Skip to content

Add support for lifecycle.preStop.Sleep and bump dependencies #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
MatteoMori8 merged 11 commits into from
Feb 19, 2025
Merged

Add support for lifecycle.preStop.Sleep and bump dependencies #51

MatteoMori8 merged 11 commits into from
Feb 19, 2025

Conversation

@MatteoMori8
Copy link
Contributor

@MatteoMori8 MatteoMori8 commented Feb 18, 2025
edited
Loading

  • As part of this PR we are adding support for lifecycle.preStop.Sleep
  • In order to implement this change we had to update the projects dependencies

Special note: cache.NewIndexerInformer is deprecated

About CRD changes

  • The CRD has been configured to implement some schema validation. The idea is to reduce the load and complexity of the Admission Controller by shifting left on the validation front. For Example:

    • A valid lifecycle.preStop hook, only allows for a single option to be specified. This means that we cannot have both exec and sleep at the same time. This is managed at CRD level making use of oneOf

      oneOf:
- required: ["exec"]
- required: ["sleep"]
    Click to example of an Incorrect `dcb` - Not all fields are defined for `exec` 
    ---
apiVersion: vaultwebhook.uswitch.com/v1alpha1
kind: DatabaseCredentialBinding
metadata:
  name: a-testing-dcb
  namespace: cloud
spec:
  database: test
  outputFile: test
  outputPath: /etc/test
  role: readonly
  serviceAccount: test-sa
  container:
    lifecycle:
      preStop:
        exec:
          # Missing 'command:' field

    When applied:

    "a-testing-dcb" is invalid: \
[<nil>: Invalid value: "": "spec.container.lifecycle.preStop" must validate one and only one schema (oneOf). Found none valid, spec.container.lifecycle.preStop.exec: Required value]
    Click to example of an Incorrect `dcb` - Both `exec` AND `sleep` are specified at the same time 
    ---
apiVersion: vaultwebhook.uswitch.com/v1alpha1
kind: DatabaseCredentialBinding
metadata:
  name: a-testing-dcb
spec:
  database: test
  outputFile: test
  outputPath: /etc/test
  role: readonly
  serviceAccount: test-sa
  container:
    lifecycle:
      preStop:
        sleep:
          seconds: 45
        exec:
          command: [ 'sleep', '60' ]

    When applied:

    The DatabaseCredentialBinding "a-testing-dcb" is invalid: <nil>: Invalid value: "": "spec.container.lifecycle.preStop" 
must validate one and only one schema (oneOf). Found 2 valid alternatives

  • The CRD is implementing a check in lifecycle.preStop.Sleep.seconds to ensure that only positive values are acceptable

    Click to example of an Incorrect `dcb` 
    ---
apiVersion: vaultwebhook.uswitch.com/v1alpha1
kind: DatabaseCredentialBinding
metadata:
  name: a-testing-dcb
spec:
  database: test
  outputFile: test
  outputPath: /etc/test
  role: readonly
  serviceAccount: test-sa
  container:
    lifecycle:
      preStop:
        sleep:
          seconds: -45

    When applied:

    DatabaseCredentialBinding.vaultwebhook.uswitch.com "a-testing-dcb" is invalid: \
spec.container.lifecycle.preStop.sleep.seconds: Invalid value: -45:  \
spec.container.lifecycle.preStop.sleep.seconds in body should be greater than or equal to 1

@MatteoMori8 MatteoMori8 marked this pull request as ready for review February 18, 2025 15:57
@MatteoMori8 MatteoMori8 merged commit bea5594 into master Feb 19, 2025
3 checks passed
@MatteoMori8 MatteoMori8 deleted the feat/lifecycleSleep branch February 19, 2025 12:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mmcgarr mmcgarr mmcgarr approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@MatteoMori8 @mmcgarr