Skip to content

Commit 8a848d5

Browse files
AlexsJonesAlexsJones
authored
Bug/blocked pods (#9)
* improved getting started steps * fixed self signed issuer reference * fixed bug with pods being blocked for non openfeature workloads
1 parent 874f5aa commit 8a848d5

File tree

8 files changed

+56
-7
lines changed

8 files changed

+56
-7
lines changed

README.md

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -63,4 +63,6 @@ root@nginx:/# curl localhost:8080
6363

6464
1. Create a local cluster with MicroK8s or Kind
6565
2. `kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.0/cert-manager.yaml`
66-
3. `IMG=ghcr.io/open-feature/open-feature-operator:main make deploy`
66+
3. `kubectl apply -f config/webhook/certificate.yaml`
67+
4. `IMG=ghcr.io/open-feature/open-feature-operator:main make deploy`
68+

config/manager/kustomization.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,4 +13,4 @@ kind: Kustomization
1313
images:
1414
- name: controller
1515
newName: ghcr.io/open-feature/open-feature-operator
16-
newTag: main
16+
newTag: main

config/manager/manager.yaml

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,8 @@ metadata:
7474
namespace: open-feature-operator-system
7575
spec:
7676
secretName: sidecar-injector-certs
77-
dnsNames:
77+
dnsNames:
78+
- open-feature-operator-webhook-service
7879
- open-feature-operator-webhook-service.open-feature-operator-system.svc
7980
- open-feature-operator-webhook-service.open-feature-operator-system.svc.cluster.local
8081
issuerRef:

config/samples/deployment.yaml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
apiVersion: apps/v1
2+
kind: Deployment
3+
metadata:
4+
name: nginx-deployment
5+
annotations:
6+
openfeature.dev: "enabled"
7+
openfeature.dev/featureflagconfiguration: "featureflagconfiguration-sample"
8+
spec:
9+
selector:
10+
matchLabels:
11+
app: nginx
12+
replicas: 2 # tells deployment to run 2 pods matching the template
13+
template:
14+
metadata:
15+
labels:
16+
app: nginx
17+
spec:
18+
containers:
19+
- name: nginx
20+
image: nginx:1.14.2
21+
ports:
22+
- containerPort: 80

examples/pod.yaml renamed to config/samples/pod.yaml

File renamed without changes.

config/webhook/certificate.yaml

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
apiVersion: cert-manager.io/v1
2+
kind: Issuer
3+
metadata:
4+
name: open-feature-operator-selfsigned-issuer
5+
namespace: open-feature-operator-system
6+
spec:
7+
selfSigned: {}
8+
---
9+
apiVersion: cert-manager.io/v1
10+
kind: Certificate
11+
metadata:
12+
name: webhook-cert
13+
namespace: open-feature-operator-system
14+
spec:
15+
secretName: sidecar-injector-certs
16+
dnsNames:
17+
- open-feature-operator-webhook-service
18+
- open-feature-operator-webhook-service.open-feature-operator-system.svc
19+
- open-feature-operator-webhook-service.open-feature-operator-system.svc.cluster.local
20+
issuerRef:
21+
name: open-feature-operator-selfsigned-issuer

config/webhook/manifests.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,4 +24,5 @@ webhooks:
2424
- UPDATE
2525
resources:
2626
- pods
27+
- deployments
2728
sideEffects: NoneOnDryRun

webhooks/mutating_admission_webhook.go

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -17,7 +17,7 @@ import (
1717
// NOTE: RBAC not needed here.
1818
//+kubebuilder:rbac:groups="",resources=pods,verbs=get;list;watch;create;update;patch;delete
1919
//+kubebuilder:rbac:groups="",resources=configmaps,verbs=get;list;watch;create;update;patch;delete
20-
// +kubebuilder:webhook:path=/mutate-v1-pod,mutating=true,failurePolicy=Ignore,groups="",resources=pods,verbs=create;update,versions=v1,name=mpod.kb.io,admissionReviewVersions=v1,sideEffects=NoneOnDryRun
20+
// +kubebuilder:webhook:path=/mutate-v1-pod,mutating=true,failurePolicy=Ignore,groups="",resources=pods;deployments,verbs=create;update,versions=v1,name=mpod.kb.io,admissionReviewVersions=v1,sideEffects=NoneOnDryRun
2121

2222
// PodMutator annotates Pods
2323
type PodMutator struct {
@@ -39,11 +39,11 @@ func (m *PodMutator) Handle(ctx context.Context, req admission.Request) admissio
3939
// Check enablement
4040
val, ok := pod.GetAnnotations()["openfeature.dev"]
4141
if !ok {
42-
return admission.Response{}
42+
return admission.Allowed("no annotation")
4343
} else {
4444
if val != "enabled" {
4545
m.Log.V(2).Info("openfeature.dev Annotation is not enabled")
46-
return admission.Response{}
46+
return admission.Allowed("openfeature is disabled")
4747
}
4848
}
4949
var featureFlagCustomResource corev1alpha1.FeatureFlagConfiguration
@@ -81,7 +81,9 @@ func (m *PodMutator) Handle(ctx context.Context, req admission.Request) admissio
8181
"config.yaml": featureFlagCustomResource.Spec.FeatureFlagSpec,
8282
},
8383
}); err != nil {
84-
fmt.Printf(fmt.Sprintf("failed to create config map %s", configName))
84+
85+
m.Log.V(1).Info(fmt.Sprintf("failed to create config map %s", configName))
86+
8587
return admission.Errored(http.StatusInternalServerError, err)
8688
}
8789

0 commit comments

Comments
 (0)