Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Upgrade to k8s v1.27.2; controller-runtime v0.15.0; add VAP prototype #2819

Merged
merged 8 commits into from
Jun 16, 2023
Merged

feat: Upgrade to k8s v1.27.2; controller-runtime v0.15.0; add VAP prototype #2819

merged 8 commits into from
Jun 16, 2023

Conversation

maxsmythe
Copy link
Contributor

@maxsmythe maxsmythe commented Jun 8, 2023
edited
Loading

What this PR does / why we need it:

This PR upgrades the underlying K8s libraries to 1.27.2 and adds support for a prototype validating admission policy driver.

Which issue(s) this PR fixes (optional, using fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when the PR gets merged):
Fixes #

Special notes for your reviewer:

@maxsmythe maxsmythe requested review from sozercan and ritazh June 8, 2023 00:08
@maxsmythe maxsmythe changed the title Upgrade to k8s v1.27.2; controller-runtime v0.15.0; add VAP prototype feat: Upgrade to k8s v1.27.2; controller-runtime v0.15.0; add VAP prototype Jun 8, 2023
@maxsmythe maxsmythe force-pushed the gk-preliminary-vap branch 2 times, most recently from 77f5227 to 8c36082 Compare June 8, 2023 00:29
@maxsmythe
Upgrade to k8s v1.27.2; controller-runtime v0.15.0; add VAP prototype
18cd96d 
Signed-off-by: Max Smythe <smythe@google.com>
@codecov-commenter
Copy link

codecov-commenter commented Jun 8, 2023
edited
Loading

Codecov Report

Patch coverage: 68.75% and project coverage change: +0.01 🎉

Comparison is base (7964f93) 53.52% compared to head (373b391) 53.54%.

Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #2819      +/-   ##
==========================================
+ Coverage   53.52%   53.54%   +0.01%     
==========================================
  Files         132      133       +1     
  Lines       11551    11536      -15     
==========================================
- Hits         6183     6177       -6     
+ Misses       4887     4883       -4     
+ Partials      481      476       -5
Flag Coverage Δ
unittests 53.54% <68.75%> (+0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/controller/constraint/constraint_controller.go 5.68% <0.00%> (ø)
pkg/controller/pubsub/pubsub_config_controller.go 11.68% <0.00%> (ø)
pkg/syncutil/backoff.go 0.00% <0.00%> (ø)
pkg/target/review.go 0.00% <0.00%> (ø)
pkg/webhook/mutation.go 25.53% <0.00%> (+0.87%) ⬆️
pkg/webhook/namespacelabel.go 90.47% <0.00%> (+9.62%) ⬆️
pkg/webhook/policy.go 34.23% <0.00%> (-1.74%) ⬇️
pkg/util/pack.go 79.54% <33.33%> (ø)
pkg/gator/verify/runner.go 84.75% <42.85%> (-1.28%) ⬇️
cmd/gator/test/test.go 32.07% <50.00%> (+0.64%) ⬆️
... and 10 more

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@maxsmythe
Add controller-runtime commit 116a1b831fffe7ccc3c8145306c3e1a3b1b14ffa
feda055 
Signed-off-by: Max Smythe <smythe@google.com>
@maxsmythe
Add dynamic informer code to controller-runtime
61c853f 
Signed-off-by: Max Smythe <smythe@google.com>
@maxsmythe
Fix lint issues
7db6797 
Signed-off-by: Max Smythe <smythe@google.com>
@maxsmythe
Copy link
Contributor Author

@ritazh @sozercan

This moves us to K8s 1.27.2 and adds the VAP prototype.

I tried to use submodules and subtrees, but submodules required us to have a controller-runtime fork we could push to (at which point we should just use gomod) and subtrees was incompatible with DCO.

I wound up just copying controller-runtime at a specific commit. LMK if you want me to do something different.

Note that gomod's replace directive causes the license linter to throw an error because it cannot find the correct link to the original controller-runtime repo.

acpana
acpana approved these changes Jun 8, 2023
View reviewed changes
Copy link
Contributor

@acpana acpana left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Excited to see this in 💯 thanks for working on it.

.gitmodules Outdated
@@ -0,0 +1,3 @@
[submodule "third_party/sigs.k8s.io/controller-runtime"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

as chatted offline, probably don't need this now.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep! Removed.

@maxsmythe
Remove .gitmodules
5ae5496 
Signed-off-by: Max Smythe <smythe@google.com>
sozercan
sozercan reviewed Jun 13, 2023
View reviewed changes
cmd/gator/test/test.go Outdated
@@ -72,6 +73,7 @@ func init() {
Cmd.Flags().StringVarP(&flagOutput, flagNameOutput, "o", "", fmt.Sprintf("Output format. One of: %s|%s.", stringJSON, stringYAML))
Cmd.Flags().BoolVarP(&flagIncludeTrace, "trace", "t", false, "include a trace for the underlying Constraint Framework evaluation.")
Cmd.Flags().BoolVarP(&flagGatherStats, "stats", "", false, "include performance stats returned from the Constraint Framework.")
Cmd.Flags().BoolVarP(&flagEnableK8sCel, "prototype-enable-k8s-native-validation", "", false, "PROTOTYPE (not stable): enable the validating admission policy driver")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: we used experimental before, do we want to use the same convention or do we think this is pre-experimental?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm okay with either name.

Right now, the format for the engine hasn't really had any scrutiny (I mostly followed VAP schema). My main concern is that users know:

  1. This isn't stable
  2. This is intended to be the start of a discussion, not necessarily something we want to build from

@nilekhc nilekhc mentioned this pull request Jun 14, 2023
Merged
@maxsmythe
Update flag name, add comment to gomod
63149a6 
Signed-off-by: Max Smythe <smythe@google.com>
@maxsmythe maxsmythe merged commit e60fd23 into open-policy-agent:master Jun 16, 2023
@acpana acpana mentioned this pull request Jun 29, 2023
Closed
@ritazh ritazh mentioned this pull request Jul 12, 2023
Closed
@ritazh ritazh added this to the v3.13.0 milestone Jul 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sozercan sozercan sozercan approved these changes

@acpana acpana acpana approved these changes

@ritazh ritazh Awaiting requested review from ritazh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v3.13.0
Development

Successfully merging this pull request may close these issues.
5 participants
@maxsmythe @codecov-commenter @sozercan @acpana @ritazh