Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added SSL support for deleting restic repository from Minio backend #464

Merged
merged 2 commits into from
May 4, 2018

Conversation

hossainemruz
Copy link
Contributor

This has following changes:

  • Add SSL support for deleting restic repository from Minio backend
  • Uses OSM v0.7.0
  • Enable Minio to run on kubernetes v1.10.0 cluster

@hossainemruz hossainemruz requested a review from tamalsaha May 4, 2018 10:29
@codecov-io
Copy link

codecov-io commented May 4, 2018

Codecov Report

Merging #464 into master will not change coverage.
The diff coverage is n/a.

Impacted file tree graph

@@          Coverage Diff          @@
##           master   #464   +/-   ##
=====================================
  Coverage      84%    84%           
=====================================
  Files           2      2           
  Lines          25     25           
=====================================
  Hits           21     21           
  Misses          2      2           
  Partials        2      2

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5c5ff15...4a7062c. Read the comment docs.

@tamalsaha tamalsaha requested a review from the-redback May 4, 2018 17:16
@tamalsaha tamalsaha merged commit 4b5ac49 into master May 4, 2018
@tamalsaha tamalsaha deleted the osm-cacerts branch May 4, 2018 17:20
@@ -11,6 +11,12 @@ rules:
- customresourcedefinitions
verbs:
- "*"
- apiGroups:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@emruz-hossain , why do we need this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have added this rules to avoid this.

Log from operator:

I0505 15:10:48.997875       1 reflector.go:240] Listing and watching *v1beta1.MutatingWebhookConfiguration from github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87
I0505 15:10:49.000133       1 reflector.go:240] Listing and watching *v1beta1.ValidatingWebhookConfiguration from github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87
E0505 15:10:49.001929       1 reflector.go:205] github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1beta1.MutatingWebhookConfiguration: mutatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:kube-system:stash-operator" cannot list mutatingwebhookconfigurations.admissionregistration.k8s.io at the cluster scope
E0505 15:10:49.004334       1 reflector.go:205] github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1beta1.ValidatingWebhookConfiguration: validatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:kube-system:stash-operator" cannot list validatingwebhookconfigurations.admissionregistration.k8s.io at the cluster scope
I0505 15:10:50.002391       1 reflector.go:240] Listing and watching *v1beta1.MutatingWebhookConfiguration from github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87

I haven't notice them before. We don't watch webhookconfiguration in operator. But I don't know why operator is watching those. This seems to happen after client-go update.

However, after adding those rules still see this in log,

I0505 15:23:43.179154       1 reflector.go:240] Listing and watching *v1beta1.ValidatingWebhookConfiguration from github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87
I0505 15:23:43.179154       1 reflector.go:240] Listing and watching *v1beta1.MutatingWebhookConfiguration from github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87
E0505 15:23:43.188256       1 reflector.go:322] github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87: Failed to watch *v1beta1.MutatingWebhookConfiguration: unknown (get mutatingwebhookconfigurations.admissionregistration.k8s.io)
E0505 15:23:43.189344       1 reflector.go:322] github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87: Failed to watch *v1beta1.ValidatingWebhookConfiguration: unknown (get validatingwebhookconfigurations.admissionregistration.k8s.io)

Btw, these does not seem to cause any problems for operator's regular task.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I haven't notice them before. We don't watch webhookconfiguration in operator. But I don't know why operator is watching those. This seems to happen after client-go update.

You are right. I also noticed a line like plugins.go:149] Loaded 3 admission controller(s) successfully in the following order: NamespaceLifecycle,MutatingAdmissionWebhook,ValidatingAdmissionWebhook.

I think the proper fix is disabling admission plugins for webhook server. openshift/generic-admission-server#14

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants