-
Notifications
You must be signed in to change notification settings - Fork 20
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(ws): add validation webhooks for Workspace and WorkspaceKind (#34)
* add validating webhook Signed-off-by: Adem Baccara <[email protected]> * add tests for workspacekind and workspace webhooks Signed-off-by: Adem Baccara <[email protected]> * re-add cert-manager Signed-off-by: Adem Baccara <[email protected]> * refactor ValidateCreate and ValidateUpdate functions in wokrspaceKind webhook Signed-off-by: Adem Baccara <[email protected]> * add e2e test for webhooks Signed-off-by: Adem Baccara <[email protected]> * mathew refactor 1 Signed-off-by: Mathew Wicks <[email protected]> * mathew refactor 2 Signed-off-by: Mathew Wicks <[email protected]> * mathew refactor 3 Signed-off-by: Mathew Wicks <[email protected]> --------- Signed-off-by: Adem Baccara <[email protected]> Signed-off-by: Mathew Wicks <[email protected]> Co-authored-by: Mathew Wicks <[email protected]>
- Loading branch information
1 parent
38b8955
commit bc4e445
Showing
37 changed files
with
3,106 additions
and
221 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
# The following manifests contain a self-signed issuer CR and a certificate CR. | ||
# More document can be found at https://docs.cert-manager.io | ||
# WARNING: Targets CertManager v1.0. Check https://cert-manager.io/docs/installation/upgrading/ for breaking changes. | ||
apiVersion: cert-manager.io/v1 | ||
kind: Issuer | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: certificate | ||
app.kubernetes.io/instance: serving-cert | ||
app.kubernetes.io/component: certificate | ||
app.kubernetes.io/created-by: workspace-controller | ||
app.kubernetes.io/part-of: workspace-controller | ||
app.kubernetes.io/managed-by: kustomize | ||
name: selfsigned-issuer | ||
namespace: system | ||
spec: | ||
selfSigned: {} | ||
--- | ||
apiVersion: cert-manager.io/v1 | ||
kind: Certificate | ||
metadata: | ||
labels: | ||
app.kubernetes.io/name: certificate | ||
app.kubernetes.io/instance: serving-cert | ||
app.kubernetes.io/component: certificate | ||
app.kubernetes.io/created-by: workspace-controller | ||
app.kubernetes.io/part-of: workspace-controller | ||
app.kubernetes.io/managed-by: kustomize | ||
name: serving-cert # this name should match the one appeared in kustomizeconfig.yaml | ||
namespace: system | ||
spec: | ||
# SERVICE_NAME and SERVICE_NAMESPACE will be substituted by kustomize | ||
dnsNames: | ||
- SERVICE_NAME.SERVICE_NAMESPACE.svc | ||
- SERVICE_NAME.SERVICE_NAMESPACE.svc.cluster.local | ||
issuerRef: | ||
kind: Issuer | ||
name: selfsigned-issuer | ||
secretName: webhook-server-cert # this secret will not be prefixed, since it's not managed by kustomize |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
resources: | ||
- certificate.yaml | ||
|
||
configurations: | ||
- kustomizeconfig.yaml |
8 changes: 8 additions & 0 deletions
8
workspaces/controller/config/certmanager/kustomizeconfig.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
# This configuration is for teaching kustomize how to update name ref substitution | ||
nameReference: | ||
- kind: Issuer | ||
group: cert-manager.io | ||
fieldSpecs: | ||
- kind: Certificate | ||
group: cert-manager.io | ||
path: spec/issuerRef/name |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7 changes: 7 additions & 0 deletions
7
workspaces/controller/config/crd/patches/cainjection_in_workspacekinds.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# The following patch adds a directive for certmanager to inject CA into the CRD | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME | ||
name: workspacekinds.kubeflow.org |
7 changes: 7 additions & 0 deletions
7
workspaces/controller/config/crd/patches/cainjection_in_workspaces.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
# The following patch adds a directive for certmanager to inject CA into the CRD | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
annotations: | ||
cert-manager.io/inject-ca-from: CERTIFICATE_NAMESPACE/CERTIFICATE_NAME | ||
name: workspaces.kubeflow.org |
16 changes: 16 additions & 0 deletions
16
workspaces/controller/config/crd/patches/webhook_in_workspacekinds.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# The following patch enables a conversion webhook for the CRD | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
name: workspacekinds.kubeflow.org | ||
spec: | ||
conversion: | ||
strategy: Webhook | ||
webhook: | ||
clientConfig: | ||
service: | ||
namespace: system | ||
name: webhook-service | ||
path: /convert | ||
conversionReviewVersions: | ||
- v1 |
16 changes: 16 additions & 0 deletions
16
workspaces/controller/config/crd/patches/webhook_in_workspaces.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
# The following patch enables a conversion webhook for the CRD | ||
apiVersion: apiextensions.k8s.io/v1 | ||
kind: CustomResourceDefinition | ||
metadata: | ||
name: workspaces.kubeflow.org | ||
spec: | ||
conversion: | ||
strategy: Webhook | ||
webhook: | ||
clientConfig: | ||
service: | ||
namespace: system | ||
name: webhook-service | ||
path: /convert | ||
conversionReviewVersions: | ||
- v1 |
Oops, something went wrong.