Added SSL support for deleting restic repository from Minio backend #464
Conversation
Codecov Report
@@ Coverage Diff @@
## master #464 +/- ##
=====================================
Coverage 84% 84%
=====================================
Files 2 2
Lines 25 25
=====================================
Hits 21 21
Misses 2 2
Partials 2 2Continue to review full report at Codecov.
|
| @@ -11,6 +11,12 @@ rules: | |||
| - customresourcedefinitions | |||
| verbs: | |||
| - "*" | |||
| - apiGroups: | |||
There was a problem hiding this comment.
@emruz-hossain , why do we need this?
There was a problem hiding this comment.
I have added this rules to avoid this.
Log from operator:
I0505 15:10:48.997875 1 reflector.go:240] Listing and watching *v1beta1.MutatingWebhookConfiguration from github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87
I0505 15:10:49.000133 1 reflector.go:240] Listing and watching *v1beta1.ValidatingWebhookConfiguration from github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87
E0505 15:10:49.001929 1 reflector.go:205] github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1beta1.MutatingWebhookConfiguration: mutatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:kube-system:stash-operator" cannot list mutatingwebhookconfigurations.admissionregistration.k8s.io at the cluster scope
E0505 15:10:49.004334 1 reflector.go:205] github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87: Failed to list *v1beta1.ValidatingWebhookConfiguration: validatingwebhookconfigurations.admissionregistration.k8s.io is forbidden: User "system:serviceaccount:kube-system:stash-operator" cannot list validatingwebhookconfigurations.admissionregistration.k8s.io at the cluster scope
I0505 15:10:50.002391 1 reflector.go:240] Listing and watching *v1beta1.MutatingWebhookConfiguration from github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87
I haven't notice them before. We don't watch webhookconfiguration in operator. But I don't know why operator is watching those. This seems to happen after client-go update.
However, after adding those rules still see this in log,
I0505 15:23:43.179154 1 reflector.go:240] Listing and watching *v1beta1.ValidatingWebhookConfiguration from github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87
I0505 15:23:43.179154 1 reflector.go:240] Listing and watching *v1beta1.MutatingWebhookConfiguration from github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87
E0505 15:23:43.188256 1 reflector.go:322] github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87: Failed to watch *v1beta1.MutatingWebhookConfiguration: unknown (get mutatingwebhookconfigurations.admissionregistration.k8s.io)
E0505 15:23:43.189344 1 reflector.go:322] github.com/appscode/stash/vendor/k8s.io/client-go/informers/factory.go:87: Failed to watch *v1beta1.ValidatingWebhookConfiguration: unknown (get validatingwebhookconfigurations.admissionregistration.k8s.io)
Btw, these does not seem to cause any problems for operator's regular task.
There was a problem hiding this comment.
I haven't notice them before. We don't watch webhookconfiguration in operator. But I don't know why operator is watching those. This seems to happen after client-go update.
You are right. I also noticed a line like plugins.go:149] Loaded 3 admission controller(s) successfully in the following order: NamespaceLifecycle,MutatingAdmissionWebhook,ValidatingAdmissionWebhook.
I think the proper fix is disabling admission plugins for webhook server. openshift/generic-admission-server#14
This has following changes: