Skip to content

Limit Scope of OpenShift Auto Detect Discovery #2897

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 6, 2021
Merged

Limit Scope of OpenShift Auto Detect Discovery #2897

merged 1 commit into from
Dec 6, 2021
+15 −10

Conversation

andrewlecuyer
Copy link
Collaborator

The OpenShift auto-detection logic has been updated to only check for server resources (and therefore the SecurityContextConstraints kind) in the security.openshift.io group. This is done to prevent a single broken (and related) API in the Kubernetes cluster from breaking the OpenShift detection logic, as can occur when checking all server groups and resources.

Checklist:

  • Have you added an explanation of what your changes do and why you'd like them to be included?
  • Have you updated or added documentation for the change, as applicable?
  • Have you tested your changes on all related environments with successful results, as applicable?
    • Have you added automated tests?

Type of Changes:

  • New feature
  • Bug fix
  • Documentation
  • Testing enhancement
  • Other

What is the current behavior (link to any open issues here)?

The OpenShift auto-detection logic checks all server groups and resources.

[sc-13205]

What is the new behavior (if this is a feature change)?

  • Breaking change (fix or feature that would cause existing functionality to change)

The OpenShift auto-detection logic only checks for resources in the server group we care about.

Other Information:

N/A

@andrewlecuyer
Limit Scope of OpenShift Auto Detect Discovery
9490215 
The OpenShift auto-detection logic has been updated to only check for
server resources (and therefore the "SecurityContextConstraints" kind)
in the "security.openshift.io" group.  This is done to prevent a single
broken (and related) API in the Kubernetes cluster from breaking the
OpenShift detection logic, as can occur when checking all server groups
and resources.

Issue: [sc-13205]
cbandy
cbandy approved these changes Dec 3, 2021
View reviewed changes
cmd/postgres-operator/main.go
// "security.openshift.io" Group, we'll return that this is an OpenShift
// environment
for _, rl := range resourceLists {
if strings.HasPrefix(rl.GroupVersion, sccGroup+"/") {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍🏻 This also got rid of our GroupVersion matching/parsing.

cmd/postgres-operator/main.go
for _, rl := range resourceLists {
if strings.HasPrefix(rl.GroupVersion, sccGroup+"/") {
for _, r := range rl.APIResources {
groups, err := client.ServerGroups()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⛏️ The variable for the other calls is resourceList.

Suggested change
groups, err := client.ServerGroups()
groupList, err := client.ServerGroups()

@andrewlecuyer andrewlecuyer merged commit 84e2034 into CrunchyData:master Dec 6, 2021
@jkatz jkatz linked an issue Dec 7, 2021 that may be closed by this pull request
postgres-startup init fail #2870
Closed
@jkatz jkatz mentioned this pull request Dec 7, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cbandy cbandy cbandy approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

postgres-startup init fail
2 participants
@andrewlecuyer @cbandy