the same PR, so the code here may look incorrect.
|
PTAL |
| ClientConfig: cc, | ||
| Objects: s.webhookConfigurations, | ||
| }) | ||
| listener, err := tls.Listen("tcp", net.JoinHostPort("", strconv.Itoa(int(s.Port))), cfg) |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: DirectXMan12, mengqiy The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
New changes are detected. LGTM label has been removed. |
|
Squashed the commits, no new code change. /hold cancel |
Code related to running a webhook server stays in CR repo.
Code related to generating cert are dropped.
Code related to generating non-cert manifests (e.g. webhookConfiguration, service) are currently under
pkg/webhookgenerator,which will be moved to the controller-tools repo.