Open shubham-pampattiwar opened 1 month ago
mpryc
commented
1 month ago Would it make sense to add the validation webhook in OADP rather than non admin part ? This could allow such webhook to reject NAB objects when NAB controller is not installed in the cluster (something @shawn-hurley requested in the past).
mateusoliveira43
commented
1 month ago Issue origin https://github.com/migtools/oadp-non-admin/pull/73#pullrequestreview-2322124621
We are still waiting to check how Velero handles this case to apply the same solution, right?
mpryc
commented
1 month ago My opinion is that we don't have to have the NonAdminBackup <-> Backup interaction to be exactly same as Velero Backup. The NonAdminBackup is user facing interface which we provide, so we should make it in a way it won't surprise users.
mateusoliveira43
commented
1 month ago Do not forget about sync controller when implementing this
Discussion https://redhat-internal.slack.com/archives/C064QSN2YR3/p1728312889734609
shubham-pampattiwar
commented
1 month ago Summarizing the slack discussion thread: In the scenario described in the issue if the actor/user is NAB sync controller then in that case we want the NAB create request to bypass the Validating Admission Webhook. So in order to that we need a way to identify wether the create NAB object request is from the user or the NAB sync controller. The proposed solution here is that we rely on 2 things:
Scenario:
Solution approach: