From 83bb4b3c43615a67bec9e1bd12fac587bd379171 Mon Sep 17 00:00:00 2001 From: Cyclinder Kuo Date: Thu, 19 Dec 2024 14:57:20 +0800 Subject: [PATCH] Fix podwebhook would be revert when helm upgrade Using helm templates to rendering podwebhook config rather than controller genarated, which can advoid the webhook cert would be revert when helm upgrade, it can leads to pod fail to start. Signed-off-by: Cyclinder Kuo --- charts/spiderpool/templates/tls.yaml | 42 ++++ cmd/spiderpool-controller/cmd/daemon.go | 13 +- pkg/podmanager/pod_webhook.go | 18 +- pkg/podmanager/utils.go | 139 ------------- pkg/podmanager/utils_test.go | 256 ------------------------ test/Makefile | 4 +- 6 files changed, 47 insertions(+), 425 deletions(-) diff --git a/charts/spiderpool/templates/tls.yaml b/charts/spiderpool/templates/tls.yaml index 940d4274bd..3254858159 100644 --- a/charts/spiderpool/templates/tls.yaml +++ b/charts/spiderpool/templates/tls.yaml @@ -144,6 +144,48 @@ webhooks: - spidercoordinators sideEffects: None {{- end }} +{{- if .Values.spiderpoolController.podResourceInject.enabled }} +- admissionReviewVersions: + - v1 + clientConfig: + service: + name: {{ .Values.spiderpoolController.name | trunc 63 | trimSuffix "-" }} + namespace: {{ .Release.Namespace }} + path: /mutate--v1-pod + port: {{ .Values.spiderpoolController.webhookPort }} + {{- if (eq .Values.spiderpoolController.tls.method "provided") }} + caBundle: {{ .Values.spiderpoolController.tls.provided.tlsCa | required "missing spiderpoolController.tls.provided.tlsCa" }} + {{- else if (eq .Values.spiderpoolController.tls.method "auto") }} + caBundle: {{ .ca.Cert | b64enc }} + {{- end }} + failurePolicy: Fail + name: pods.spiderpool.spidernet.io + {{- if or .Values.spiderpoolController.podResourceInject.namespacesExclude .Values.spiderpoolController.podResourceInject.namespacesInclude }} + namespaceSelector: + matchExpressions: + {{- if .Values.spiderpoolController.podResourceInject.namespacesExclude }} + - key: kubernetes.io/metadata.name + operator: NotIn + values: {{ toYaml .Values.spiderpoolController.podResourceInject.namespacesExclude | nindent 8 }} + {{- end }} + {{- if .Values.spiderpoolController.podResourceInject.namespacesInclude }} + - key: kubernetes.io/metadata.name + operator: In + values: {{ toYaml .Values.spiderpoolController.podResourceInject.namespacesInclude | nindent 8 }} + {{- end }} + {{- end }} + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods + sideEffects: None +{{- end }} --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration diff --git a/cmd/spiderpool-controller/cmd/daemon.go b/cmd/spiderpool-controller/cmd/daemon.go index e534dbf06f..20db104d63 100644 --- a/cmd/spiderpool-controller/cmd/daemon.go +++ b/cmd/spiderpool-controller/cmd/daemon.go @@ -266,19 +266,12 @@ func initControllerServiceManagers(ctx context.Context) { controllerContext.PodManager = podManager if controllerContext.Cfg.PodResourceInjectConfig.Enabled { - logger.Debug("Begin to init Pod MutatingWebhook") - if err := podmanager.InitPodWebhook(controllerContext.ClientSet.AdmissionregistrationV1(), - controllerContext.CRDManager, controllerContext.Cfg.ControllerDeploymentName, - controllerContext.Cfg.PodResourceInjectConfig.NamespacesExclude, - controllerContext.Cfg.PodResourceInjectConfig.NamespacesInclude); err != nil { + logger.Info("Begin to init Pod MutatingWebhook") + if err := podmanager.InitPodWebhook(controllerContext.CRDManager); err != nil { logger.Fatal(err.Error()) } } else { - logger.Debug("InjectPodNetworkResource is disabled, try to remove the pod part in the MutatingWebhook") - if err := podmanager.RemovePodMutatingWebhook(controllerContext.ClientSet.AdmissionregistrationV1(), - controllerContext.Cfg.ControllerDeploymentName); err != nil { - logger.Error(err.Error()) - } + logger.Info("Pod MutatingWebhook is disabled") } logger.Info("Begin to initialize StatefulSet manager") diff --git a/pkg/podmanager/pod_webhook.go b/pkg/podmanager/pod_webhook.go index 1a1221e51d..2cc086a8f2 100644 --- a/pkg/podmanager/pod_webhook.go +++ b/pkg/podmanager/pod_webhook.go @@ -12,7 +12,6 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - admissionregistrationv1 "k8s.io/client-go/kubernetes/typed/admissionregistration/v1" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" ) @@ -38,17 +37,10 @@ type podWebhook struct { // InitPodWebhook initializes the pod webhook. // It sets up the mutating webhook for pods and registers it with the manager. // Parameters: -// - client: The Kubernetes client // - mgr: The controller manager -// - mutatingWebhookName: The name of the mutating webhook // // Returns an error if initialization fails. -func InitPodWebhook( - admissionClient admissionregistrationv1.AdmissionregistrationV1Interface, - mgr ctrl.Manager, - mutatingWebhookName string, - webhookNamespaceExclude []string, - webhookNamespaceInclude []string) error { +func InitPodWebhook(mgr ctrl.Manager) error { spiderClient, err := crdclientset.NewForConfig(ctrl.GetConfigOrDie()) if err != nil { return err @@ -58,14 +50,6 @@ func InitPodWebhook( spiderClient: spiderClient, } - if len(webhookNamespaceExclude) != 0 { - PodWebhookExcludeNamespaces = webhookNamespaceExclude - } - - if err = AddPodMutatingWebhook(admissionClient, mutatingWebhookName, webhookNamespaceInclude); err != nil { - return err - } - // setup mutating webhook for pods if err = ctrl.NewWebhookManagedBy(mgr). For(&corev1.Pod{}). diff --git a/pkg/podmanager/utils.go b/pkg/podmanager/utils.go index 015ef20927..bffba0588e 100644 --- a/pkg/podmanager/utils.go +++ b/pkg/podmanager/utils.go @@ -8,14 +8,10 @@ import ( "fmt" crdclientset "github.com/spidernet-io/spiderpool/pkg/k8s/client/clientset/versioned" - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" k8s_resource "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - admissionClientv1 "k8s.io/client-go/kubernetes/typed/admissionregistration/v1" - "k8s.io/client-go/util/retry" - "k8s.io/utils/ptr" kubevirtv1 "kubevirt.io/api/core/v1" "github.com/spidernet-io/spiderpool/pkg/constant" @@ -191,141 +187,6 @@ func InjectRdmaResourceToPod(resourceMap map[string]bool, pod *corev1.Pod) { } } -// InitPodMutatingWebhook initializes a mutating webhook for pods based on a template webhook. -// It sets up the webhook configuration including name, admission review versions, failure policy, -// object selector, client config, and rules for pod creation and update operations. -// -// Parameters: -// - from: An admissionregistrationv1.MutatingWebhook object to use as a template -// -// Returns: -// - A new admissionregistrationv1.MutatingWebhook object configured for pod mutation -func InitPodMutatingWebhook(from admissionregistrationv1.MutatingWebhook, webhookNamespaceInclude []string) admissionregistrationv1.MutatingWebhook { - wb := admissionregistrationv1.MutatingWebhook{ - Name: constant.PodMutatingWebhookName, - AdmissionReviewVersions: from.AdmissionReviewVersions, - FailurePolicy: ptr.To(admissionregistrationv1.Fail), - NamespaceSelector: &metav1.LabelSelector{}, - ClientConfig: admissionregistrationv1.WebhookClientConfig{ - CABundle: from.ClientConfig.CABundle, - }, - Rules: []admissionregistrationv1.RuleWithOperations{ - { - Operations: []admissionregistrationv1.OperationType{ - admissionregistrationv1.Create, - admissionregistrationv1.Update, - }, - Rule: admissionregistrationv1.Rule{ - APIGroups: []string{""}, - APIVersions: []string{"v1"}, - Resources: []string{"pods"}, - }, - }, - }, - SideEffects: ptr.To(admissionregistrationv1.SideEffectClassNone), - } - - if from.ClientConfig.Service != nil { - wb.ClientConfig.Service = &admissionregistrationv1.ServiceReference{ - Name: from.ClientConfig.Service.Name, - Namespace: from.ClientConfig.Service.Namespace, - Port: from.ClientConfig.Service.Port, - // format: /mutate--- - Path: ptr.To("/mutate--v1-pod"), - } - } - - if len(PodWebhookExcludeNamespaces) != 0 { - wb.NamespaceSelector.MatchExpressions = []metav1.LabelSelectorRequirement{ - { - Key: corev1.LabelMetadataName, - Operator: metav1.LabelSelectorOpNotIn, - Values: PodWebhookExcludeNamespaces, - }, - } - } - - if len(webhookNamespaceInclude) != 0 { - wb.NamespaceSelector.MatchExpressions = append(wb.NamespaceSelector.MatchExpressions, metav1.LabelSelectorRequirement{ - Key: corev1.LabelMetadataName, - Operator: metav1.LabelSelectorOpIn, - Values: webhookNamespaceInclude, - }) - } - return wb -} - -// addPodMutatingWebhook updates the MutatingWebhookConfiguration for pods. -// It retrieves the existing configuration, adds a new webhook for pods, -// and updates the configuration in the Kubernetes API server. -func AddPodMutatingWebhook(admissionClient admissionClientv1.AdmissionregistrationV1Interface, mutatingWebhookName string, webhookNamespaceInclude []string) error { - retryErr := retry.RetryOnConflict(retry.DefaultRetry, func() error { - mwc, err := admissionClient.MutatingWebhookConfigurations().Get(context.TODO(), mutatingWebhookName, metav1.GetOptions{}) - if err != nil { - return fmt.Errorf("failed to get MutatingWebhookConfiguration: %v", err) - } - - if len(mwc.Webhooks) == 0 { - return fmt.Errorf("no any mutating webhook found in MutatingWebhookConfiguration %s", mutatingWebhookName) - } - - var newWebhooks []admissionregistrationv1.MutatingWebhook - for _, wb := range mwc.Webhooks { - // if the webhook already exists, do nothing - if wb.Name == constant.PodMutatingWebhookName { - continue - } - newWebhooks = append(newWebhooks, wb) - } - - podWebhook := InitPodMutatingWebhook(*mwc.Webhooks[0].DeepCopy(), webhookNamespaceInclude) - newWebhooks = append(newWebhooks, podWebhook) - mwc.Webhooks = newWebhooks - - _, updateErr := admissionClient.MutatingWebhookConfigurations().Update(context.TODO(), mwc, metav1.UpdateOptions{}) - return updateErr - }) - if retryErr != nil { - return fmt.Errorf("update MutatingWebhookConfiguration %s failed: %v", mutatingWebhookName, retryErr) - } - - return nil -} - -// RemovePodMutatingWebhook removes the mutating webhook for pods. -// It retrieves the existing configuration, removes the webhook for pods, -// and updates the configuration in the Kubernetes API server. -func RemovePodMutatingWebhook(admissionClient admissionClientv1.AdmissionregistrationV1Interface, mutatingWebhookName string) error { - retryErr := retry.RetryOnConflict(retry.DefaultRetry, func() error { - mwc, err := admissionClient.MutatingWebhookConfigurations().Get(context.TODO(), mutatingWebhookName, metav1.GetOptions{}) - if err != nil { - return err - } - - var newWebhooks []admissionregistrationv1.MutatingWebhook - for _, wb := range mwc.Webhooks { - if wb.Name != constant.PodMutatingWebhookName { - newWebhooks = append(newWebhooks, wb) - } - } - - if len(newWebhooks) == len(mwc.Webhooks) { - return nil - } - - mwc.Webhooks = newWebhooks - _, err = admissionClient.MutatingWebhookConfigurations().Update(context.TODO(), mwc, metav1.UpdateOptions{}) - if err != nil { - return err - } - return nil - }) - if retryErr != nil { - return fmt.Errorf("removes the mutating webhook for pods: %v", retryErr) - } - return nil -} - func doValidateRdmaResouceAndIPPools(mc v2beta1.SpiderMultusConfig) error { doValidateIPPools := func(name, namespace string, ippools *v2beta1.SpiderpoolPools) error { if ippools == nil { diff --git a/pkg/podmanager/utils_test.go b/pkg/podmanager/utils_test.go index 988d23c403..3db0d454ca 100644 --- a/pkg/podmanager/utils_test.go +++ b/pkg/podmanager/utils_test.go @@ -4,17 +4,13 @@ package podmanager_test import ( - "context" - . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" "github.com/spidernet-io/spiderpool/pkg/constant" "github.com/spidernet-io/spiderpool/pkg/k8s/apis/spiderpool.spidernet.io/v2beta1" - admissionregistrationv1 "k8s.io/api/admissionregistration/v1" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/api/resource" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/client-go/kubernetes/fake" "k8s.io/utils/ptr" "github.com/spidernet-io/spiderpool/pkg/podmanager" @@ -332,256 +328,4 @@ var _ = Describe("PodManager utils", Label("pod_manager_utils_test"), func() { Expect(err.Error()).To(ContainSubstring("cniType ipvlan is not consistent with macvlan")) }) }) - - Describe("Utils", func() { - Context("initPodMutatingWebhook", func() { - It("should properly initialize pod mutating webhook with full configuration", func() { - // Prepare test data - testCABundle := []byte("test-ca-bundle") - fromWebhook := admissionregistrationv1.MutatingWebhook{ - AdmissionReviewVersions: []string{"v1", "v1beta1"}, - ClientConfig: admissionregistrationv1.WebhookClientConfig{ - CABundle: testCABundle, - Service: &admissionregistrationv1.ServiceReference{ - Name: "test-service", - Namespace: "test-namespace", - Port: ptr.To(int32(443)), - }, - }, - } - - // Call the function under test - podWebhookNamespaceInclude := []string{ - "test", - } - result := podmanager.InitPodMutatingWebhook(fromWebhook, podWebhookNamespaceInclude) - - // Verify results - Expect(result.Name).To(Equal(constant.PodMutatingWebhookName)) - Expect(result.AdmissionReviewVersions).To(Equal(fromWebhook.AdmissionReviewVersions)) - Expect(*result.FailurePolicy).To(Equal(admissionregistrationv1.Fail)) - - // Verify NamespaceSelector - Expect(result.NamespaceSelector).NotTo(BeNil()) - Expect(result.NamespaceSelector.MatchExpressions).To(HaveLen(2)) - Expect(result.NamespaceSelector.MatchExpressions[0].Key).To(Equal(corev1.LabelMetadataName)) - Expect(result.NamespaceSelector.MatchExpressions[0].Operator).To(Equal(metav1.LabelSelectorOpNotIn)) - Expect(result.NamespaceSelector.MatchExpressions[1].Key).To(Equal(corev1.LabelMetadataName)) - Expect(result.NamespaceSelector.MatchExpressions[1].Operator).To(Equal(metav1.LabelSelectorOpIn)) - - // Verify ClientConfig - Expect(result.ClientConfig.CABundle).To(Equal(testCABundle)) - Expect(result.ClientConfig.Service).NotTo(BeNil()) - Expect(result.ClientConfig.Service.Name).To(Equal("test-service")) - Expect(result.ClientConfig.Service.Namespace).To(Equal("test-namespace")) - Expect(*result.ClientConfig.Service.Port).To(Equal(int32(443))) - Expect(*result.ClientConfig.Service.Path).To(Equal("/mutate--v1-pod")) - - // Verify Rules - Expect(result.Rules).To(HaveLen(1)) - Expect(result.Rules[0].Operations).To(ConsistOf( - admissionregistrationv1.Create, - admissionregistrationv1.Update, - )) - Expect(result.Rules[0].Rule.APIGroups).To(Equal([]string{""})) - Expect(result.Rules[0].Rule.APIVersions).To(Equal([]string{"v1"})) - Expect(result.Rules[0].Rule.Resources).To(Equal([]string{"pods"})) - - // Verify SideEffects - Expect(*result.SideEffects).To(Equal(admissionregistrationv1.SideEffectClassNone)) - }) - - It("should properly initialize webhook without Service configuration", func() { - // Prepare test data - fromWebhook := admissionregistrationv1.MutatingWebhook{ - AdmissionReviewVersions: []string{"v1"}, - ClientConfig: admissionregistrationv1.WebhookClientConfig{ - CABundle: []byte("test-ca-bundle"), - }, - } - - // Call the function under test - result := podmanager.InitPodMutatingWebhook(fromWebhook, []string{}) - - // Verify results - Expect(result.ClientConfig.Service).To(BeNil()) - Expect(result.Name).To(Equal(constant.PodMutatingWebhookName)) - }) - }) - }) - - Describe("AddPodMutatingWebhook", func() { - var ( - fakeClient *fake.Clientset - webhookName string - existingConfig *admissionregistrationv1.MutatingWebhookConfiguration - podWebhookNamespaceInclude []string - ) - - BeforeEach(func() { - // Initialize test variables - fakeClient = fake.NewSimpleClientset() - webhookName = "test-webhook-config" - podWebhookNamespaceInclude = []string{ - "test", - } - - // Create a basic webhook configuration - existingConfig = &admissionregistrationv1.MutatingWebhookConfiguration{ - ObjectMeta: metav1.ObjectMeta{ - Name: webhookName, - }, - Webhooks: []admissionregistrationv1.MutatingWebhook{ - { - Name: "existing-webhook", - ClientConfig: admissionregistrationv1.WebhookClientConfig{ - CABundle: []byte("test-ca-bundle"), - Service: &admissionregistrationv1.ServiceReference{ - Name: "webhook-service", - Namespace: "default", - Port: ptr.To(int32(443)), - }, - }, - AdmissionReviewVersions: []string{"v1"}, - }, - }, - } - }) - - Context("when adding pod mutating webhook", func() { - It("should successfully add webhook when it doesn't exist", func() { - // Create initial webhook configuration - _, err := fakeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Create( - context.TODO(), existingConfig, metav1.CreateOptions{}) - Expect(err).NotTo(HaveOccurred()) - - // Call the function under test - err = podmanager.AddPodMutatingWebhook(fakeClient.AdmissionregistrationV1(), webhookName, podWebhookNamespaceInclude) - Expect(err).NotTo(HaveOccurred()) - - // // Verify the webhook was added - updatedConfig, err := fakeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Get( - context.TODO(), webhookName, metav1.GetOptions{}) - Expect(err).NotTo(HaveOccurred()) - Expect(updatedConfig.Webhooks).To(HaveLen(2)) - Expect(updatedConfig.Webhooks[1].Name).To(Equal(constant.PodMutatingWebhookName)) - }) - - It("should not add webhook when it already exists", func() { - // Add pod webhook to initial configuration - podWebhook := podmanager.InitPodMutatingWebhook(existingConfig.Webhooks[0], podWebhookNamespaceInclude) - existingConfig.Webhooks = append(existingConfig.Webhooks, podWebhook) - - // Create webhook configuration with pod webhook - _, err := fakeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Create( - context.TODO(), existingConfig, metav1.CreateOptions{}) - Expect(err).NotTo(HaveOccurred()) - - // Call the function under test - err = podmanager.AddPodMutatingWebhook(fakeClient.AdmissionregistrationV1(), webhookName, podWebhookNamespaceInclude) - Expect(err).NotTo(HaveOccurred()) - - // // Verify no additional webhook was added - updatedConfig, err := fakeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Get( - context.TODO(), webhookName, metav1.GetOptions{}) - Expect(err).NotTo(HaveOccurred()) - Expect(updatedConfig.Webhooks).To(HaveLen(2)) - }) - - It("should return error when webhook configuration doesn't exist", func() { - // Call the function under test without creating webhook configuration - err := podmanager.AddPodMutatingWebhook(fakeClient.AdmissionregistrationV1(), webhookName, podWebhookNamespaceInclude) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("failed to get MutatingWebhookConfiguration")) - }) - - It("should return error when webhook configuration is empty", func() { - // Create empty webhook configuration - emptyConfig := &admissionregistrationv1.MutatingWebhookConfiguration{ - ObjectMeta: metav1.ObjectMeta{ - Name: webhookName, - }, - } - _, err := fakeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Create( - context.TODO(), emptyConfig, metav1.CreateOptions{}) - Expect(err).NotTo(HaveOccurred()) - - // Call the function under test - err = podmanager.AddPodMutatingWebhook(fakeClient.AdmissionregistrationV1(), webhookName, podWebhookNamespaceInclude) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("no any mutating webhook found")) - }) - }) - }) - - var _ = Describe("RemovePodMutatingWebhook", func() { - var ( - // Mock admission client - fakeClient *fake.Clientset - // Test webhook name - webhookName string - ) - - BeforeEach(func() { - // Initialize test variables - // Initialize test variables - fakeClient = fake.NewSimpleClientset() - webhookName = "test-webhook-config" - }) - - Context("when removing pod mutating webhook", func() { - It("should successfully remove the webhook if it exists", func() { - // Prepare existing webhook configuration - existingWebhooks := []admissionregistrationv1.MutatingWebhook{ - {Name: constant.PodMutatingWebhookName}, - {Name: "other-webhook"}, - } - - mwc := &admissionregistrationv1.MutatingWebhookConfiguration{ - ObjectMeta: metav1.ObjectMeta{ - Name: webhookName, - }, - Webhooks: existingWebhooks, - } - - // Setup mock behavior - _, err := fakeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Create( - context.TODO(), mwc, metav1.CreateOptions{}) - Expect(err).NotTo(HaveOccurred()) - - // Execute test - err = podmanager.RemovePodMutatingWebhook(fakeClient.AdmissionregistrationV1(), webhookName) - Expect(err).NotTo(HaveOccurred()) - }) - - It("should return nil if webhook doesn't exist", func() { - // Prepare existing webhook configuration - existingWebhooks := []admissionregistrationv1.MutatingWebhook{ - {Name: "other-webhook"}, - } - - mwc := &admissionregistrationv1.MutatingWebhookConfiguration{ - ObjectMeta: metav1.ObjectMeta{ - Name: webhookName, - }, - Webhooks: existingWebhooks, - } - - // Setup mock behavior - _, err := fakeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Create( - context.TODO(), mwc, metav1.CreateOptions{}) - Expect(err).NotTo(HaveOccurred()) - - // Execute test - err = podmanager.RemovePodMutatingWebhook(fakeClient.AdmissionregistrationV1(), webhookName) - Expect(err).NotTo(HaveOccurred()) - }) - - It("should return error when getting webhook configuration fails", func() { - err := podmanager.RemovePodMutatingWebhook(fakeClient.AdmissionregistrationV1(), webhookName) - Expect(err).To(HaveOccurred()) - Expect(err.Error()).To(ContainSubstring("not found")) - }) - }) - }) }) diff --git a/test/Makefile b/test/Makefile index be4368acc1..834df76102 100644 --- a/test/Makefile +++ b/test/Makefile @@ -228,11 +228,9 @@ setup_kurise: kind load docker-image $${IMAGE} --name $(E2E_CLUSTER_NAME); \ done; \ HELM_OPTION=" --wait --timeout 20m --debug --set manager.image.repository=$(E2E_OPENKRUISE_IMAGE) " ; \ - # openkruise failed to run with 1.7.3, see - # https://github.com/spidernet-io/spiderpool/issues/4396 HELM_OPTION+=" --version $(E2E_OPENKRUISE_VERSION) " ; \ helm upgrade --install kruise openkruise/kruise $${HELM_OPTION} \ - --kubeconfig $(E2E_KUBECONFIG) || { KIND_CLUSTER_NAME=$(E2E_CLUSTER_NAME) ./scripts/debugEnv.sh $(E2E_KUBECONFIG) "detail" "$(E2E_LOG_FILE)" ; exit 1 ; } ; \ + --kubeconfig $(E2E_KUBECONFIG) || { KIND_CLUSTER_NAME=$(E2E_CLUSTER_NAME) ./scripts/debugEnv.sh $(E2E_KUBECONFIG) "detail" "$(E2E_LOG_FILE)" ; exit 1 ; } ; \ .PHONY: setup_spiderpool setup_spiderpool: