Add DaemonSet and ClusterRole resources #229
Conversation
There was a problem hiding this comment.
Hi! This is really cool stuff!
Thank you for taking the time to put these two resources together.
I've looked over and there are a few comments here and there, mostly about aligning the codebase to a few standard practices we're trying to stick to.
Please have a look over my comments and in the mean time I will review the DaemonSet part of this PR.
Thanks again for all the hard work!
| } | ||
| log.Printf("[INFO] Reading cluster role %s", name) | ||
| cRole, err := conn.RbacV1().ClusterRoles().Get(name, metav1.GetOptions{}) | ||
| if err != nil { |
There was a problem hiding this comment.
Here, we need more elaborate handling of err.
In particular, in case the error is of a NotFound kind, the ID of the resource should be set to d.SetId("") and no error should be returned. This instructs Terraform to remove the resource from the state.
You can check the type of error returned in err by using these client-go helper functions: https://godoc.org/k8s.io/apimachinery/pkg/api/errors
| } | ||
|
|
||
| log.Printf("[INFO] Updating cluster role %q: %v", name, cRole) | ||
| out, err := conn.RbacV1().ClusterRoles().Update(&cRole) |
There was a problem hiding this comment.
The .Update() method of client-go resources is actually not doing an in-place update, but rather a replace type of operation, meaning it replaces the entire API object with the new one passed in.
This does not map well to Terraform's expectations of an Update action, which should be an in-place modification of the existing resource.
Whenever this is not technically possible or not desired, the proper way to implement this in Terraform is to let it do a Delete/Create sequence. This is done by tagging attributes that cannot be updated with ForceNew: true.
If you do indeed want to implement the Update function, the changes to the resource should be done via .Patch() method of client-go. This takes in a list of JSONPatch style operations and this list is what the Terraform Update function should construct before calling .Patch()
|
|
||
| log.Printf("[INFO] cluster role %s deleted", name) | ||
|
|
||
| d.SetId("") |
There was a problem hiding this comment.
Setting ID to "" is not actually needed in Delete functions. Terraform will do that automatically.
| log.Printf("[INFO] Checking cluster role %s", name) | ||
| _, err = conn.RbacV1().ClusterRoles().Get(name, metav1.GetOptions{}) | ||
| if err != nil { | ||
| if statusErr, ok := err.(*errors.StatusError); ok && statusErr.ErrStatus.Code == 404 { |
There was a problem hiding this comment.
Can you please make use of the client-go error helpers I mentioned earlier, instead of the direct comparisons in this line?
| resources = ["pods", "pods/log"] | ||
| verbs = ["get", "list"] | ||
| } | ||
| }`, name) |
There was a problem hiding this comment.
Please make sure all these inline HCL blocks are terraform fmt formatted and the last closing bracket of the resource is always followed by a new line character.
This is needed to we can eventually make use of a new linter / formatter in CI: https://github.com/katbyte/terrafmt
| Optional: true, | ||
| ForceNew: true, | ||
| MaxItems: 1, | ||
| Elem: &schema.Resource{ |
There was a problem hiding this comment.
Can you please reuse the labelSelectorFields function for populating this Schema section?
You can find it in kubernetes/schema_label_selector.go
| Description: "An object that describes the pod that will be created. The DaemonSet will create exactly one copy of this pod on every node that matches the template's node selector (or on every node if no node selector is specified). More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template", | ||
| Required: true, | ||
| MaxItems: 1, | ||
| Elem: &schema.Resource{ |
There was a problem hiding this comment.
Same here, please reuse the podTemplateFields() function to populate this schema section.
The function is in kubernetes/schema_pod_template.go
|
Thanks for the review! All current comments addressed with a new commit. PTAL when you can. |
chris-codaio
force-pushed
the
add-daemonset-and-clusterrole
branch
from
40739ff
to
93be6bc
Compare
|
@alexsomesan mind taking another look at this when you have a chance? I've addressed all of your comments. |
|
@chrisleck I'll try to review as soon as I get a chance. |
|
@alexsomesan - pinging to make sure this is still on your radar to review. Don't want to be pushy, but I do have a project blocked on this :) |
|
Just to add my $0.02, I'm not exactly blocked by this but I think I have a bug to report but as I'm currently provisioning the ClusterRole in an unconventional way I wanted to test with this first. |
|
@chrisleck I haven't forgotten you! I'll get to this PR shortly. I'm at KubeCon this week so operating at low capacity here. |
|
@alexsomesan - thanks for the update and enjoy the conference! |
|
I don't have enough context to know whether this matters for this PR, but I went and used the functionality added here and found two missing bits of API. |
|
|
|
:) sure can haz!
Apologies, I’ve been caught in provider migrations to TF 0.12.
I will look at your changes first thing tomorrow morning (UTC+1).
…On Thu 10. Jan 2019 at 01:09, Christopher Eck ***@***.***> wrote:
<https://camo.githubusercontent.com/0ace7e8ff88fa7213d20d7c8726b7cc3c4d08c09/68747470733a2f2f692e63687a6267722e636f6d2f66756c6c2f373731303438353234382f684331393645323042>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#229 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/ABC-m-a3_7Ew7dkO_WU7LYLmBsUC86U8ks5vBoS7gaJpZM4Y2NWx>
.
|
|
@chrisleck, |
|
@chrisleck I'm running into a few small issues trying to test this. diff --git a/kubernetes/structures_daemonset.go b/kubernetes/structures_daemonset.go
index c553bf0..dfcae87 100644
--- a/kubernetes/structures_daemonset.go
+++ b/kubernetes/structures_daemonset.go
@@ -77,7 +77,7 @@ func expandDaemonSetSpec(daemonset []interface{}) (appsv1.DaemonSetSpec, error)
if err != nil {
return obj, err
}
- obj.Template = template
+ obj.Template = *template
return obj, nil
}After that, I'm seeing this test failure: |
|
Hmm - not seeing that. I'll try re-syncing to head and make sure we're clean. |
chris-codaio
force-pushed
the
add-daemonset-and-clusterrole
branch
from
93be6bc
to
5047a18
Compare
|
Ah - turns out I had pushed an older branch :( |
|
Updated with a fresh sync to master and validated tests are running. PTAL :) |
|
This is great @chrisleck. With these landing, I believe we'll reach a tipping point where we can start to consider terraform a strong contender for managing core cluster state on k8s. |
| }, | ||
| "template": { | ||
| Type: schema.TypeList, | ||
| Description: "An object that describes the pod that will be created. The DaemonSet will create exactly one copy of this pod on every node that matches the template's node selector (or on every node if no node selector is specified). More info: https://kubernetes.io/docs/concepts/workloads/controllers/replicationcontroller#pod-template", |
There was a problem hiding this comment.
This description should probably link to the DaemonSet specific
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/#pod-template documentation or to the more general pod documentation https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/#pod-templates
|
Would be good to get this merged if all issues have been addressed. |
|
Hi! Really looking forward to getting this merged since I'm just setting up a new cluster the terraform way. ❤️ How soon can I expect this to be released? I'm deciding if I want to wait or develop a workaround in the meantime. Thanks! |
|
Awesome that this got merged! Is there already a release planned with these new features? |
|
@alexsomesan, may we please know roughly when the upcoming release with this merged content is going to happen? |
|
I was hoping to get more of the pending changes in before a release. But I can also do a release on Monday since this is something a lot of people are waiting for. |
That would be greatly appreciated @alexsomesan! |
|
Ok, will do :) |
Thanks, can't wait! @alexsomesan |
|
@alexsomesan I've already tested it. It works great. Thanks! |
ghost
locked and limited conversation to collaborators
Brings in a couple of resources from #100
@terraform-providers/ecosystem