Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ClusterClass webhook allow compatible reference changes #5197

Closed
fabriziopandini opened this issue Sep 3, 2021 · 5 comments · Fixed by #5213
Closed

ClusterClass webhook allow compatible reference changes #5197

fabriziopandini opened this issue Sep 3, 2021 · 5 comments · Fixed by #5213
Assignees
Labels
area/clusterclass Issues or PRs related to clusterclass kind/bug Categorizes issue or PR as related to a bug. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor.
Milestone

Comments

@fabriziopandini
Copy link
Member

fabriziopandini commented Sep 3, 2021

Current ClusterClass webhook implementation ensures that references to template Objects are correct and fully provided. and then enforce immutability.

We should allow for reference changes, thus supporting the template rotation operation pattern,

However, in this case, it is required to implement checks ensuring compliance with the compatibility rules defined in the proposal (the last bullet in the list)

Environment:

  • Cluster-api version: master

/kind bug

@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Sep 3, 2021
@fabriziopandini
Copy link
Member Author

/area topology
/milestone v0.4

@k8s-ci-robot k8s-ci-robot added this to the v0.4 milestone Sep 3, 2021
@fabriziopandini
Copy link
Member Author

@yastij to add about the use case of renaming an apigroup, which is not included in the current compatibility definition

@sbueringer
Copy link
Member

Minor addition: Afaik we currently make sure they are immutable:

func (in ClusterClass) validateCompatibleSpecChanges(old *ClusterClass) field.ErrorList {
var allErrs field.ErrorList
// in case of create, no changes to verify
// return early.
if old == nil {
return nil
}
// Ensure that the old MachineDeployments still exist.
allErrs = append(allErrs, in.validateMachineDeploymentsChanges(old)...)
if !reflect.DeepEqual(in.Spec.Infrastructure, old.Spec.Infrastructure) {
allErrs = append(allErrs,
field.Invalid(
field.NewPath("spec", "infrastructure"),
in.Spec.Infrastructure,
"cannot be changed.",
),
)
}
if !reflect.DeepEqual(in.Spec.ControlPlane, old.Spec.ControlPlane) {
allErrs = append(allErrs,
field.Invalid(
field.NewPath("spec", "controlPlane"),
in.Spec.Infrastructure,
"cannot be changed.",
),
)
}
return allErrs
}
func (in ClusterClass) validateMachineDeploymentsChanges(old *ClusterClass) field.ErrorList {
var allErrs field.ErrorList
// Ensure no MachineDeployment class was removed.
classes := in.Spec.Workers.classNames()
for _, oldClass := range old.Spec.Workers.MachineDeployments {
if !classes.Has(oldClass.Class) {
allErrs = append(allErrs,
field.Invalid(
field.NewPath("spec", "workers", "machineDeployments"),
in.Spec.Workers.MachineDeployments,
fmt.Sprintf("The %q MachineDeployment class can't be removed.", oldClass.Class),
),
)
}
}
// Ensure no previous MachineDeployment class was modified.
for _, class := range in.Spec.Workers.MachineDeployments {
for _, oldClass := range old.Spec.Workers.MachineDeployments {
if class.Class == oldClass.Class && !reflect.DeepEqual(class, oldClass) {
allErrs = append(allErrs,
field.Invalid(
field.NewPath("spec", "workers", "machineDeployments"),
class,
"cannot be changed.",
),
)
}
}
}
return allErrs
}

@fabriziopandini
Copy link
Member Author

fabriziopandini commented Sep 4, 2021

@sbueringer you are right, and sorry for did not provide full context here.

The background idea behind this issue it that at this stage, IMO we can reasonably start to allow an initial set of ClusterClass mutations by enabling metadata changes (see ClusterClass webhook should allow for metadata mutation #5192) and template rotation according to the idea of compatible change (this issue).

A similar discussion is happening on #5195 (comment), however with a slight different perspective (how to react timely to changes).

I have update the issue title and description accordingly.

@fabriziopandini fabriziopandini changed the title ClusterClass webhook should prevent incompatible reference changes ClusterClass webhook allow compatible reference changes Sep 4, 2021
@fabriziopandini
Copy link
Member Author

/assign
/lifecycle active

@k8s-ci-robot k8s-ci-robot added the lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. label Sep 6, 2021
@killianmuldoon killianmuldoon added the area/clusterclass Issues or PRs related to clusterclass label May 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/clusterclass Issues or PRs related to clusterclass kind/bug Categorizes issue or PR as related to a bug. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor.
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants