Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

⚠️ Remove security group rules from status #1957

Merged
merged 1 commit into from
Mar 20, 2024

Conversation

mdbooth
Copy link
Contributor

@mdbooth mdbooth commented Mar 19, 2024

We were writing the full set of generated security rules to the status. They dominated the size of cluster object and we weren't reading them: we always fetch the current rules from OpenStack during reconciliation.

This also tweaks the rule generation code slightly, which was previously reading security group rules multiple times during a reconciliation. We now do this first and pass the result around.

Fixes: #1956

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Mar 19, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: mdbooth

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 19, 2024
@k8s-ci-robot k8s-ci-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Mar 19, 2024
Copy link

netlify bot commented Mar 19, 2024

Deploy Preview for kubernetes-sigs-cluster-api-openstack ready!

Name Link
🔨 Latest commit c4e5c2a
🔍 Latest deploy log https://app.netlify.com/sites/kubernetes-sigs-cluster-api-openstack/deploys/65f9bd5f12e23900085875bb
😎 Deploy Preview https://deploy-preview-1957--kubernetes-sigs-cluster-api-openstack.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@jichenjc
Copy link
Contributor

/test pull-cluster-api-provider-openstack-e2e-test

@huxcrux
Copy link
Contributor

huxcrux commented Mar 19, 2024

This looks good, skipping /lgtm to allow the full e2e test to run.

@mdbooth
Copy link
Contributor Author

mdbooth commented Mar 19, 2024

This should have had

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 19, 2024
@mdbooth
Copy link
Contributor Author

mdbooth commented Mar 19, 2024

This is a bug in this patch:

  failureMessage: 'failed to reconcile security groups: unable to generate desired
    security group rules: security group k8s-cluster-e2e-bql68j-cluster-e2e-bql68j-secgroup-bastion
    not found'

@mdbooth
Copy link
Contributor Author

mdbooth commented Mar 19, 2024

D'oh! That's so dumb: when I was moving the code which generates observedSecGroups I didn't actually add the created groups to the map 🤦

We have test coverage of the various methods called by ReconcileSecurityGroups, but none of ReconcileSecurityGroups itself, so the local tests missed this. I'll see if I can add something which would have caught this.

@mdbooth mdbooth force-pushed the securitygrouprules branch from 93393bd to 1fb4ac5 Compare March 19, 2024 14:21
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels Mar 19, 2024
@mdbooth
Copy link
Contributor Author

mdbooth commented Mar 19, 2024

I've fixed the bug and added some unit tests which would have triggered it.

@mdbooth mdbooth force-pushed the securitygrouprules branch from 1fb4ac5 to 8d20070 Compare March 19, 2024 15:23
@mdbooth
Copy link
Contributor Author

mdbooth commented Mar 19, 2024

/test pull-cluster-api-provider-openstack-e2e-full-test

@mdbooth mdbooth force-pushed the securitygrouprules branch from 8d20070 to 5e114e1 Compare March 19, 2024 15:56
@mdbooth
Copy link
Contributor Author

mdbooth commented Mar 19, 2024

/test pull-cluster-api-provider-openstack-e2e-full-test

@mdbooth mdbooth force-pushed the securitygrouprules branch from 5e114e1 to c4e5c2a Compare March 19, 2024 16:29
@mdbooth
Copy link
Contributor Author

mdbooth commented Mar 19, 2024

/test pull-cluster-api-provider-openstack-e2e-full-test

@huxcrux
Copy link
Contributor

huxcrux commented Mar 20, 2024

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 20, 2024
@mdbooth
Copy link
Contributor Author

mdbooth commented Mar 20, 2024

/hold cancel

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Mar 20, 2024
@k8s-ci-robot k8s-ci-robot merged commit 10b1ff4 into kubernetes-sigs:main Mar 20, 2024
10 checks passed
@EmilienM EmilienM deleted the securitygrouprules branch April 22, 2024 12:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

Including Security Group Rules make cluster status huge
4 participants