Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

adjust patch to use name instead of labelselector #30

Closed
RobMokkink opened this issue Jun 27, 2022 · 4 comments · Fixed by #39
Closed

adjust patch to use name instead of labelselector #30

RobMokkink opened this issue Jun 27, 2022 · 4 comments · Fixed by #39

Comments

@RobMokkink
Copy link

I noticed a lot of error messages in the logs of the controller when using the patch to set the caBundle correctly. In the documentation it is a follows:

apiVersion: redhatcop.redhat.io/v1alpha1
kind: Patch
metadata:
  name: patch-operator-mutatingwebhookconfiguration
  namespace: patch-operator
spec:
  serviceAccountRef:
    name: mutatingwebhook-patcher
  patches:
    patch-operator-mutatingwebhookconfigurations:
      targetObjectRef:
        apiVersion: admissionregistration.k8s.io/v1
        kind: MutatingWebhookConfiguration
        labelSelector:
          matchLabels:
            redhat-cop.redhat.io/patch-operator: "true"
      patchTemplate: '[{"op": "replace", "path": "/webhooks/0/clientConfig/caBundle", "value":"{{ (index (index . 1).data "olmCAKey") }}"}]'     
      patchType: application/json-patch+json
      sourceObjectRefs:
      - apiVersion: v1
        kind: Secret
        name: patch-operator-controller-manager-service-cert
        namespace: patch-operator

It gives the following error:

{"level":"error","ts":1656322608.2039204,"logger":"controller.patch.patch-operator-patch-operator-mutatingwebhookconfiguration","msg":"unable to update status for","reconciler group":"redhatcop.redhat.io","reconciler kind":"Patch","name":"patch-operator-mutatingwebhookconfiguration","namespace":"patch-operator","object":{"apiVersion":"redhatcop.redhat.io/v1alpha1","kind":"Patch","namespace":"patch-operator","name":"patch-operator-mutatingwebhookconfiguration"},"error":"Operation cannot be fulfilled on patches.redhatcop.redhat.io \"patch-operator-mutatingwebhookconfiguration\": the object has been modified; please apply your changes to the latest version and try again","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:114\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:311\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:266\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/home/runner/go/pkg/mod/sigs.k8s.io/[email protected]/pkg/internal/controller/controller.go:227"}

After changing it to use the name, like so:

apiVersion: redhatcop.redhat.io/v1alpha1
kind: Patch
metadata:
  name: patch-operator-mutatingwebhookconfiguration
  namespace: patch-operator
spec:
  serviceAccountRef:
    name: mutatingwebhook-patcher
  patches:
    patch-operator-mutatingwebhookconfigurations:
      targetObjectRef:
        apiVersion: admissionregistration.k8s.io/v1
        kind: MutatingWebhookConfiguration
        name: patch-operator-inject
      patchTemplate: '[{"op": "replace", "path": "/webhooks/0/clientConfig/caBundle", "value":"{{ (index (index . 1).data "olmCAKey") }}"}]'
      patchType: application/json-patch+json
      sourceObjectRefs:
      - apiVersion: v1
        kind: Secret
        name: patch-operator-controller-manager-service-cert
        namespace: patch-operator

The errors are gone, and the mutatingwebhook is adjusted.
@davgordo
Copy link
Contributor

Hi @RobMokkink can you clarify the method you used to install the operator? Did you install with OLM (OperatorHub) or using the Helm chart?

@RobMokkink
Copy link
Author

I use the OLM

raffaelespazzoli added a commit to raffaelespazzoli/patch-operator that referenced this issue Jul 28, 2022
@raffaelespazzoli
fix redhat-cop#30
aa1856a 
Signed-off-by: raffaelespazzoli <[email protected]>
@raffaelespazzoli raffaelespazzoli mentioned this issue Jul 28, 2022
Merged
@QuingKhaos
Copy link

@raffaelespazzoli After fixing this, the paragraphs in the README are not correct anymore:

Note that the targetObjectRef uses a Label Selector to query for MutatingWebhookConfigurations with the label redhat-cop.redhat.io/patch-operator: "true".

The following is an example of a MutatingWebhookConfiguration with the required label that can be used to support the creation time webhook.

@raffaelespazzoli
Copy link
Collaborator

raffaelespazzoli commented Aug 3, 2022 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix#38 raffaelespazzoli/patch-operator
4 participants
@QuingKhaos @RobMokkink @raffaelespazzoli @davgordo