Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create random hostname for GMSA #155

Merged
merged 1 commit into from
Oct 21, 2024
Merged

Create random hostname for GMSA #155

merged 1 commit into from
Oct 21, 2024

Conversation

zylxjtu
Copy link
Contributor

@zylxjtu zylxjtu commented Oct 10, 2024

This will only apply to gmsa pods which have the corresponding security context

Disabling/enabling of this can be controlled through ENV

@k8s-ci-robot k8s-ci-robot added the sig/windows Categorizes an issue or PR as relevant to SIG Windows. label Oct 10, 2024
@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Oct 10, 2024
@k8s-ci-robot
Copy link
Contributor

Welcome @zylxjtu!

It looks like this is your first PR to kubernetes-sigs/windows-gmsa 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/windows-gmsa has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the size/M Denotes a PR that changes 30-99 lines, ignoring generated files. label Oct 10, 2024
@avin3sh
Copy link

avin3sh commented Oct 11, 2024

(don't mind me, I just watch this repo out of curiosity)

Why this feature ? Isn't hostname supposed to be same as gMSA name ?

AbelHu
AbelHu reviewed Oct 12, 2024
View reviewed changes
charts/gmsa/values.yaml Outdated Show resolved Hide resolved
@jsturtevant
Copy link
Contributor

Why this feature ?

I believe this is an attempt to fix microsoft/Windows-Containers#405

Isn't hostname supposed to be same as gMSA name ?

I do not believe that is a requirement. With a standard k8s Deployment the pod name is randomized by kubernetes and the pod name is the Hostname by default so it already is different than the gmsa name in most deployments today.

jsturtevant
jsturtevant previously requested changes Oct 14, 2024
View reviewed changes
Copy link
Contributor

@jsturtevant jsturtevant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for working on this! It would also be valuable to add a couple test cases to the integration suite: https://github.com/kubernetes-sigs/windows-gmsa/blob/master/admission-webhook/integration_tests/integration_test.go

@k8s-ci-robot k8s-ci-robot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Oct 14, 2024
jsturtevant
jsturtevant reviewed Oct 17, 2024
View reviewed changes
admission-webhook/integration_tests/integration_test.go Outdated Show resolved Hide resolved
charts/gmsa/values.yaml Outdated Show resolved Hide resolved
admission-webhook/webhook_test.go Show resolved Hide resolved
admission-webhook/webhook.go Outdated Show resolved Hide resolved
admission-webhook/webhook.go Outdated Show resolved Hide resolved
admission-webhook/integration_tests/integration_test.go Outdated Show resolved Hide resolved
@zylxjtu zylxjtu requested a review from jsturtevant October 17, 2024 20:26
jsturtevant
jsturtevant reviewed Oct 18, 2024
View reviewed changes
Copy link
Contributor

@jsturtevant jsturtevant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm
/assign @marosset

admission-webhook/utils_test.go Outdated Show resolved Hide resolved
@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 18, 2024
@jsturtevant jsturtevant dismissed their stale review October 18, 2024 02:27

its all been fixed

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 18, 2024
@zylxjtu zylxjtu requested a review from jsturtevant October 18, 2024 04:02
jsturtevant
jsturtevant reviewed Oct 18, 2024
View reviewed changes
Copy link
Contributor

@jsturtevant jsturtevant left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 18, 2024
marosset
marosset reviewed Oct 18, 2024
View reviewed changes
admission-webhook/main.go Outdated
if boolValue, err := strconv.ParseBool(v); err == nil {
return boolValue
}
logrus.Warningf("unable to parse environment variable %s with value %s to bool, use default value false", key, v)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we add a test case for this?
Should we error here?

On one hand env_int just fails silently and on the other hand env will cause a panic.

I think that if the env var is set and we can't parse the value - we should consider throwing error'ing out because the intention was the enable new functionality (RANDOM_HOSTNAME in this case).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will add a test case. I would prefer that throw an error when parsing failure, will change accordingly for env_bool, but would like to keep env_int as it is, not part of this PR

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sounds good to me

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 18, 2024
@zylxjtu
Create random hostname for GMSA
d56c3d1 
This will only apply to gmsa pods which have the corresponding security context

Disabling/enabling of this can be controlled through ENV
@zylxjtu zylxjtu requested a review from jsturtevant October 18, 2024 23:01
@jsturtevant
Copy link
Contributor

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 21, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jsturtevant, zylxjtu

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Oct 21, 2024
@k8s-ci-robot k8s-ci-robot merged commit 4a5c843 into kubernetes-sigs:master Oct 21, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jayunit100 jayunit100 Awaiting requested review from jayunit100

@AbelHu AbelHu Awaiting requested review from AbelHu

@msft-linliu msft-linliu Awaiting requested review from msft-linliu

@marosset marosset Awaiting requested review from marosset

@jsturtevant jsturtevant Awaiting requested review from jsturtevant

Assignees

@jsturtevant jsturtevant

@marosset marosset

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. sig/windows Categorizes an issue or PR as relevant to SIG Windows. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@zylxjtu @k8s-ci-robot @avin3sh @jsturtevant @AbelHu @marosset @msft-linliu