🐛validation for not having both local and external etcd in control plane #2598
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
/milestone v0.3.0 |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nader-ziada, vincepri The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
| ) | ||
| } | ||
|
|
||
| if in.Spec.KubeadmConfigSpec.InitConfiguration.Etcd.External != nil && in.Spec.KubeadmConfigSpec.InitConfiguration.Etcd.Local != nil { |
There was a problem hiding this comment.
not blocking for this PR, but the "real" kubeadm configuration/v1alpha3 does not have embedded ClusterConfiguration; wondering why we are doing this in the bootstrap provider...
There was a problem hiding this comment.
This case can be removed as well as the first two cases will cover all the checks we need.
The only reason this check would ever get triggered is if someone first deletes the local configuration and then tries to update both local and external at the same time. I don't think we need to handle this edge case right now.
There was a problem hiding this comment.
One minor change in semantics, but this is 90% of the way there
@fabriziopandini it's likely just an oversight. The details of kubeadm sometimes get lost when thinking too much about cluster api. If you have suggestions, we are all ears!
| @@ -293,6 +291,23 @@ func TestKubeadmControlPlaneValidateUpdate(t *testing.T) { | |||
| scaleToEvenExternalEtcdCluster := beforeExternalEtcdCluster.DeepCopy() | |||
| scaleToEvenExternalEtcdCluster.Spec.Replicas = pointer.Int32Ptr(2) | |||
|
|
|||
| beforeInvalidEtcdCluster := before.DeepCopy() | |||
| beforeInvalidEtcdCluster.Spec.KubeadmConfigSpec.ClusterConfiguration = &kubeadmv1beta1.ClusterConfiguration{ | |||
There was a problem hiding this comment.
This is testing a slightly different use case than what the issue describes. This test cases is for an object that is invalid to start with won't accept any updates.
Could you modify this test so that the before configuration has local and then the after is trying to add an external configuration?
| @@ -229,6 +231,30 @@ func (in *KubeadmControlPlane) validateCommon() (allErrs field.ErrorList) { | |||
| return allErrs | |||
| } | |||
|
|
|||
| func (in *KubeadmControlPlane) validateEtcd() (allErrs field.ErrorList) { | |||
There was a problem hiding this comment.
This will need to accept prev as an argument to do a check between previous and new
There was a problem hiding this comment.
actually, what exists should be sufficient, just the test would need updating
There was a problem hiding this comment.
ok sorry for the back and forth haha, i'm thinking about various use cases.
But I've got an example that this should cover:
If an existing config defines local
then the user manually removes the local config and supplies an external config in the same transaction
the check that only looks at in's configuration is not sufficient and will need to see if previous had either local or external and ensure that the incoming structure does not define the opposite while removing the old one.
Does that make sense? That felt hard to explain so I'd be happy to hop on a call to explain further if necessary
There was a problem hiding this comment.
@chuckha please take a look
|
/test pull-cluster-api-capd-e2e |
| ) | ||
| } | ||
|
|
||
| if in.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.External != nil && in.Spec.KubeadmConfigSpec.ClusterConfiguration.Etcd.Local != nil { |
There was a problem hiding this comment.
This shouldn't reference the ClusterConfiguration, please see: https://github.com/kubernetes-sigs/cluster-api/pull/2605/files
This can be removed
There was a problem hiding this comment.
ok, didn't see that other PR :D
| ) | ||
| } | ||
|
|
||
| if in.Spec.KubeadmConfigSpec.InitConfiguration.Etcd.External != nil && in.Spec.KubeadmConfigSpec.InitConfiguration.Etcd.Local != nil { |
There was a problem hiding this comment.
This case can be removed as well as the first two cases will cover all the checks we need.
The only reason this check would ever get triggered is if someone first deletes the local configuration and then tries to update both local and external at the same time. I don't think we need to handle this edge case right now.
| allErrs = append( | ||
| allErrs, | ||
| field.Forbidden( | ||
| field.NewPath("spec", "kubeadmConfigSpec", "clusterConfiguration", "etcd", "external"), |
There was a problem hiding this comment.
this should be local instead of external
| External: &kubeadmv1beta1.ExternalEtcd{ | ||
| Endpoints: []string{"127.0.0.1"}, | ||
| }, | ||
| Local: &kubeadmv1beta1.LocalEtcd{ |
There was a problem hiding this comment.
this local should be undefined in this struct. The incoming would only have the external defined and our validations should catch that there is already local defined and we're trying to also define an external configuration.
| allErrs = append( | ||
| allErrs, | ||
| field.Forbidden( | ||
| field.NewPath("spec", "kubeadmConfigSpec", "initConfiguration", "etcd", "local"), |
There was a problem hiding this comment.
Ah, this one should be "external" instead of "local".
The reason is that this field is the thing that gets bubbled up to the user and the field on the in type is the one that the user tried to change. So if they change external but then we tell them local is forbidden that's a pretty confusing error message
|
That failure is a known flake, please see #2593 for more information. This looks good, thanks /lgtm |
k8s-ci-robot
added
the
lgtm
|
/test pull-cluster-api-capd-e2e |
What this PR does / why we need it:
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Fixes #2580