[jira] [Commented] (FLINK-36685) Enable update/create operation on flinkdeployment resource in mutation webhook

Mon, 11 Nov 2024 10:53:22 -0800 


    [ 
https://issues.apache.org/jira/browse/FLINK-36685?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17897251#comment-17897251
 ] 

Shuyi Chen commented on FLINK-36685:
------------------------------------

Thanks [~gyfora]. We used mutation webhook to inject secrets, e.g. datadog api 
keys, into the flinkdep CRD when flink pipeline is created and updated by the 
operator. From 
[https://github.com/apache/flink-kubernetes-operator/blob/main/helm/flink-kubernetes-operator/templates/webhook.yaml#L125-L141,]
 the /mutate endpoint is only granted permission CREATE on flinksessionjobs CRD 
only. We are using flinkdep CRD for production flink pipeline, so I need to add 
permissions of CREATE/UPDATE on flinkdep CRD on the /mutate endpoint. After 
updating the rules on the /mutate endpoint internally like below, I was able to 
to get it working. Would appreciate your comments and suggestions.

 
{code:java}
webhooks:
  - name: mutationwebhook.flink.apache.org
    admissionReviewVersions: ["v1"]
    clientConfig:
      service:
        name: flink-operator-webhook-service
        namespace: {{ .Release.Namespace }}
        path: /mutate
    failurePolicy: Fail
    rules:
      - apiGroups: ["flink.apache.org"]
        apiVersions: ["*"]
        scope: "Namespaced"
        operations:
          - CREATE           - UPDATE
        resources:
          - flinksessionjobs
          - flinkdeployments{code}

> Enable update/create operation on flinkdeployment resource in mutation webhook
> ------------------------------------------------------------------------------
>
>                 Key: FLINK-36685
>                 URL: https://issues.apache.org/jira/browse/FLINK-36685
>             Project: Flink
>          Issue Type: Improvement
>          Components: Kubernetes Operator
>    Affects Versions: kubernetes-operator-1.9.0
>            Reporter: Shuyi Chen
>            Priority: Minor
>
> In mutation webhook yaml of the helm chart, UPDATE/CREATE operation is not 
> allowed on 
> flinkdeployments. We use mutation webhook to inject platform secrets to the 
> flink pipeline CRD. Planned to add a PR to enable UPDATE/CREATE operation on 
> flinkdeployments resource. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to