Skip to content

feat: Added ownerRef to agent created webhook config. #346

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ryanzhang-oss merged 3 commits into from
Dec 6, 2022
Merged

feat: Added ownerRef to agent created webhook config. #346

ryanzhang-oss merged 3 commits into from
Dec 6, 2022

Conversation

@Ealianis
Copy link
Contributor

@Ealianis Ealianis commented Nov 29, 2022

Description of your changes

Updated the validating webhook configuration to have an owner reference to the fleet-system namespace.

Fixes #345

I have:

  • Run make reviewable to ensure this PR is ready for review.

How has this code been tested

TBA

@Ealianis Ealianis requested a review from Arvindthiru November 29, 2022 20:18
@Ealianis
Copy link
Contributor Author

Ealianis commented Nov 29, 2022
edited
Loading

@Arvindthiru , as discussed there are multiple solutions to the problem noted in issue #345. For the draft I went with the least impactful as the owner reference approach seems the most intuitive. However, binding to the namespace feels odd. Ideally we would bind to the webhook service itself. Unfortunately due to the limitations of owner references we cannot, as the ValidatingWebhookConfig is a cluster scoped resource.

The other option could be a cleanup binary. But that may be overkill.

Thoughts?

@Ealianis Ealianis marked this pull request as ready for review November 30, 2022 14:55
@Arvindthiru
Copy link
Contributor

Arvindthiru commented Nov 30, 2022

@Arvindthiru , as discussed there are multiple solutions to the problem noted in issue #345. For the draft I went with the least impactful as the owner reference approach seems the most intuitive. However, binding to the namespace feels odd. Ideally we would bind to the webhook service itself. Unfortunately due to the limitations of owner references we cannot, as the ValidatingWebhookConfig is a cluster scoped resource.

The other option could be a cleanup binary. But that may be overkill.

Thoughts?

Binding the fleet-system namespace as the owner for ValidatingWebhookConfig seems slightly odd since the namespace wasn't the resource that was responsible for creating it. On the other hand it's a sure fire way to clean up any vestigial resources as we know for a fact that fleet-system will definitely get deleted when helm chart is uninstalled.

I guess it comes down to convention on whether this approach is valid

Arvindthiru
Arvindthiru reviewed Nov 30, 2022
View reviewed changes
ryanzhang-oss
ryanzhang-oss reviewed Dec 2, 2022
View reviewed changes
ryanzhang-oss
ryanzhang-oss reviewed Dec 5, 2022
View reviewed changes
@Ealianis
Copy link
Contributor Author

Ealianis commented Dec 5, 2022
edited
Loading

Verification

  1. Execute Helm install of hub-agent.
  2. Verify fleet-validating-webhook-configuration exists with OwnerRef pointing to fleet-system.
  3. Verify pod creation is blocked.
  4. Execute Helm uninstall of hub-agent.
  5. Verify fleet-validating-webhook-configuration does not exist.
  6. Verify pod creation is unblocked.

Screenshot 2022-12-05 at 12 20 49 PM

Screenshot 2022-12-05 at 12 48 07 PM

@ryanzhang-oss ryanzhang-oss merged commit 738a350 into Azure:main Dec 6, 2022
weng271190436 pushed a commit to weng271190436/fleet that referenced this pull request Dec 8, 2025
@britaniar
feat: implement initialize and execute states within update run (Azur…
2b1e9a7 
…e#346)
@weng271190436 weng271190436 mentioned this pull request Dec 8, 2025
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Arvindthiru Arvindthiru Arvindthiru left review comments

@ryanzhang-oss ryanzhang-oss ryanzhang-oss left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG] Vestigial resource after Helm uninstall - ValidationWebhookConfiguration

3 participants

@Ealianis @Arvindthiru @ryanzhang-oss