Validate fields for DSCI and DSC #693
Assignees
Labels
enhancement
New feature or request
Comments
3 tasks
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Nov 9, 2023
The webhooks handles only Create requests (configured in config/webhook/manifests.yaml). Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Nov 9, 2023
The webhook handles only Create requests (configured in config/webhook/manifests.yaml). Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Nov 9, 2023
The webhook handles only Create requests (configured in config/webhook/manifests.yaml). Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Nov 9, 2023
The webhook handles only Create requests (configured in config/webhook/manifests.yaml). Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Nov 9, 2023
The webhook handles only Create requests (configured in config/webhook/manifests.yaml). Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Nov 15, 2023
The webhook handles only Create requests (configured in config/webhook/manifests.yaml). Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Nov 15, 2023
The webhook handles only Create requests (configured in config/webhook/manifests.yaml). Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Nov 23, 2023
The webhook handles only Create requests (configured in config/webhook/manifests.yaml). Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Nov 29, 2023
The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Dec 2, 2023
The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
|
Migrated to JIRA: https://issues.redhat.com/browse/RHOAIENG-484, hence closing the issue. |
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Jan 10, 2024
The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Jan 10, 2024
The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Feb 2, 2024
The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Feb 16, 2024
The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Feb 16, 2024
The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Feb 16, 2024
The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Feb 16, 2024
The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
VaishnaviHire
pushed a commit
that referenced
this issue
Feb 16, 2024
* webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: #693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
VaishnaviHire
pushed a commit
to VaishnaviHire/opendatahub-operator
that referenced
this issue
Feb 22, 2024
* webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> (cherry picked from commit fb93e5c)
zdtsw
referenced
this issue
in zdtsw-forking/rhods-operator
Feb 23, 2024
* webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: red-hat-data-services#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (red-hat-data-services#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com>
zdtsw
referenced
this issue
in zdtsw-forking/rhods-operator
Feb 23, 2024
* webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: red-hat-data-services#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (red-hat-data-services#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
May 2, 2024
This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
May 2, 2024
This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
May 2, 2024
Jira: https://issues.redhat.com/browse/RHOAIENG-4268 This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Jun 14, 2024
Jira: https://issues.redhat.com/browse/RHOAIENG-4268 This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Aug 1, 2024
Jira: https://issues.redhat.com/browse/RHOAIENG-4268 This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Aug 1, 2024
Jira: https://issues.redhat.com/browse/RHOAIENG-4268 This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com> fix uncommented tests/e2e/dsc_creation_test.go with a line from 9be146f ("chore(lint): updates to latest version (opendatahub-io#1074)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Aug 13, 2024
Jira: https://issues.redhat.com/browse/RHOAIENG-4268 This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com> fix uncommented tests/e2e/dsc_creation_test.go with a line from 9be146f ("chore(lint): updates to latest version (opendatahub-io#1074)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Aug 16, 2024
Jira: https://issues.redhat.com/browse/RHOAIENG-4268 This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com> fix uncommented tests/e2e/dsc_creation_test.go with a line from 9be146f ("chore(lint): updates to latest version (opendatahub-io#1074)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Sep 2, 2024
Jira: https://issues.redhat.com/browse/RHOAIENG-4268 This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com> fix uncommented tests/e2e/dsc_creation_test.go with a line from 9be146f ("chore(lint): updates to latest version (opendatahub-io#1074)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Sep 2, 2024
Jira: https://issues.redhat.com/browse/RHOAIENG-4268 This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com> fix uncommented tests/e2e/dsc_creation_test.go with a line from 9be146f ("chore(lint): updates to latest version (opendatahub-io#1074)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> webhook: partial: upgrade: controller-runtime and code change accordingly Partial application of already applied 03c1abc ("upgrade: controller-runtime and code change accordingly (opendatahub-io#1189)") Webhook related changes. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Sep 2, 2024
Jira: https://issues.redhat.com/browse/RHOAIENG-4268 This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com> fix uncommented tests/e2e/dsc_creation_test.go with a line from 9be146f ("chore(lint): updates to latest version (opendatahub-io#1074)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> webhook: partial: upgrade: controller-runtime and code change accordingly Partial application of already applied 03c1abc ("upgrade: controller-runtime and code change accordingly (opendatahub-io#1189)") Webhook related changes. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> tests: e2e: fix requireInstalled to check actuall list emptiness Partial backport of 6acf1db ("chore: update golangci-lint to v1.60.2, fix misleading test (opendatahub-io#1195)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Sep 12, 2024
Jira: https://issues.redhat.com/browse/RHOAIENG-4268 This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com> fix uncommented tests/e2e/dsc_creation_test.go with a line from 9be146f ("chore(lint): updates to latest version (opendatahub-io#1074)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> webhook: partial: upgrade: controller-runtime and code change accordingly Partial application of already applied 03c1abc ("upgrade: controller-runtime and code change accordingly (opendatahub-io#1189)") Webhook related changes. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> tests: e2e: fix requireInstalled to check actuall list emptiness Partial backport of 6acf1db ("chore: update golangci-lint to v1.60.2, fix misleading test (opendatahub-io#1195)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> networkpolicy: allow connections from webhook Allow connection to the operator pod from host network, marked with label `policy-group.network.openshift.io/host-network: ""` https://access.redhat.com/solutions/7008681 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
ykaliuta
added a commit
to ykaliuta/opendatahub-operator
that referenced
this issue
Sep 13, 2024
Jira: https://issues.redhat.com/browse/RHOAIENG-4268 This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (opendatahub-io#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: opendatahub-io#693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (opendatahub-io#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com> fix uncommented tests/e2e/dsc_creation_test.go with a line from 9be146f ("chore(lint): updates to latest version (opendatahub-io#1074)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> webhook: partial: upgrade: controller-runtime and code change accordingly Partial application of already applied 03c1abc ("upgrade: controller-runtime and code change accordingly (opendatahub-io#1189)") Webhook related changes. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> tests: e2e: fix requireInstalled to check actuall list emptiness Partial backport of 6acf1db ("chore: update golangci-lint to v1.60.2, fix misleading test (opendatahub-io#1195)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> networkpolicy: allow connections from webhook Allow connection to the operator pod from host network, marked with label `policy-group.network.openshift.io/host-network: ""` https://access.redhat.com/solutions/7008681 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
openshift-merge-bot bot
referenced
this issue
in red-hat-data-services/rhods-operator
Sep 13, 2024
Jira: https://issues.redhat.com/browse/RHOAIENG-4268 This patch reverts 5288015 ("Revert "DSC, DSCI: add validating webhook (#711)"") * webhook: add initial skeleton Originally it was generated with ```operator-sdk create webhook --group datasciencecluster --version v1 --kind DataScienceCluster --programmatic-validation``` but webhook.Validator interface (like described in the kubebuilder book[1]) does not work well for the purpose of the webhook due to needs to access openshift cluster (client.Client) to check existing instances of DSC. So, direct implementation of Handler was done inspired by [2] and odh-notebooks implementation [3]. Move it from api package closer to controllers as in [3] as well since it's not DataScienceCluster or DSCInitialization extention anymore. Amend webhook_suite_test.go's path to configs accordingly. Fix linter issues in webhook_suite_test.go: - disable ssl check; - move to package webhook_test certmanager files removed too due to usage of OpenShift service serving certificates[4] (see also service.beta.openshift.io/inject-cabundle annotation in config/webhook/kustomization.yaml). Add webhook generation to `make manifests` target so webhook/manifests.yaml is generated with it. Since DSCI creation now requires webhook it should be delayed after manager started. Move it to a closure and add it to the manager for run with Add() API. It requires explicit declaration of the interface variable otherwise complains about type mismatch for the function literal. [1] https://book.kubebuilder.io/cronjob-tutorial/webhook-implementation [2] https://book-v1.book.kubebuilder.io/beyond_basics/sample_webhook.html [3] https://github.com/opendatahub-io/kubeflow/blob/v1.7-branch/components/odh-notebook-controller/controllers/notebook_webhook.go [4] https://docs.openshift.com/container-platform/4.9/security/certificates/service-serving-certificate.html Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * webhook: implement one instance enforcing The webhook is written with the idea to handle both Create and Update requests (configured in config/webhook/manifests.yaml), but at the moment only duplication check on Create is implemented. Implements the logic which is done now on reconcile time [1] (same for DSCI). It checks for 0 instances, not 1, since when the webhook is running the object has not been created yet. Means if it's 1 then it handles request to create a second one. It could be probably possible to use generics but does not make a lot of sense for such a simple case. Closes: #693 [1] https://github.com/opendatahub-io/opendatahub-operator/blob/incubation/controllers/datasciencecluster/datasciencecluster_controller.go#L98 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: add tests to check duplication blocking Add both envtest and e2e tests of a second DataScienceCluster instance creation blocking. envtest's one is a part of webhook test suite. e2e: Add `name` parameter to setupDSCInstance() function to reuse it. Use require.Error() as the assertion, shorter and more straight logic than implementing it in the test itself. Add e2e test to check DSCInitialization similar way. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> * tests: e2e: refactor duplication tests in more abstract way Factor out common code using Unstructured/List objects. Change structure to remind more prepare/action/assert. Use "require" features when appropriate. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> --------- Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> chore(webhook): (#870) - add testcase on DSCI - remove kubebuilder marker not needed - remove checks on instance number in existing controllers - re-generate bundle - we do not act on update but we keep it on webhook for now Signed-off-by: Wen Zhou <wenzhou@redhat.com> fix uncommented tests/e2e/dsc_creation_test.go with a line from 9be146f ("chore(lint): updates to latest version (#1074)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> webhook: partial: upgrade: controller-runtime and code change accordingly Partial application of already applied 03c1abc ("upgrade: controller-runtime and code change accordingly (#1189)") Webhook related changes. Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> tests: e2e: fix requireInstalled to check actuall list emptiness Partial backport of 6acf1db ("chore: update golangci-lint to v1.60.2, fix misleading test (#1195)") Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com> networkpolicy: allow connections from webhook Allow connection to the operator pod from host network, marked with label `policy-group.network.openshift.io/host-network: ""` https://access.redhat.com/solutions/7008681 Signed-off-by: Yauheni Kaliuta <ykaliuta@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
We have certain code logic to check e.g if the number of instance is over 1, the name of the instance, etc.
It would be good to implement webhook for these validation, so we do not have such logic everywhere and hard to maintain them.
the current validation I can think of is:
this can be extended later depends on new requirements
Describe the solution you'd like
A clear and concise description of what you want to happen.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
The text was updated successfully, but these errors were encountered: