Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

✨ Distinct webhook deployments #757

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

akutz
Copy link
Collaborator

@akutz akutz commented Oct 18, 2024

What does this PR do, and why is it needed?

This path introduces distinct webhook deployments for the admission and conversion webhooks. This is to provide a more stable and performant experience. The webhook pods will not require nearly as much memory as the controller-manager pods. Additionally, if the webhooks ever go down, it is a bad time. Admission webhooks being unavailable means no one can apply any changes to the VM Op APIs. The conversion webhooks being offline means no one can even read the VM Op APIs.

This patch also removes the vestigial use of kustomizeconfig files since they are no longer needed, having been replaced by, well, the replacements feature.

Which issue(s) is/are addressed by this PR? (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):

Fixes NA

Are there any special notes for your reviewer:

We need to:

  • Consider the impact to upgrades.
  • Validate and reserve the new ports on Supervisor.

For a full list of the changes this PR introduces, please follow the steps below:

  1. Generate the config/local/infrastructure-components-original.yaml and config/local/infrastructure-components.yaml files to compare them:

    cd "$(mktemp -d)" && \
    git clone https://github.com/vmware-tanzu/vm-operator . && \
    git checkout main && \
    make kustomize-local && \
    cp -f config/local/infrastructure-components.yaml config/local/infrastructure-components-original.yaml && \
    git remote add akutz https://github.com/akutz/vm-operator && \
    git fetch akutz && \
    git checkout feature/webhook-deployments && \
    make kustomize-local
  2. Once the two files have been generated, compare them with:

    diff -u \
      config/local/infrastructure-components-original.yaml \
      config/local/infrastructure-components.yaml
  3. The diff should look just like the following:

    --- config/local/infrastructure-components-original.yaml	2024-10-18 11:53:52.157161044 -0500
    +++ config/local/infrastructure-components.yaml	2024-10-18 11:53:55.289031554 -0500
    @@ -291,7 +291,7 @@
         webhook:
           clientConfig:
             service:
    -          name: vmware-system-vmop-webhook-service
    +          name: vmware-system-vmop-conversion-webhook-service
               namespace: vmware-system-vmop
               path: /convert
           conversionReviewVersions:
    @@ -2069,7 +2069,7 @@
         webhook:
           clientConfig:
             service:
    -          name: vmware-system-vmop-webhook-service
    +          name: vmware-system-vmop-conversion-webhook-service
               namespace: vmware-system-vmop
               path: /convert
           conversionReviewVersions:
    @@ -2759,7 +2759,7 @@
         webhook:
           clientConfig:
             service:
    -          name: vmware-system-vmop-webhook-service
    +          name: vmware-system-vmop-conversion-webhook-service
               namespace: vmware-system-vmop
               path: /convert
           conversionReviewVersions:
    @@ -3663,7 +3663,7 @@
         webhook:
           clientConfig:
             service:
    -          name: vmware-system-vmop-webhook-service
    +          name: vmware-system-vmop-conversion-webhook-service
               namespace: vmware-system-vmop
               path: /convert
           conversionReviewVersions:
    @@ -6621,7 +6621,7 @@
         webhook:
           clientConfig:
             service:
    -          name: vmware-system-vmop-webhook-service
    +          name: vmware-system-vmop-conversion-webhook-service
               namespace: vmware-system-vmop
               path: /convert
           conversionReviewVersions:
    @@ -12098,7 +12098,7 @@
         webhook:
           clientConfig:
             service:
    -          name: vmware-system-vmop-webhook-service
    +          name: vmware-system-vmop-conversion-webhook-service
               namespace: vmware-system-vmop
               path: /convert
           conversionReviewVersions:
    @@ -12640,7 +12640,7 @@
         webhook:
           clientConfig:
             service:
    -          name: vmware-system-vmop-webhook-service
    +          name: vmware-system-vmop-conversion-webhook-service
               namespace: vmware-system-vmop
               path: /convert
           conversionReviewVersions:
    @@ -13686,6 +13686,19 @@
     apiVersion: v1
     kind: Service
     metadata:
    +  name: vmware-system-vmop-admission-webhook-service
    +  namespace: vmware-system-vmop
    +spec:
    +  ports:
    +  - name: https
    +    port: 443
    +    targetPort: https
    +  selector:
    +    webhook: admission
    +---
    +apiVersion: v1
    +kind: Service
    +metadata:
       labels:
         control-plane: controller-manager
       name: vmware-system-vmop-controller-manager-metrics-service
    @@ -13701,6 +13714,19 @@
     apiVersion: v1
     kind: Service
     metadata:
    +  name: vmware-system-vmop-conversion-webhook-service
    +  namespace: vmware-system-vmop
    +spec:
    +  ports:
    +  - name: https
    +    port: 443
    +    targetPort: https
    +  selector:
    +    webhook: conversion
    +---
    +apiVersion: v1
    +kind: Service
    +metadata:
       labels:
         app: web-console-validator
       name: vmware-system-vmop-web-console-validator
    @@ -13713,18 +13739,82 @@
       selector:
         app: web-console-validator
     ---
    -apiVersion: v1
    -kind: Service
    +apiVersion: apps/v1
    +kind: Deployment
     metadata:
    -  name: vmware-system-vmop-webhook-service
    +  labels:
    +    controller-tools.k8s.io: "1.0"
    +    webhook: admission
    +  name: vmware-system-vmop-admission-webhook
       namespace: vmware-system-vmop
     spec:
    -  ports:
    -  - name: https
    -    port: 443
    -    targetPort: webhook-server
       selector:
    -    control-plane: controller-manager
    +    matchLabels:
    +      controller-tools.k8s.io: "1.0"
    +      webhook: admission
    +  template:
    +    metadata:
    +      labels:
    +        controller-tools.k8s.io: "1.0"
    +        name: vmoperator-admission-webhook
    +        webhook: admission
    +    spec:
    +      containers:
    +      - args:
    +        - --enable-leader-election=false
    +        - --health-addr=127.0.0.1:9446
    +        - --metrics-addr=0
    +        - --profiler-address=0
    +        command:
    +        - /manager
    +        env:
    +        - name: VMOP_CONTAINER_TYPE
    +          value: admission-webhook
    +        - name: WEBHOOK_SERVICE_NAMESPACE
    +          value: vmware-system-vmop
    +        - name: WEBHOOK_SERVICE_NAME
    +          value: vmware-system-vmop-admission-webhook-service
    +        - name: WEBHOOK_SECRET_NAMESPACE
    +          value: vmware-system-vmop
    +        - name: WEBHOOK_SECRET_NAME
    +          value: webhook-server-cert
    +        - name: WEBHOOK_SECRET_VOLUME_MOUNT_PATH
    +          value: /tmp/k8s-webhook-server/serving-certs
    +        - name: WEBHOOK_SERVICE_CONTAINER_PORT
    +          value: "9878"
    +        image: vmoperator-controller:latest
    +        imagePullPolicy: Never
    +        name: manager
    +        ports:
    +        - containerPort: 9446
    +          name: health-probe
    +          protocol: TCP
    +        - containerPort: 9878
    +          name: https
    +          protocol: TCP
    +        readinessProbe:
    +          httpGet:
    +            path: /readyz
    +            port: health-probe
    +        resources:
    +          limits:
    +            cpu: 200m
    +            memory: 200Mi
    +          requests:
    +            cpu: 100m
    +            memory: 75Mi
    +        volumeMounts:
    +        - mountPath: /tmp/k8s-webhook-server/serving-certs
    +          name: cert
    +          readOnly: true
    +      nodeSelector:
    +        node-role.kubernetes.io/control-plane: ""
    +      terminationGracePeriodSeconds: 10
    +      volumes:
    +      - name: cert
    +        secret:
    +          defaultMode: 420
    +          secretName: webhook-server-cert
     ---
     apiVersion: apps/v1
     kind: Deployment
    @@ -13758,6 +13848,7 @@
           containers:
           - args:
             - --metrics-addr=127.0.0.1:8080
    +        - --health-addr=127.0.0.1:9445
             command:
             - /manager
             env:
    @@ -13827,25 +13918,12 @@
               valueFrom:
                 fieldRef:
                   fieldPath: spec.serviceAccountName
    -        - name: WEBHOOK_SERVICE_NAMESPACE
    -          value: vmware-system-vmop
    -        - name: WEBHOOK_SERVICE_NAME
    -          value: vmware-system-vmop-webhook-service
    -        - name: WEBHOOK_SECRET_NAMESPACE
    -          value: vmware-system-vmop
    -        - name: WEBHOOK_SECRET_NAME
    -          value: webhook-server-cert
    -        - name: WEBHOOK_SECRET_VOLUME_MOUNT_PATH
    -          value: /tmp/k8s-webhook-server/serving-certs
    -        - name: WEBHOOK_SERVICE_CONTAINER_PORT
    -          value: "9878"
    +        - name: VMOP_CONTAINER_TYPE
    +          value: controller-manager
             image: vmoperator-controller:latest
             imagePullPolicy: Never
             name: manager
             ports:
    -        - containerPort: 9878
    -          name: webhook-server
    -          protocol: TCP
             - containerPort: 9445
               name: health-probe
               protocol: TCP
    @@ -13860,10 +13938,6 @@
               requests:
                 cpu: 100m
                 memory: 75Mi
    -        volumeMounts:
    -        - mountPath: /tmp/k8s-webhook-server/serving-certs
    -          name: cert
    -          readOnly: true
           - args:
             - --secure-listen-address=0.0.0.0:8443
             - --upstream=http://127.0.0.1:8080/
    @@ -13889,6 +13963,78 @@
             key: kubeadmNode
             operator: Equal
             value: master
    +---
    +apiVersion: apps/v1
    +kind: Deployment
    +metadata:
    +  labels:
    +    controller-tools.k8s.io: "1.0"
    +    webhook: conversion
    +  name: vmware-system-vmop-conversion-webhook
    +  namespace: vmware-system-vmop
    +spec:
    +  selector:
    +    matchLabels:
    +      controller-tools.k8s.io: "1.0"
    +      webhook: conversion
    +  template:
    +    metadata:
    +      labels:
    +        controller-tools.k8s.io: "1.0"
    +        name: vmoperator-conversion-webhook
    +        webhook: conversion
    +    spec:
    +      containers:
    +      - args:
    +        - --enable-leader-election=false
    +        - --health-addr=127.0.0.1:9447
    +        - --metrics-addr=0
    +        - --profiler-address=0
    +        command:
    +        - /manager
    +        env:
    +        - name: VMOP_CONTAINER_TYPE
    +          value: conversion-webhook
    +        - name: WEBHOOK_SERVICE_NAMESPACE
    +          value: vmware-system-vmop
    +        - name: WEBHOOK_SERVICE_NAME
    +          value: vmware-system-vmop-conversion-webhook-service
    +        - name: WEBHOOK_SECRET_NAMESPACE
    +          value: vmware-system-vmop
    +        - name: WEBHOOK_SECRET_NAME
    +          value: webhook-server-cert
    +        - name: WEBHOOK_SECRET_VOLUME_MOUNT_PATH
    +          value: /tmp/k8s-webhook-server/serving-certs
    +        - name: WEBHOOK_SERVICE_CONTAINER_PORT
    +          value: "9879"
    +        image: vmoperator-controller:latest
    +        imagePullPolicy: Never
    +        name: manager
    +        ports:
    +        - containerPort: 9447
    +          name: health-probe
    +          protocol: TCP
    +        - containerPort: 9879
    +          name: https
    +          protocol: TCP
    +        readinessProbe:
    +          httpGet:
    +            path: /readyz
    +            port: health-probe
    +        resources:
    +          limits:
    +            cpu: 200m
    +            memory: 200Mi
    +          requests:
    +            cpu: 100m
    +            memory: 75Mi
    +        volumeMounts:
    +        - mountPath: /tmp/k8s-webhook-server/serving-certs
    +          name: cert
    +          readOnly: true
    +      nodeSelector:
    +        node-role.kubernetes.io/control-plane: ""
    +      terminationGracePeriodSeconds: 10
           volumes:
           - name: cert
             secret:
    @@ -13962,8 +14108,10 @@
       namespace: vmware-system-vmop
     spec:
       dnsNames:
    -  - vmware-system-vmop-webhook-service.vmware-system-vmop.svc
    -  - vmware-system-vmop-webhook-service.vmware-system-vmop.svc.cluster.local
    +  - vmware-system-vmop-admission-webhook-service.vmware-system-vmop.svc
    +  - vmware-system-vmop-admission-webhook-service.vmware-system-vmop.svc.cluster.local
    +  - vmware-system-vmop-conversion-webhook-service.vmware-system-vmop.svc
    +  - vmware-system-vmop-conversion-webhook-service.vmware-system-vmop.svc.cluster.local
       issuerRef:
         kind: Issuer
         name: vmware-system-vmop-selfsigned-issuer
    @@ -13991,7 +14139,7 @@
       - v1beta1
       clientConfig:
         service:
    -      name: vmware-system-vmop-webhook-service
    +      name: vmware-system-vmop-admission-webhook-service
           namespace: vmware-system-vmop
           path: /default-mutate-vmoperator-vmware-com-v1alpha3-virtualmachine
       failurePolicy: Fail
    @@ -14012,7 +14160,7 @@
       - v1beta1
       clientConfig:
         service:
    -      name: vmware-system-vmop-webhook-service
    +      name: vmware-system-vmop-admission-webhook-service
           namespace: vmware-system-vmop
           path: /default-mutate-vmoperator-vmware-com-v1alpha3-virtualmachinereplicaset
       failurePolicy: Fail
    @@ -14042,7 +14190,7 @@
       - v1
       clientConfig:
         service:
    -      name: vmware-system-vmop-webhook-service
    +      name: vmware-system-vmop-admission-webhook-service
           namespace: vmware-system-vmop
           path: /default-validate--v1-persistentvolumeclaim
       failurePolicy: Fail
    @@ -14064,7 +14212,7 @@
       - v1beta1
       clientConfig:
         service:
    -      name: vmware-system-vmop-webhook-service
    +      name: vmware-system-vmop-admission-webhook-service
           namespace: vmware-system-vmop
           path: /default-validate-vmoperator-vmware-com-v1alpha3-virtualmachine
       failurePolicy: Fail
    @@ -14085,7 +14233,7 @@
       - v1beta1
       clientConfig:
         service:
    -      name: vmware-system-vmop-webhook-service
    +      name: vmware-system-vmop-admission-webhook-service
           namespace: vmware-system-vmop
           path: /default-validate-vmoperator-vmware-com-v1alpha3-virtualmachineclass
       failurePolicy: Fail
    @@ -14106,7 +14254,7 @@
       - v1beta1
       clientConfig:
         service:
    -      name: vmware-system-vmop-webhook-service
    +      name: vmware-system-vmop-admission-webhook-service
           namespace: vmware-system-vmop
           path: /default-validate-vmoperator-vmware-com-v1alpha3-virtualmachinepublishrequest
       failurePolicy: Fail
    @@ -14127,7 +14275,7 @@
       - v1beta1
       clientConfig:
         service:
    -      name: vmware-system-vmop-webhook-service
    +      name: vmware-system-vmop-admission-webhook-service
           namespace: vmware-system-vmop
           path: /default-validate-vmoperator-vmware-com-v1alpha3-virtualmachinereplicaset
       failurePolicy: Fail
    @@ -14148,7 +14296,7 @@
       - v1beta1
       clientConfig:
         service:
    -      name: vmware-system-vmop-webhook-service
    +      name: vmware-system-vmop-admission-webhook-service
           namespace: vmware-system-vmop
           path: /default-validate-vmoperator-vmware-com-v1alpha3-virtualmachineservice
       failurePolicy: Fail
    @@ -14169,7 +14317,7 @@
       - v1beta1
       clientConfig:
         service:
    -      name: vmware-system-vmop-webhook-service
    +      name: vmware-system-vmop-admission-webhook-service
           namespace: vmware-system-vmop
           path: /default-validate-vmoperator-vmware-com-v1alpha3-virtualmachinesetresourcepolicy
       failurePolicy: Fail
    @@ -14190,7 +14338,7 @@
       - v1beta1
       clientConfig:
         service:
    -      name: vmware-system-vmop-webhook-service
    +      name: vmware-system-vmop-admission-webhook-service
           namespace: vmware-system-vmop
           path: /default-validate-vmoperator-vmware-com-v1alpha1-webconsolerequest
       failurePolicy: Fail
    @@ -14211,7 +14359,7 @@
       - v1beta1
       clientConfig:
         service:
    -      name: vmware-system-vmop-webhook-service
    +      name: vmware-system-vmop-admission-webhook-service
           namespace: vmware-system-vmop
           path: /default-validate-vmoperator-vmware-com-v1alpha3-virtualmachinewebconsolerequest
       failurePolicy: Fail

Please add a release note if necessary:

Move the admission and conversion webhooks into their own pods

@akutz akutz requested review from aruneshpa and bryanv October 18, 2024 15:13
@github-actions github-actions bot added the size/XL Denotes a PR that changes 500-999 lines. label Oct 18, 2024
@akutz akutz force-pushed the feature/webhook-deployments branch 3 times, most recently from 5bb8b75 to 68b8aca Compare October 18, 2024 16:52
This path introduces distinct webhook deployments for the
admission and conversion webhooks. This is to provide a more
stable and performant experience. The webhook pods will not require
nearly as much memory as the controller-manager pods. Additionally,
if the webhooks ever go down, it is a bad time. Admission webhooks
being unavailable means no one can apply any changes to the VM Op
APIs. The conversion webhooks being offline means no one can even
*read* the VM Op APIs.
@akutz akutz force-pushed the feature/webhook-deployments branch from 68b8aca to 877034e Compare October 18, 2024 16:54
Copy link

Code Coverage

Package Line Rate Health
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/clustercontentlibraryitem 82%
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/contentlibraryitem 85%
github.com/vmware-tanzu/vm-operator/controllers/contentlibrary/utils 97%
github.com/vmware-tanzu/vm-operator/controllers/infra/capability/configmap 86%
github.com/vmware-tanzu/vm-operator/controllers/infra/capability/crd 93%
github.com/vmware-tanzu/vm-operator/controllers/infra/configmap 71%
github.com/vmware-tanzu/vm-operator/controllers/infra/node 77%
github.com/vmware-tanzu/vm-operator/controllers/infra/secret 77%
github.com/vmware-tanzu/vm-operator/controllers/infra/validatingwebhookconfiguration 85%
github.com/vmware-tanzu/vm-operator/controllers/infra/zone 76%
github.com/vmware-tanzu/vm-operator/controllers/storageclass 94%
github.com/vmware-tanzu/vm-operator/controllers/storagepolicyquota 97%
github.com/vmware-tanzu/vm-operator/controllers/util/encoding 73%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachine/storagepolicyusage 99%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachine/virtualmachine 86%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachine/volume 86%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineclass 75%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinepublishrequest 81%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinereplicaset 67%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice 83%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachineservice/providers 92%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinesetresourcepolicy 80%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinewebconsolerequest/v1alpha1 72%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinewebconsolerequest/v1alpha1/conditions 88%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinewebconsolerequest/v1alpha1/patch 78%
github.com/vmware-tanzu/vm-operator/controllers/virtualmachinewebconsolerequest/v1alpha2 73%
github.com/vmware-tanzu/vm-operator/pkg/bitmask 100%
github.com/vmware-tanzu/vm-operator/pkg/builder 95%
github.com/vmware-tanzu/vm-operator/pkg/conditions 88%
github.com/vmware-tanzu/vm-operator/pkg/config 100%
github.com/vmware-tanzu/vm-operator/pkg/config/capabilities 100%
github.com/vmware-tanzu/vm-operator/pkg/config/env 100%
github.com/vmware-tanzu/vm-operator/pkg/context/generic 100%
github.com/vmware-tanzu/vm-operator/pkg/context/operation 100%
github.com/vmware-tanzu/vm-operator/pkg/patch 78%
github.com/vmware-tanzu/vm-operator/pkg/prober 91%
github.com/vmware-tanzu/vm-operator/pkg/prober/probe 90%
github.com/vmware-tanzu/vm-operator/pkg/prober/worker 77%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere 75%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/client 80%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/clustermodules 71%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/config 89%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/contentlibrary 74%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/credentials 100%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/network 80%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/placement 79%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/session 71%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/storage 44%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/sysprep 100%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/vcenter 82%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/virtualmachine 84%
github.com/vmware-tanzu/vm-operator/pkg/providers/vsphere/vmlifecycle 67%
github.com/vmware-tanzu/vm-operator/pkg/record 78%
github.com/vmware-tanzu/vm-operator/pkg/topology 91%
github.com/vmware-tanzu/vm-operator/pkg/util 87%
github.com/vmware-tanzu/vm-operator/pkg/util/annotations 100%
github.com/vmware-tanzu/vm-operator/pkg/util/cloudinit 89%
github.com/vmware-tanzu/vm-operator/pkg/util/cloudinit/validate 91%
github.com/vmware-tanzu/vm-operator/pkg/util/image 100%
github.com/vmware-tanzu/vm-operator/pkg/util/kube 88%
github.com/vmware-tanzu/vm-operator/pkg/util/kube/cource 100%
github.com/vmware-tanzu/vm-operator/pkg/util/kube/internal 100%
github.com/vmware-tanzu/vm-operator/pkg/util/kube/spq 100%
github.com/vmware-tanzu/vm-operator/pkg/util/paused 100%
github.com/vmware-tanzu/vm-operator/pkg/util/ptr 100%
github.com/vmware-tanzu/vm-operator/pkg/util/resize 97%
github.com/vmware-tanzu/vm-operator/pkg/util/vmopv1 92%
github.com/vmware-tanzu/vm-operator/pkg/util/vsphere/client 64%
github.com/vmware-tanzu/vm-operator/pkg/util/vsphere/vm 79%
github.com/vmware-tanzu/vm-operator/pkg/util/vsphere/watcher 86%
github.com/vmware-tanzu/vm-operator/pkg/vmconfig 95%
github.com/vmware-tanzu/vm-operator/pkg/vmconfig/crypto 98%
github.com/vmware-tanzu/vm-operator/pkg/webconsolevalidation 100%
github.com/vmware-tanzu/vm-operator/services/vm-watcher 91%
github.com/vmware-tanzu/vm-operator/webhooks/common 100%
github.com/vmware-tanzu/vm-operator/webhooks/persistentvolumeclaim/validation 95%
github.com/vmware-tanzu/vm-operator/webhooks/unifiedstoragequota/validation 92%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachine/mutation 87%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachine/validation 95%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineclass/mutation 62%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineclass/validation 89%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinepublishrequest/validation 92%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinereplicaset/validation 90%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineservice/mutation 67%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachineservice/validation 92%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinesetresourcepolicy/validation 89%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinewebconsolerequest/v1alpha1/validation 92%
github.com/vmware-tanzu/vm-operator/webhooks/virtualmachinewebconsolerequest/v1alpha2/validation 92%
Summary 83% (10381 / 12498)

Minimum allowed line rate is 79%

@JoyceXiaojun
Copy link

Overall looks good to me from upgrade perspective. Shouldn't be any port conflict since we don't explicitly delete any deployment and re-deploy with the same port. We should test upgrade path from last release to main with this change for verification.

One minor thing: should add two new deployment names here when validating component health during upgrade: https://gitlab-vmw.devops.broadcom.net/core-build/cayman_vm-operator/-/blob/vmware-main/vm-operator/wcp_patch/upgrade/gc_component_upgrade.py#L20

Thanks for the change.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
cla-not-required size/XL Denotes a PR that changes 500-999 lines.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants