Controlling Kopf Operator Behavior to Prevent Unwanted Object Creation

Question

Controlling Kopf Operator Behavior to Prevent Unwanted Object Creation

skandarchahbouni opened this issue 7 months ago · comments

Skandar-Ramzi CHAHBOUNI commented 7 months ago

Keywords

No response

Problem

Hello,
I am using Kopf, and I noticed that the CRD objects are always created. For example, let's suppose we have a CRD named "app", which has a Kopf operator with the create handler. If an exception or an error is triggered when the create function is executed, I want the instance to not exist. I mean, if I run the kubectl get app command, I want to find that the instance wasn't created because the create handler triggered an error. However, in Kopf, I noticed that the CRD instances are always created.

Is there a way to avoid that?

Bob Haddleton · Answer 1 · Mon Jan 01 2024 03:04:32 GMT+0800 (China Standard Time)

The on.create() handlers are reacting to the creation of the resource, so any failure in the handler cannot prevent the creation that already happened.

If you want to be able to block the creation of the CR you can use a validating webhook which can reject the creation request if your criteria are/are not met. See: https://kopf.readthedocs.io/en/stable/admission/#validation-handlers

Skandar-Ramzi CHAHBOUNI · Answer 2 · Thu Jan 04 2024 05:19:14 GMT+0800 (China Standard Time)

Hello again, I am struggling to use the admission controller in Kopf. I was using Kind and then switched to Minikube. I have been following the documentation, but it's not working, and I am encountering some unusual errors. I would be very grateful if you could provide any assistance regarding this.

Skandar-Ramzi CHAHBOUNI · Answer 3 · Thu Jan 04 2024 05:21:11 GMT+0800 (China Standard Time)

I have even tried the webhookMinikube method, but it didn't work either.

Bob Haddleton · Answer 4 · Thu Jan 04 2024 05:28:17 GMT+0800 (China Standard Time)

It looks like the Windows signal interface is not compatible - you might want to try Linux.

Skandar-Ramzi CHAHBOUNI · Answer 5 · Thu Jan 04 2024 05:32:22 GMT+0800 (China Standard Time)

My friend is using Windows WSL, but he is also facing some errors, and it's a bit ambiguous to set up the admission controller. @bobh66, have you ever used it? If so, could you please share the steps you have followed?

Bob Haddleton · Answer 6 · Thu Jan 04 2024 05:56:38 GMT+0800 (China Standard Time)

This is how I configure the admission webhook:

@kopf.on.startup()
async def configure(
    settings: kopf.OperatorSettings, logger: kopf.Logger, memo: kopf.Memo, **_
):
    addr = socket.gethostbyname(socket.gethostname())
    with socket.socket() as s:
        s.bind(("", 0))  # Bind to a free port provided by the host.
        port = s.getsockname()[1]
    settings.admission.server = kopf.WebhookServer(port=port, addr=addr)
    settings.admission.managed = "auto.kopf.dev"

Skandar-Ramzi CHAHBOUNI · Answer 7 · Thu Jan 04 2024 06:02:08 GMT+0800 (China Standard Time)

Thank you for your response, but unfortunately the same problem always.

Skandar-Ramzi CHAHBOUNI · Answer 8 · Thu Jan 04 2024 06:04:40 GMT+0800 (China Standard Time)

[2024-01-03 23:01:58,265] kopf._core.reactor.o [ERROR ] Request attempt #9/9 failed; escalating: GET https://127.0.0.1:39627/api -> ClientConnectorError(ConnectionKey(host='127.0.0.1', port=39627, is_ssl=True, ssl=None, proxy=None, proxy_auth=None, proxy_headers_hash=2483569142402266527), ConnectionRefusedError(111, "Connect call failed ('127.0.0.1', 39627)"))