Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Copy Kubernetes objects in webhook #3424

Closed
dgerd opened this issue Mar 13, 2019 · 4 comments · Fixed by #3779
Closed

Copy Kubernetes objects in webhook #3424

dgerd opened this issue Mar 13, 2019 · 4 comments · Fixed by #3779
Assignees
@dgerd
Labels
area/API API objects and controllers kind/feature Well-understood/specified features, ready for coding. kind/spec Discussion of how a feature should be exposed to customers.
Milestone
0.6.x

Comments

@dgerd
Copy link

dgerd commented Mar 13, 2019

In what area(s)?

/area API

/area autoscale
/area build
/area monitoring
/area networking
/area test-and-release

Describe the feature

Many of our CRD objects take Kubernetes object shapes as input such as corev1.Container, corev1.ObjectReference, corev1.Volume. Our webhook today takes these shapes and passes the user input through to the controller. However, given that the Kubernetes API is continuously growing new resource fields may be added to objects we consume. The behavior of those new fields may not be inline with the behavior we desire for Knative.

Instead of passing the objects through we should copy the fields we care about to a new object. This prevents additional fields that get added from being 'on by default'.
@dgerd dgerd added the kind/feature Well-understood/specified features, ready for coding. label Mar 13, 2019
@knative-prow-robot knative-prow-robot added area/API API objects and controllers kind/good-first-issue kind/spec Discussion of how a feature should be exposed to customers. labels Mar 13, 2019
@dprotaso
Copy link
Member

dprotaso commented Mar 13, 2019 via email

@mattmoor
Copy link
Member

+1

@mattmoor mattmoor added this to the Serving 0.6 milestone Mar 25, 2019
@dgerd
Copy link
Author

dgerd commented Mar 29, 2019

/assign @dgerd

@dgerd dgerd mentioned this issue Mar 29, 2019
Closed
@dgerd
Copy link
Author

dgerd commented Apr 4, 2019

Spent some time looking at implementing this. I think we will want to add this to the validator to replace all of the disallowed fields checks that we have today. Getting an error that a field is set that shouldn't be set seems preferable to un-setting disallowed fields through the defaulter.

There are a few ways we can implement the copy & compare functions although none of them stick out as great.

  1. Create a custom, non-generated DeepCopy() method for the above objects in the Knative API package. This DeepCopy function only copies the fields we care about. cmp can then be used with a custom reporter to provide a list of fields which can be used to format apis.FieldErrors.
  2. Use the reflect package and a set of allowed fields to traverse each object and find any set fields. Any fields not part of the allowed set are added to a disallowed list to format apis.FieldErrors.
  3. Do In Route, add capability for watching for changes to Configuration so when Configuration gets updated, we'll pick up changes) #2, but with the kubernetes unstructured library.

@dgerd dgerd mentioned this issue Apr 16, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dgerd dgerd

Labels
area/API API objects and controllers kind/feature Well-understood/specified features, ready for coding. kind/spec Discussion of how a feature should be exposed to customers.
Projects
None yet
Milestone
0.6.x
Development

Successfully merging a pull request may close this issue.

Improve webhook validation dgerd/serving
4 participants
@dprotaso @mattmoor @knative-prow-robot @dgerd