Controlling Kopf Operator Behavior to Prevent Unwanted Object Creation
skandarchahbouni opened this issue · comments
Keywords
No response
Problem
Hello,
I am using Kopf, and I noticed that the CRD objects are always created. For example, let's suppose we have a CRD named "app", which has a Kopf operator with the create handler. If an exception or an error is triggered when the create function is executed, I want the instance to not exist. I mean, if I run the kubectl get app
command, I want to find that the instance wasn't created because the create handler triggered an error. However, in Kopf, I noticed that the CRD instances are always created.
Is there a way to avoid that?
The on.create() handlers are reacting to the creation of the resource, so any failure in the handler cannot prevent the creation that already happened.
If you want to be able to block the creation of the CR you can use a validating webhook which can reject the creation request if your criteria are/are not met. See: https://kopf.readthedocs.io/en/stable/admission/#validation-handlers
Hello again, I am struggling to use the admission controller in Kopf. I was using Kind and then switched to Minikube. I have been following the documentation, but it's not working, and I am encountering some unusual errors. I would be very grateful if you could provide any assistance regarding this.
It looks like the Windows signal interface is not compatible - you might want to try Linux.
My friend is using Windows WSL, but he is also facing some errors, and it's a bit ambiguous to set up the admission controller. @bobh66, have you ever used it? If so, could you please share the steps you have followed?
This is how I configure the admission webhook:
@kopf.on.startup()
async def configure(
settings: kopf.OperatorSettings, logger: kopf.Logger, memo: kopf.Memo, **_
):
addr = socket.gethostbyname(socket.gethostname())
with socket.socket() as s:
s.bind(("", 0)) # Bind to a free port provided by the host.
port = s.getsockname()[1]
settings.admission.server = kopf.WebhookServer(port=port, addr=addr)
settings.admission.managed = "auto.kopf.dev"
[2024-01-03 23:01:58,265] kopf._core.reactor.o [ERROR ] Request attempt #9/9 failed; escalating: GET https://127.0.0.1:39627/api -> ClientConnectorError(ConnectionKey(host='127.0.0.1', port=39627, is_ssl=True, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=2483569142402266527), ConnectionRefusedError(111, "Connect call failed ('127.0.0.1', 39627)"))