Add support for MachineDeployment to detect infrastructure spec changes #1114
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: vincepri The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
vincepri
force-pushed
the
v1a2-machinedeployment-controller
branch
from
a84bcda to
2bb4167
Compare
|
/test pull-cluster-api-test |
|
In the past we had discussed making the InfrastructureSpec (as well as the BootstrapperSpec) be immutable, which would avoid the need to compute the hashes of those as part of the MachineDeployment, and instead would force a user to update the references to different objects. |
|
@detiber I don't remember having that discussion, but I definitely like the idea! |
|
@ncdc the potential problem there is that we use the same object type for the template and linking to a Machine (where updates may actually be needed). I'm wondering if this is a good reason to introduce a provider-specified Template type that embeds the provider-specified type for this purpose. With the expectation that the provider-specified Template types have an associated webhook to disallow update/patch. |
|
Wouldn't the change proposed make the Machine template immutable in the same way when working in AWS with AutoScalingGroups? The InfrastructureRef is used as a template, but when modified a new version is rolled out as you'd expect. The Machine template copies will be untouched. Infrastructure providers can disallow updating those objects without the need of another layer of indirection. |
|
@vincepri I'm thinking that the Infrastrcture CRDs may have use cases where they need to be updated in place, similar to what we do today with the aws providerspecs. |
|
@detiber That could be allowed by providers on individual Machine objects (by using the referenced Infrastructure object). When we talked about MachineDeployment/MachineSet, I recall we wanted these to act like template spec is always immutable. |
|
@vincepri that makes admission control more difficult, because now you have to query the api server or check owner references instead of just allowing/disallowing update/patch by type. |
|
Let's chat more on Friday 😄, I might be missing some details |
Signed-off-by: Vince Prignano <[email protected]>
vincepri
force-pushed
the
v1a2-machinedeployment-controller
branch
from
2bb4167 to
b179b68
Compare
|
/close |
|
@vincepri: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Signed-off-by: Vince Prignano [email protected]
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Related to #1038
Special notes for your reviewer:
Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.
Release note: