Add --include-namespaces-regex features #89
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
|
Welcome @santinoncs! |
|
Hi @santinoncs. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
needs-ok-to-test
There was a problem hiding this comment.
Thanks, this looks like a good change! I'd forgotten that we'd already switched to automatically managing the labels, that's really nice since it makes this change much easier.
I've left some detailed comments in the relevant lines of code, but once you've made those changes, can you please:
- Squash all your commits into one commit and then force-push them to your branch? That'll keep our history cleaner.
- In your commit message, include a paragraph or two about how you tested this change, especially since you're not adding end-to-end tests. A good example of such a comment is here.
Thanks!
| if config.ExcludedNamespaces[ns] { | ||
| // Early exit if it's an excluded namespace | ||
|
|
||
| if !utils.IsNamespaceIncluded(ns, config.IncludedNamespacesRegex, config.ExcludedNamespaces) { |
There was a problem hiding this comment.
Note all the repetition here - another hint that IsNamespaceIncluded should only take one parameter (the one that changes each time it's called), not three (two of which never change).
There was a problem hiding this comment.
I think config.ExcludeNamespaces changes depending on the point in code you call IsNamespaceIncluded.
So this would be
if !utils.IsNamespaceIncluded(ns, config.ExcludedNamespaces) {
and as you wrote down in the comment below, use
SetIncludedNamespaces()
to set the
config.IncludedNamespacesRegex
What do you think ?
There was a problem hiding this comment.
I had another look and config.ExcludedNamespaces is only set by the command-line flags, and never changes once HNC starts. So it should be a constant throughout. The only exception is for unit tests, but you can just call config.SetNamespaces(regex, excluded) in unit tests too.
Makefile
Outdated
| @@ -76,7 +76,7 @@ GOBIN ?= $(shell go env GOPATH)/bin | |||
| HNC_KREW_TAR_SHA256=$(shell sha256sum bin/kubectl-hns.tar.gz | cut -d " " -f 1) | |||
|
|
|||
| # The directories to run Go command on (excludes /vendor) | |||
| DIRS=./api/... ./cmd/... ./internal/... | |||
| DIRS=./api/... ./cmd/... ./internal/... ./pkg/... | |||
internal/config/namespace.go
Outdated
| return false | ||
| } | ||
|
|
||
| match, err := regexp.MatchString(includedNamespacesRegex, name) |
There was a problem hiding this comment.
Are we changing the semantics to include an implied ^...$? E.g. if I say --included-namespace-regex=test-.*, will I match prod-test-service or not?
There was a problem hiding this comment.
it seems good idea to add this implied ^..$
in this case this won't match
prod-test-service
internal/config/namespace_test.go
Outdated
| excludeNamespaces map[string]bool | ||
| expect bool | ||
| }{ | ||
| {name: "foobar", regex: "foo*", excludeNamespaces: map[string]bool{"bar": true}, expect: true}, |
There was a problem hiding this comment.
This will also match fo. Is that what you intended? Or did you mean foo.*?
internal/mutators/namespace.go
Outdated
| @@ -65,6 +65,7 @@ func (m *Namespace) handle(log logr.Logger, ns *corev1.Namespace) { | |||
| log.Info("Not an excluded namespace; set included-namespace label.") | |||
| ns.Labels[api.LabelIncludedNamespace] = "true" | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
Remove extra newlines please?
santinoncs
force-pushed
the
included-namespaces
branch
2 times, most recently
from
273b7df to
1bf897d
Compare
There was a problem hiding this comment.
lgtm with a few final nits in the details and one or two last questions about testing.
Can you please give the commit a nice, short title? e.g. it turns up strangely if you look at it here, as well as in the git log command. E.g. the title could be something like:
Add --include-namespaces-regex features
Finally, did you test this manually, e.g. by using a regex like test-.*? If so, can you please add that to the "Testing" paragraph in your commit message? Right now, it doesn't say that you've done any end-to-end testing and you didn't add any end-to-end tests (which are really tricky for this kind of change), so let's just record what you did do in the commit message.
/cc @rjbez17
Ryan, do you want to check this out?
internal/reconcilers/anchor.go
Outdated
| @@ -75,7 +74,8 @@ func (r *AnchorReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctr | |||
|
|
|||
| // Always delete anchor (and any other HNC CRs) in the excluded namespaces and | |||
| // early exit. | |||
| if config.ExcludedNamespaces[pnm] { | |||
|
|
|||
santinoncs
force-pushed
the
included-namespaces
branch
from
6f552f3 to
76bb724
Compare
internal/config/namespace.go
Outdated
| } | ||
|
|
||
| match, err := regexp.MatchString("^"+includedNamespacesRegex+"$", name) | ||
| if err != nil { |
There was a problem hiding this comment.
If err exists here is usually means some sort of regex compiling error, it seems like that may be helpful to log so admins can see their regex is bad.
There was a problem hiding this comment.
I missed that, good catch!
It would be unfortunate to pass a logger into each call of this function, so maybe in SetNamespaces, rather than saving the string version of the regex, Compile it into a Regexp object and save that? Then you can call Regexp.Match which doesn't return an error.
There was a problem hiding this comment.
Thanks, the code looks good. Just two things left:
- Can you please squash all the commits into one?
- Your "testing" comment in the first commit message just says that you ran the automated tests, which isn't necessary (the CI system will run that), so you can take that out. But it doesn't say how you manually tested it. E.g. did you install HNC on your system with a regex and verify that everything still works? If so, please document that, and if not, can you please try that, and then update the commit message?
Other than that, lgtm! Thanks for this change, I'll approve it.
This PR allows us to select which namespaces we want HNC to manage. By adding a new parameter called "--included-namespaces-regex" we will select them. By choosing this way we are including the namespaces that match this regex. If this parameter is not included, we assume that all namespaces except excluded ones are included, as usual. Testing: the function isIncluded is the one that is called and tells you if this namespace is included or not. There is a test for this function in the config package. Testing process: * I manually deploy via kind ( make deploy ) with this startup parameters - --excluded-namespace=kube-system - --excluded-namespace=kube-public - --excluded-namespace=hnc-system - --excluded-namespace=kube-node-lease - --included-namespace-regex=test-.* - --excluded-namespace=test-1 this resulted in the following output $ kubectl get ns --show-labels NAME STATUS AGE LABELS default Active 89m default.tree.hnc.x-k8s.io/depth=0 hnc-system Active 71s control-plane=controller-manager kube-node-lease Active 89m <none> kube-public Active 89m <none> kube-system Active 89m <none> local-path-storage Active 89m local-path-storage.tree.hnc.x-k8s.io/depth=0 test-1 Active 5s <none> test-2 Active 6s hnc.x-k8s.io/included-namespace=true,test-2.tree.hnc.x-k8s.io/depth=0
santinoncs
force-pushed
the
included-namespaces
branch
from
80d4f7e to
77c3d14
Compare
adrianludwin
changed the title
|
This is a great change, thanks so much! /lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: adrianludwin, santinoncs The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
Thanks for your help |
In order to just specify few namespaces to be managed by HNC we implemented this logic. So in the case you want to exclude everything except specific namespaces, you can set this parameter
Check this out for more info
#87