Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Controlling Kopf Operator Behavior to Prevent Unwanted Object Creation #1084

Open
skandarchahbouni opened this issue Dec 31, 2023 · 8 comments
Open

Controlling Kopf Operator Behavior to Prevent Unwanted Object Creation #1084

skandarchahbouni opened this issue Dec 31, 2023 · 8 comments
Labels
question Further information is requested

Comments

@skandarchahbouni
Copy link

Keywords

No response

Problem

Hello,
I am using Kopf, and I noticed that the CRD objects are always created. For example, let's suppose we have a CRD named "app", which has a Kopf operator with the create handler. If an exception or an error is triggered when the create function is executed, I want the instance to not exist. I mean, if I run the kubectl get app command, I want to find that the instance wasn't created because the create handler triggered an error. However, in Kopf, I noticed that the CRD instances are always created.

Is there a way to avoid that?
@skandarchahbouni skandarchahbouni added the question Further information is requested label Dec 31, 2023
@bobh66
Copy link

bobh66 commented Dec 31, 2023

The on.create() handlers are reacting to the creation of the resource, so any failure in the handler cannot prevent the creation that already happened.

If you want to be able to block the creation of the CR you can use a validating webhook which can reject the creation request if your criteria are/are not met. See: https://kopf.readthedocs.io/en/stable/admission/#validation-handlers

@skandarchahbouni
Copy link
Author

Hello again, I am struggling to use the admission controller in Kopf. I was using Kind and then switched to Minikube. I have been following the documentation, but it's not working, and I am encountering some unusual errors. I would be very grateful if you could provide any assistance regarding this.

image

@skandarchahbouni
Copy link
Author

I have even tried the webhookMinikube method, but it didn't work either.
image

@bobh66
Copy link

bobh66 commented Jan 3, 2024

It looks like the Windows signal interface is not compatible - you might want to try Linux.

@skandarchahbouni
Copy link
Author

My friend is using Windows WSL, but he is also facing some errors, and it's a bit ambiguous to set up the admission controller. @bobh66, have you ever used it? If so, could you please share the steps you have followed?

@bobh66
Copy link

bobh66 commented Jan 3, 2024

This is how I configure the admission webhook:

@kopf.on.startup()
async def configure(
    settings: kopf.OperatorSettings, logger: kopf.Logger, memo: kopf.Memo, **_
):
    addr = socket.gethostbyname(socket.gethostname())
    with socket.socket() as s:
        s.bind(("", 0))  # Bind to a free port provided by the host.
        port = s.getsockname()[1]
    settings.admission.server = kopf.WebhookServer(port=port, addr=addr)
    settings.admission.managed = "auto.kopf.dev"

@skandarchahbouni
Copy link
Author

Thank you for your response, but unfortunately the same problem always.

image

@skandarchahbouni
Copy link
Author

[2024-01-03 23:01:58,265] kopf._core.reactor.o [ERROR ] Request attempt #9/9 failed; escalating: GET https://127.0.0.1:39627/api -> ClientConnectorError(ConnectionKey(host='127.0.0.1', port=39627, is_ssl=True, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=2483569142402266527), ConnectionRefusedError(111, "Connect call failed ('127.0.0.1', 39627)"))

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bobh66 @skandarchahbouni