add support for impersonating dynamic client and configuring subresource #920
Conversation
|
|
✅ Deploy Preview for k8s-kwok ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
Welcome @alaypatel07! |
|
Hi @alaypatel07. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Tested the code changes with the following stage Got the VMI to transition into running state, kwok logs vmi status: |
|
Please note this is just a draft for sharing the POC, will clean up the code if this is acceptable API change. @wzshiming PTAL |
044f3a9 to
51744a9
Compare
Please take a look and sign the CLA |
|
Thanks for the review, I will address all the comments soon |
51744a9 to
4b7f01d
Compare
ebcc587 to
16f5f92
Compare
|
can I please get an ok-to-test to trigger the prow tests? |
| @@ -83,6 +83,19 @@ type StageNext struct { | |||
| Delete bool | |||
| // StatusTemplate indicates the template for modifying the status of the resource in the next. | |||
| StatusTemplate string | |||
| // StatusSubresource indicates the name of the subresource that will be patched. A nil value means | |||
| // entire object will be patches | |||
| StatusSubresource *string | |||
There was a problem hiding this comment.
| StatusSubresource *string | |
| StatusSubresource string |
A null pointer is assigned to a value during the conversion, so thie don't have to use a pointer here
There was a problem hiding this comment.
I have updated this.
Just out of curiosity, whats the point of have *string in api, when we are automatically converting nil string to ""?
My understanding is that a *string in api is recommended to differentiate nil and "" as different states
|
/ok-to-test |
5682ebf to
d975050
Compare
|
Unsure why this failed https://github.com/kubernetes-sigs/kwok/actions/runs/7564581117/job/20598936655?pr=920. @wzshiming is the failure related to the PR? |
Yes, you can ignore the failures in mac, the recent Github Action MacOS Runner is very unstable with docker. |
|
Okay thanks @wzshiming. I addressed all your comments. Can I have another round of reviews? TIA |
There was a problem hiding this comment.
I have a try, and seems that the merge did not work properly, but overwrote the original content.
status:
activePods:
08451704-809e-450c-a45c-862995158c57: kwok-node-0
conditions:
- lastTransitionTime: "2024-01-18T14:59:32.084011845Z"
status: "True"
type: Ready
guestOSInfo: {}
launcherContainerImageVersion: quay.io/kubevirt/virt-launcher:v1.1.1
memory:
guestAtBoot: 50M
guestCurrent: 50M
guestRequested: 50M
phase: Running
phaseTransitionTimestamps:
- phase: Running
phaseTransitionTimestamp: "2024-01-18T14:59:32.084011845Z"
runtimeUser: 107
volumeStatus:
- name: containerdisk
target: ""status:
activePods:
4de00779-ba67-438f-8357-213ac7500f22: kwok-node-0
conditions:
- lastProbeTime: "2024-01-18T14:56:22Z"
lastTransitionTime: "2024-01-18T14:56:22Z"
message: Guest VM is not reported as running
reason: GuestNotRunning
status: "False"
type: Ready
guestOSInfo: {}
launcherContainerImageVersion: quay.io/kubevirt/virt-launcher:v1.1.1
memory:
guestAtBoot: 50M
guestCurrent: 50M
guestRequested: 50M
migrationTransport: Unix
nodeName: kwok-node-0
phase: Scheduled
phaseTransitionTimestamps:
- phase: Pending
phaseTransitionTimestamp: "2024-01-18T14:56:22Z"
- phase: Scheduling
phaseTransitionTimestamp: "2024-01-18T14:56:22Z"
- phase: Scheduled
phaseTransitionTimestamp: "2024-01-18T14:56:22Z"
qosClass: Burstable
runtimeUser: 107
volumeStatus:
- name: containerdisk
target: ""d975050 to
2fab875
Compare
|
@wzshiming, yes I had this problem too
Although I modified the stage vmi-ready with following: With this change to vmi-ready, the merge worked properly for me After: |
|
@wzshiming thanks for another round of reviews, I pushed a change addressing all the comments |
2fab875 to
8511434
Compare
Signed-off-by: Alay Patel <alay1431@gmail.com>
8511434 to
7d18f43
Compare
|
/approve Thank you for your contribution! |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: alaypatel07, wzshiming The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Once this is merged, I will rebase the #911 |
|
@wzshiming is there a way to manually re-trigger the failing github actions test |
|
/retest |
What type of PR is this?
/kind feature
/kind api-change
What this PR does / why we need it:
This PR adds API support to stage CRD for using impersonation to patch status and an option to patch entire object instead of subresource
Which issue(s) this PR fixes:
Fixes #903
Special notes for your reviewer:
The impersonate permission is not granted to the service account by default because this seems like an advance usecase. When user wants to use impersonation, the impersonate permissions can be patched as its done here https://github.com/kwok-ci/kubevirt-demo/blob/main/kustomize/rbac/role.yaml
Does this PR introduce a user-facing change?
Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.: