feat: use owner reference with policy server resources. #720
Conversation
jvanz
force-pushed
the
issue660-owner-references
branch
from
7103329 to
3abe65b
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #720 +/- ##
==========================================
+ Coverage 72.85% 73.17% +0.32%
==========================================
Files 28 28
Lines 1908 1812 -96
==========================================
- Hits 1390 1326 -64
+ Misses 397 370 -27
+ Partials 121 116 -5
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
jvanz
force-pushed
the
issue660-owner-references
branch
2 times, most recently
from
99ad0f1 to
83049a3
Compare
jvanz
force-pushed
the
issue660-owner-references
branch
3 times, most recently
from
9b77c8a to
cbaa416
Compare
jvanz
force-pushed
the
issue660-owner-references
branch
2 times, most recently
from
341b80c to
bf14af1
Compare
|
This PR is based on top of #730. Waiting for that PR to get merged before moving this to pending review. |
jvanz
force-pushed
the
issue660-owner-references
branch
from
bf14af1 to
d36cf05
Compare
jvanz
requested review from
flavio and
a team
and removed request for
a team and
flavio
jvanz
force-pushed
the
issue660-owner-references
branch
4 times, most recently
from
dc14e60 to
933d2fe
Compare
Updates the base CRDs generated after some recent dependencies updates. Signed-off-by: José Guilherme Vanz <jguilhermevanz@suse.com>
Updates the controller to set owner references for all the resources created to make the policy server works. Which includes: service, configmap, deployment and secret. Therefore, we can remove the reconciliation loop code to remove this resources when the user deletes the policy server and rely on Kubernetes garbage collector to do the job. Signed-off-by: José Guilherme Vanz <jguilhermevanz@suse.com>
jvanz
force-pushed
the
issue660-owner-references
branch
from
933d2fe to
5563f3d
Compare
|
@kubewarden/kubewarden-developers the integration tests are failing but I do not think this is related to the changes here. It looks like something different. I'm moving this PR to be reviewed by the team while I investigate the issue. It may take some time because I cannot reproduce this in my local branch. 🤞 |
jvanz
force-pushed
the
issue660-owner-references
branch
from
5563f3d to
dd3cd07
Compare
|
|
||
| const port = "8181" | ||
|
|
||
| func TestCAAndCertificateCreationInAHttpsServer(t *testing.T) { |
There was a problem hiding this comment.
Should we drop this test? Are we missing a test that checks for the cert creation on call to fetchOrInitializePolicyServerCASecret()?
There was a problem hiding this comment.
Fair enough, I've re added this test in the internal/pkg/admission/policy-server-ca-secret_test.go file. ;)
Uses the controller-runtime helper function CreateOrUpdate to reconcile the secrets storing the certificates used by policy server. Signed-off-by: José Guilherme Vanz <jguilhermevanz@suse.com>
Some tests needs to update resources in order to properly test resource deletion. However, this needs to happen inside an Eventually call to ensure that the test will update the latest version of the resource. Otherwise, it will fail. Signed-off-by: José Guilherme Vanz <jguilhermevanz@suse.com>
jvanz
force-pushed
the
issue660-owner-references
branch
from
dd3cd07 to
f80c28b
Compare
| @@ -163,11 +163,13 @@ spec: | |||
| items: | |||
| type: string | |||
| type: array | |||
| x-kubernetes-list-type: atomic | |||
There was a problem hiding this comment.
This came from a recent update in the apimachinery package. As we use label selector objects in the policy spec, the CRDs will be updated with the latest changes there as well. I've added a commit here to fix that in our main branch and avoid generating noise every time that we run the controller locally.
If you think is better, I can open another PR just for that update in the CRDs.
Description
Updates the controller to set owner references for all the resources created to make the policy server works. Which includes: service, configmap, deployment and secret. Therefore, we can remove the reconciliation loop code to remove this resources when the user deletes the policy server and rely on Kubernetes garbage collector to do the job.
Fix #660
Test