Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trust-manager- implementation of the TPL function on 2 parameters #496

Closed
wants to merge 14 commits into from
Closed

Trust-manager- implementation of the TPL function on 2 parameters #496

wants to merge 14 commits into from

Conversation

Asif-git03
Copy link

@Asif-git03 Asif-git03 commented Dec 2, 2024
edited
Loading

  • This pull request adds support for template configuration of app.webhook.tls.approverPolicy.certManagerNamespace and app.trust.namespace.
  • These values can now be dynamically set using Helm templating, with defaults to the release namespace if not specified.

@cert-manager-prow cert-manager-prow bot added dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Dec 2, 2024
@cert-manager-prow
Copy link
Contributor

Hi @Asif-git03. Thanks for your PR.

I'm waiting for a cert-manager member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@cert-manager-prow cert-manager-prow bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Dec 2, 2024
@Asif-git03 Asif-git03 force-pushed the feature/extend-dry-support-trust-manager-tpl branch from 98720ba to 87ef014 Compare December 3, 2024 06:42
@cert-manager-prow cert-manager-prow bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. and removed dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. labels Dec 3, 2024
@Asif-git03
Copy link
Author

Hi Team,

Request you to please review the PR, since the DCO signoff: yes

@Asif-git03
Copy link
Author

Hi Team,

Could you please check on this PR once

@Asif-git03
Copy link
Author

Hi Team,

Request you to please review the PR, since the DCO signoff: yes

@erikgb
Copy link
Contributor

erikgb commented Dec 10, 2024

@Asif-git03 trust-manager is a community project and maintainers/reviewers all have day-time jobs. So please don't expect reviews when you request it. And no point "spamming". 😓

I am personally not in favor of your proposed changes. What is the use case? And how is it related to DRY? It definitely increases complexity by adding a second layer of templating. Trying to understand what your goal is, but no luck so far.....

@Ceddaerrix
Copy link

Ceddaerrix commented Dec 18, 2024
edited
Loading

@Asif-git03 trust-manager is a community project and maintainers/reviewers all have day-time jobs. So please don't expect reviews when you request it. And no point "spamming". 😓

I am personally not in favor of your proposed changes. What is the use case? And how is it related to DRY? It definitely increases complexity by adding a second layer of templating. Trying to understand what your goal is, but no luck so far.....

Hello Erik (@erikgb),
I am Asif's team lead on this item. From what I see, the task of adding some DRY (Don't Repeat Yourself) support has been misunderstood.
He will rollback his changes and come back with a proper implementation...

Our intent is that, because we are using cert-manager and trust-manager into an umbrella chart, we want in our chart to default the app.trust.namespace and app.webhook.tls.approverPolicy.certManagerNamespace parameters to "{{ .Release.Namespace }}" so all the namespaces involved are in sync whatever the value of the --namespace option is. In order to do so, we need to introduce the tpl function where these 2 parameters are used in the templates.

@Asif-git03
Update _helpers.tpl
56424a7 
Reverting back changes

Signed-off-by: Asif-git03 <[email protected]>
@Asif-git03
Update values.yaml
754c72a 
Reverting back changes

Signed-off-by: Asif-git03 <[email protected]>
@cert-manager-prow cert-manager-prow bot added size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Dec 18, 2024
@Asif-git03
Copy link
Author

Hi Erik,

I have reverted the changes which were earlier done, and have made new changes which can avoid repetition of the same parameter multiple times

@erikgb
Copy link
Contributor

erikgb commented Dec 18, 2024

Ok, I understand the use case better now. Thanks for explaining @Ceddaerrix! I am personally not a big fan of the proposed changes, but we will discuss this in the maintainer team.

@Asif-git03 Can you please update the PR title and description, and revert irrelevant changes in the PR diff?

@Asif-git03
Copy link
Author

Asif-git03 commented Dec 18, 2024
edited
Loading

Sure Eric, how do you want it to be?(PR title and description) :)

@Asif-git03 Asif-git03 changed the title Extend DRY support into trust-manager official Helm chart Trust-manager implementation of the TPL function on parameters Dec 18, 2024
@Asif-git03 Asif-git03 changed the title Trust-manager implementation of the TPL function on parameters Trust-manager- implementation of the TPL function on 2 different parameters Dec 18, 2024
@Asif-git03 Asif-git03 changed the title Trust-manager- implementation of the TPL function on 2 different parameters Trust-manager- implementation of the TPL function on 2 parameters Dec 18, 2024
@cert-manager-prow cert-manager-prow bot added dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. and removed dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. labels Dec 18, 2024
@cert-manager-prow cert-manager-prow bot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Dec 18, 2024
Ceddaerrix
Ceddaerrix suggested changes Dec 18, 2024
View reviewed changes
deploy/charts/trust-manager/values.yaml Outdated Show resolved Hide resolved
deploy/charts/trust-manager/templates/webhook.yaml Outdated Show resolved Hide resolved
klone.yaml Outdated Show resolved Hide resolved
@cert-manager-prow cert-manager-prow bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Dec 18, 2024
@Asif-git03 Asif-git03 force-pushed the feature/extend-dry-support-trust-manager-tpl branch from affa4db to 754c72a Compare December 18, 2024 20:17
@cert-manager-prow cert-manager-prow bot added dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. and removed dco-signoff: no Indicates that at least one commit in this pull request is missing the DCO sign-off message. size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Dec 18, 2024
Khan and others added 2 commits December 19, 2024 01:50
Revert changes to values.yaml, webhook.yaml
498c552 
Signed-off-by: Khan <[email protected]>
@Asif-git03
Update _helpers.tpl
212552c 
Adding TPL function

Signed-off-by: Asif-git03 <[email protected]>
@cert-manager-prow
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign sgtcodfish for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Asif-git03
Update certificate.yaml
92bb005 
Adding TPL function

Signed-off-by: Asif-git03 <[email protected]>
@cert-manager-prow cert-manager-prow bot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. labels Dec 18, 2024
@Asif-git03
Update certificate.yaml
5b064f2 
Adding TPL function

Signed-off-by: Asif-git03 <[email protected]>
@Asif-git03
Update deployment.yaml
c0ede80 
Adding TPL function

Signed-off-by: Asif-git03 <[email protected]>
@Asif-git03
Update role.yaml
d1d7b4d 
Adding TPL function

Signed-off-by: Asif-git03 <[email protected]>
@Asif-git03
Update rolebinding.yaml
4472190 
Adding TPL function

Signed-off-by: Asif-git03 <[email protected]>
@Asif-git03
Update _helpers.tpl
e732f57 
Adding TPL function

Signed-off-by: Asif-git03 <[email protected]>
@CeddaerrixGE
Copy link

Ok, I understand the use case better now. Thanks for explaining @Ceddaerrix! I am personally not a big fan of the proposed changes, but we will discuss this in the maintainer team.

Hello Erik (@erikgb),

Any estimate on when we could have a final decision on the current matter?
Thank you

@erikgb
Copy link
Contributor

erikgb commented Jan 10, 2025

Hi @Ceddaerrix @Asif-git03, sorry for the delay on this. All projects under the cert-manager org are community projects, and we all have other daytime jobs. Att'ing people to get attention is not the way to make progress on issues and PRs. 😃 Instead you should join our daily stand-ups and/or bi-weekly meetings to discuss the matter: https://cert-manager.io/docs/contributing/.

We discussed this PR in today's stand-up and decided that we don't like the approach taken here. Adding template support for Helm values doesn't seem like a good idea. It adds even more complexity to charts and also another layer of templating which may open security holes.

AFAIK your use case is described by @Ceddaerrix in #496 (comment):

Our intent is that, because we are using cert-manager and trust-manager into an umbrella chart, we want in our chart to default the app.trust.namespace and app.webhook.tls.approverPolicy.certManagerNamespace parameters to "{{ .Release.Namespace }}" so all the namespaces involved are in sync whatever the value of the --namespace option is. In order to do so, we need to introduce the tpl function where these 2 parameters are used in the templates.

One way to solve this could be using Helm global values: https://helm.sh/docs/chart_template_guide/subcharts_and_globals/. We are more likely to accept PRs adding support for global values into our charts. As long as the change is non-breaking.

I am going to close this PR now, as it is not going to be merged with the proposed changeset.

/close

@cert-manager-prow
Copy link
Contributor

@erikgb: Closed this PR.

In response to this:

Hi @Ceddaerrix @Asif-git03, sorry for the delay on this. All projects under the cert-manager org are community projects, and we all have other daytime jobs. Att'ing people to get attention is not the way to make progress on issues and PRs. 😃 Instead you should join our daily stand-ups and/or bi-weekly meetings to discuss the matter: https://cert-manager.io/docs/contributing/.

We discussed this PR in today's stand-up and decided that we don't like the approach taken here. Adding template support for Helm values doesn't seem like a good idea. It adds even more complexity to charts and also another layer of templating which may open security holes.

AFAIK your use case is described by @Ceddaerrix in #496 (comment):

Our intent is that, because we are using cert-manager and trust-manager into an umbrella chart, we want in our chart to default the app.trust.namespace and app.webhook.tls.approverPolicy.certManagerNamespace parameters to "{{ .Release.Namespace }}" so all the namespaces involved are in sync whatever the value of the --namespace option is. In order to do so, we need to introduce the tpl function where these 2 parameters are used in the templates.

One way to solve this could be using Helm global values: https://helm.sh/docs/chart_template_guide/subcharts_and_globals/. We are more likely to accept PRs adding support for global values into our charts. As long as the change is non-breaking.

I am going to close this PR now, as it is not going to be merged with the proposed changeset.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@CeddaerrixGE
Copy link

Hi @Ceddaerrix @Asif-git03, sorry for the delay on this. All projects under the cert-manager org are community projects, and we all have other daytime jobs. Att'ing people to get attention is not the way to make progress on issues and PRs. 😃 Instead you should join our daily stand-ups and/or bi-weekly meetings to discuss the matter: https://cert-manager.io/docs/contributing/.

We discussed this PR in today's stand-up and decided that we don't like the approach taken here. Adding template support for Helm values doesn't seem like a good idea. It adds even more complexity to charts and also another layer of templating which may open security holes.

AFAIK your use case is described by @Ceddaerrix in #496 (comment):

Our intent is that, because we are using cert-manager and trust-manager into an umbrella chart, we want in our chart to default the app.trust.namespace and app.webhook.tls.approverPolicy.certManagerNamespace parameters to "{{ .Release.Namespace }}" so all the namespaces involved are in sync whatever the value of the --namespace option is. In order to do so, we need to introduce the tpl function where these 2 parameters are used in the templates.

One way to solve this could be using Helm global values: https://helm.sh/docs/chart_template_guide/subcharts_and_globals/. We are more likely to accept PRs adding support for global values into our charts. As long as the change is non-breaking.

I am going to close this PR now, as it is not going to be merged with the proposed changeset.

/close

Hello Erik (@erikgb),

Thank you for taking the time to reply.
Even though I do not that the use of tpl is a breaking change (as it allows to take the string value of another parameter), we will look into use of the Helm global values...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ceddaerrix Ceddaerrix Ceddaerrix requested changes

Assignees
No one assigned
Labels
dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Asif-git03 @erikgb @Ceddaerrix @CeddaerrixGE