Enable the admission webhook #460
Conversation
|
Can you also change https://github.com/openconfig/kne/blob/main/kind/kind-no-cni.yaml? |
|
/gcbrun |
topo/topo.go
Outdated
| @@ -543,6 +543,9 @@ func (m *Manager) push(ctx context.Context) error { | |||
| ns := &corev1.Namespace{ | |||
| ObjectMeta: metav1.ObjectMeta{ | |||
| Name: m.topo.Name, | |||
| Labels: map[string]string{ | |||
| "admission-webhook": "enabled", | |||
There was a problem hiding this comment.
nit: i think something like "kne-topology": m.topo.Name. or "kne-topology": "true would be generally useful
There was a problem hiding this comment.
Are you suggesting an extra label here?
There was a problem hiding this comment.
i was thinking instead of the "admission-webhook" label. You can operate on all the topologies namespaces by doing
namespaceSelector:
matchExpressions:
- key: kne-topology
operator: Exists
to me its better to have kne say this namesapace is kne topo instead of allow any webhooks here
There was a problem hiding this comment.
I like Daniel's idea here, I think there is value to attaching a label to the namespace to show it represents a topology. "kne-topology": true should suffice. Then you webhook can check for the "kne-topology" key to determine what to mutate. In the future we may add other tools that interact only with kne topo ns so I think its a better pattern
There was a problem hiding this comment.
Ah ok - got it. Thanks makes sense, I'll change this to what you are suggesting.
What did you have in mind? We don't need any extra config here. |
Oh nice, I thought there was a change needed to the kind settings. |
|
/gcbrun |
This enables the admission webhook on kne created namespace allowing the said webhook to manipulate pod specs.