[v3.24] fix(crds): install applicationlayer WAF CRDs in v1-CRD mode#4921
Open
electricjesus wants to merge 1 commit into
Open
[v3.24] fix(crds): install applicationlayer WAF CRDs in v1-CRD mode#4921electricjesus wants to merge 1 commit into
electricjesus wants to merge 1 commit into
Conversation
electricjesus
added
kind/bug
electricjesus
force-pushed
the
seth/operator-waf-crds-v1mode-v1.43
branch
from
fcf7351 to
3c7d95c
Compare
The applicationlayer.projectcalico.org WAF CRDs (WAFPolicy, GlobalWAFPolicy, WAFPlugin, GlobalWAFPlugin, WAFValidationPolicy, GlobalWAFValidationPolicy) were bundled into the v3.projectcalico.org datastore CRD source directory, so the operator installed them only in v3-CRD mode. On a standard apiserver-backed install the operator runs in v1-CRD mode and skipped them entirely, and the aggregated apiserver does not serve the applicationlayer.projectcalico.org group, so the kinds were unavailable and the kube-controllers WAF reconcilers could not start their informers. Gateway WAF was therefore unusable on any standard install. applicationlayer.projectcalico.org is a distinct, CRD-only API group with a single v3 schema (not the crd.projectcalico.org <-> projectcalico.org rename), so it is now handled the same way as policy.networking.k8s.io: synced into its own CRD source directory and installed unconditionally in both v1-CRD and v3-CRD modes via a dedicated getApplicationLayerCRDSource(). (cherry picked from commit 9595dc9)
electricjesus
force-pushed
the
seth/operator-waf-crds-v1mode-v1.43
branch
from
3c7d95c to
781e38b
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Cherry-pick of #4920.
Description
Bug fix.
The
applicationlayer.projectcalico.orgWAF v3 CRDs (WAFPolicy,GlobalWAFPolicy,WAFPlugin,GlobalWAFPlugin,WAFValidationPolicy,GlobalWAFValidationPolicy) were bundled into theenterprise/v3.projectcalico.org/datastore CRD source directory, sogetEnterpriseCRDSourceinstalled them only in v3-CRD mode. On a standard apiserver-backed install the operator runs in v1-CRD mode, selects theenterprise/v1.crd.projectcalico.orgsource dir, and skips these CRDs entirely. Becauseapplicationlayer.projectcalico.orgis a CRD-only group (the aggregated apiserver serves onlyprojectcalico.org), the kinds are then unavailable and the kube-controllers WAF reconcilers cannot start their informers — so gateway WAF is unusable on any standard install.applicationlayer.projectcalico.orgis a distinct, CRD-only API group with a single v3 schema (not thecrd.projectcalico.org↔projectcalico.orggroup rename), so it is now handled the same way aspolicy.networking.k8s.io: synced into its own CRD source directory (pkg/imports/crds/enterprise/applicationlayer.projectcalico.org/) and installed unconditionally in both v1-CRD and v3-CRD modes via a dedicatedgetApplicationLayerCRDSource().pkg/imports/crds), CRD sync (Makefile)applicationlayer.projectcalico.orgCRDs are present for the Enterprise variant in both v1-CRD and v3-CRD modes.applicationlayer.projectcalico.orgCRDs were installed; with this change the operator installs all six. Re-verified by deleting the CRDs and confirming the operator reinstalls all six via the new code path. Cross-checked against a--no-api-server(v3-CRD) cluster where the CRDs were already present.Release Note
For PR author
pkg/imports/crds/crds_test.goasserts the WAF CRDs install in both v1-CRD and v3-CRD modes.make gen-files— N/A, nopkg/apis/changes.make gen-versions— N/A, no version changes. (CRD sync layout updated inMakefilesoupdate-enterprise-crdsrelocates these CRDs to the dedicated dir.)For PR reviewers
kind/bug,enterprise.