Skip to content

feat: Webhook for member cluster #393

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ryanzhang-oss merged 4 commits into from
Jun 22, 2023
Merged

feat: Webhook for member cluster #393

ryanzhang-oss merged 4 commits into from
Jun 22, 2023

Conversation

@Arvindthiru
Copy link
Contributor

@Arvindthiru Arvindthiru commented Jun 21, 2023
edited
Loading

Description of your changes

Fixes #

I have:

  • Run make reviewable to ensure this PR is ready for review.

How has this code been tested

UT and E2E tests

Special notes for your reviewer

@Arvindthiru Arvindthiru changed the title Webhook for member cluster feat: Webhook for member cluster Jun 21, 2023
@Arvindthiru Arvindthiru marked this pull request as ready for review June 21, 2023 07:36
ryanzhang-oss
ryanzhang-oss reviewed Jun 21, 2023
View reviewed changes
pkg/webhook/validation/uservalidation.go
}

// ValidateUserForFleetCR checks to see if user is authenticated to make a request to modify Fleet CRs.
func ValidateUserForFleetCR(ctx context.Context, client client.Client, whiteListedUsers []string, userInfo authenticationv1.UserInfo) bool {
Copy link
Contributor

@ryanzhang-oss ryanzhang-oss Jun 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this used anywhere?

Copy link
Contributor

@ryanzhang-oss ryanzhang-oss Jun 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is the whiteList only useful fro FleetCR?

Copy link
Contributor Author

@Arvindthiru Arvindthiru Jun 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using whiteList for CRD check as well

pkg/webhook/validation/uservalidation.go
var memberClusterList fleetv1alpha1.MemberClusterList
if err := client.List(ctx, &memberClusterList); err != nil {
klog.V(2).ErrorS(err, "failed to list member clusters")
return false
Copy link
Contributor

@ryanzhang-oss ryanzhang-oss Jun 21, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this list from the cache?

Copy link
Contributor Author

@Arvindthiru Arvindthiru Jun 21, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This client is from the manager that's constructed in hub agent's main.go where we don't pass a NewClient func, since we are not passing it looks like we get new delegating client which uses the cache on reads https://github.com/kubernetes-sigs/controller-runtime/blob/main/pkg/manager/manager.go#L141

Seems like we are using a different version of controller runtime but this seems to be true for both versions
image

I can see why it would be concern if we read stale data from the cache and reject certain requests from the member agents, but even if the webhook rejects the request once the member agent will retry in the next reconcile and in the meantime I'm assuming the cache will be populated with new data. If that's not the case we may need to use a new client here which doesn't use the cache

Copy link
Contributor

@ryanzhang-oss ryanzhang-oss Jun 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we probably should upgrade our controller-runtime now.
I looked at the code, I think we are reading it from cache.

@ryanzhang-oss ryanzhang-oss merged commit 0f1039a into Azure:main Jun 22, 2023
britaniar pushed a commit to britaniar/fleet that referenced this pull request Jan 12, 2026
@Arvindthiru
fix: return unexpected error if no. of updating cluster > maxConcurre…
40a0bc3 
…ncy (Azure#393)
@britaniar britaniar mentioned this pull request Jan 12, 2026
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ryanzhang-oss ryanzhang-oss ryanzhang-oss approved these changes

@michaelawyu michaelawyu Awaiting requested review from michaelawyu

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Arvindthiru @ryanzhang-oss