Skip to content
This repository was archived by the owner on Apr 17, 2025. It is now read-only.

Commit 62115a0

Browse files
k8s-ci-robotk8s-ci-robot
authored
Merge pull request #1485 from yiqigao217/condition
Exclude namespaces before deploying HNC
2 parents a625303 + 60271a5 commit 62115a0

File tree

1 file changed

+20
-4
lines changed

1 file changed

+20
-4
lines changed

incubator/hnc/Makefile

Lines changed: 20 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -180,12 +180,23 @@ controller-gen:
180180

181181
# Deploy controller in the configured Kubernetes cluster in ~/.kube/config.
182182
#
183-
# We only delete and redeploy the deployment, and nothing else, because a)
184-
# deleting the CRDs will cause all the existing hierarchy configs to be wiped
185-
# away and b) if we don't delete the deployment, a new image won't be pulled
186-
# unless the tag changes.
183+
# We only delete the deployment and the validatingwebhookconfiguration if they
184+
# exist before applying the manifest, because
185+
# a) deleting the CRDs will cause all the existing CRs to be wiped away;
186+
# b) if not deleting the deployment, a new image won't be pulled unless the tag changes;
187+
# c) if not deleting the validatingwebhookconfiguration, we cannot label
188+
# namespaces to exclude them if the HNC pod is already in a bad state.
189+
#
190+
# Then we ensure the system namespaces are excluded before we deploy HNC. This
191+
# step is critical because if the HNC pod is ever in a bad state, the object
192+
# webhook service would not respond and would stop everything in the system
193+
# namespaces, such as "kube-system", thus breaking the whole cluster.
187194
deploy: docker-push kubectl manifests
188195
-kubectl -n hnc-system delete deployment hnc-controller-manager
196+
-kubectl delete validatingwebhookconfiguration hnc-validating-webhook-configuration
197+
-kubectl label ns kube-node-lease hnc.x-k8s.io/excluded-namespace=true --overwrite
198+
-kubectl label ns kube-public hnc.x-k8s.io/excluded-namespace=true --overwrite
199+
-kubectl label ns kube-system hnc.x-k8s.io/excluded-namespace=true --overwrite
189200
kubectl apply -f manifests/${HNC_IMG_NAME}.yaml
190201

191202
deploy-watch:
@@ -262,6 +273,11 @@ test-e2e-batch: exclude-system-namespaces
262273
go test -v -timeout 0 ./test/e2e/... ; \
263274
done
264275

276+
# exclude-system-namespaces is called before we run any e2e tests. We do ensure
277+
# the system namespaces are excluded in the "deploy" target. However, we need to
278+
# do it here too in case users install HNC by applying manifests. Ensuring the
279+
# system namespaces excluded is critical, because otherwise when HNC pod is in a
280+
# bad state, the whole cluster will break.
265281
exclude-system-namespaces:
266282
@echo
267283
@echo "Ensuring all system namespaces are excluded from HNC..."

0 commit comments

Comments
 (0)