CRD Controller #353
Merged
CRD Controller #353
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Co-authored-by: Luke Kysow <[email protected]>
Also run go mod tidy
Merge POC into consul-k8s Signed-off-by: Ashwin Venkatesh <[email protected]> Co-authored-by: Luke Kysow <[email protected]>
Will create an ACL token for controller. No Consul Enterprise support right now.
* Support Consul Ent NS's for CRDs
* Add defaults and validation for ServiceDefaults
* Provision webhooks with self-generated certs Co-authored-by: Iryna Shustava <[email protected]> Co-authored-by: Luke Kysow <[email protected]>
* Ensure system recovers quickly from failures or drift in state - helm upgrades will cause the caBundle to get reset on the mutating webhooks. By "reconciling" the state of the system every second, we ensure the drift in this state has a minimal impact on the uptime of the system. it will now verify that the certificates as well as the CA bundle are "correct" every second and update them if they arent. * Compare CABundle on webhook with the CA cert on the bundle without encoding Co-authored-by: Iryna Shustava <[email protected]>
* Also make controller and webhook code generic * Update to controller-runtime 0.6.3 to fix spurious log error message.
Would always return invalid
- Pass the path down to the validation methods so they don't need to know where in the struct they are placed. - Also use .Index() and .Key() instead of fmt.Sprintf to indicate where in a slice/map we are.
- if running ent and namespace mirroring is enabled then allow multiple resources with the same name across namespaces. - make Validator structs public and remove constructors
- defaults to true - replaces ENABLE_WEBHOOKS environment variable
Proxy Defaults controller and webhook
* ServiceRouter support * controllers => controller for logger name
Also, update the version of controller-tools to 0.4.0 to support float types. With this version, we can pass allowDangerousTypes marker to allow CRDs to have float32 types. This comes with a breaking change to CRD and webhook versions, where now we have to explicitly set versions to v1beta1 since controller-tools now defaults to v1.
* Replace reflect.DeepEqual with gocmp.Equal • go-cmp has a more robust library for compares as it allows ignoring unexported fields. • Replace other usages of reflect.DeepEqual with cmp.Equal • Remove unnecessary matchesConsul methods • Restructure MatchesConsul test to test against mismatched type • Explicitly ignore fields instead of zero-ing them out during a comapare
* Rework Controller Enterprise tests to reduce duplication
* add ci config to pull s3 dev builds for tests * pick some initial oss/ent hashes of dev builds * use env var properly * use the directory flag properly to untar * use sudo for tar to access /usr/local/bin
* Use metadata field from configEntry to determine if resource is managed in external cluster * Add tests for controller not updating unowned entries * Add error message in logs if Consul entry isnt deleted. * Extract private method to share meta across resources.
* Add support for L4 service-intentions config entry
* Add -log-level flag to controller
* crds: Add support for L7 intentions Co-authored-by: Iryna Shustava <[email protected]>
lkysow
commented
Oct 7, 2020
.circleci/config.yml
Outdated
Comment on lines
10
to
11
| - CONSUL_VERSION: aa0f5ff839c515aad3baa38c7936b4630263ca89 # Consul's OSS version to use in tests | ||
| - CONSUL_ENT_VERSION: 511f5942610bfa3ae53a40ca05db1858b25c2263 # Consul's enterprise version to use in tests |
There was a problem hiding this comment.
Todo: we need these to point at 1.9.0 so the controller tests pass.
lkysow
commented
Oct 7, 2020
Tests will run against more up-to-date master versions
lkysow
requested review from
thisisnotashwin,
a team and
kschoche
and removed request for
a team
thisisnotashwin
approved these changes
Oct 8, 2020
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes proposed in this PR:
controllerandwebhook-cert-managerChecklist:
=> changelog will be added in upcoming PR