🌱 Improve dry run for topology changes to dry run server side apply #6710
Conversation
k8s-ci-robot
added
cncf-cla: yes
chrischdi
force-pushed
the
poc-ssa-dryrun
branch
7 times, most recently
from
718866b to
ae40566
Compare
internal/controllers/topology/cluster/structuredmerge/serversidepathhelper.go
Show resolved
Hide resolved
internal/controllers/topology/cluster/structuredmerge/serversidepathhelper.go
Show resolved
Hide resolved
internal/controllers/topology/cluster/structuredmerge/serversidepathhelper.go
Outdated
Show resolved
Hide resolved
chrischdi
force-pushed
the
poc-ssa-dryrun
branch
2 times, most recently
from
74b5ec0 to
b8581ce
Compare
|
/hold competes with #6709 /test all |
k8s-ci-robot
added
the
do-not-merge/hold
|
/test all |
chrischdi
force-pushed
the
poc-ssa-dryrun
branch
from
2df44b4 to
d3748ce
Compare
|
e2e currently fails due to:
We have to catch immutability some more... |
|
Hm. That's an interesting issue. Any ideas on how to work around this? A lot of InfrastructureMachineTemplates are immutable |
Yes, catch the error (what we already do) but detect it as |
I probably misunderstood. My impression is we can't run SSA dryrun on immutable templates because the Validation Webhook will block it so then we won't get a meaningful diff? Does the SSA dryrun give us a result despite the validation webhook blocking the request? |
See the implementation. Thats imho the best we can do here: identify if the error causes are only of spec fields which got are marked as invalid. |
chrischdi
force-pushed
the
poc-ssa-dryrun
branch
2 times, most recently
from
0b269dc to
cc65936
Compare
Just that I interpret the code correctly. If we get an CauseTypeFieldValueInvalid error from a field in spec. we assume we have changes? So as long as immutable errors are returned as CauseTypeFieldValueInvalid and with the correct path we detect immutable errors as changes. Which is correct because without changes no immutable error. I think this doesn't cover cases where e.g. the CAPA provider returns a BadRequest error?
|
|
Just a short status update: we discussed the issue a bit and evaluated options. We will explore them and then make a suggestion |
chrischdi
force-pushed
the
poc-ssa-dryrun
branch
from
cc65936 to
7726fcb
Compare
|
lgtm pending squash + #6710 (comment) I would be fine with moving #6710 (comment) to a follow-up issue so we get this PR merged ASAP and still get a few days time in CI. |
Regarding squash: @fabriziopandini do we still want to keep the CAPD change as seperate commit? Sounds good to move it to a follow-up. I think we could even link the commit for the CAPD change if we want (which we can do after merge only)?! |
|
/test pull-cluster-api-e2e-full-main |
|
@chrischdi: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
Runtime SDK flake: https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/kubernetes-sigs_cluster-api/6710/pull-cluster-api-e2e-full-main/1544943529262845952 Getting addressed by #6817 ? @killianmuldoon /retest |
I would prefer having relevant documentation directly in the documentation vs. linking to commits on merged PRs. No objections to an additional link. I think the link to the commit stays the same (now vs after merge) |
cc @fabriziopandini @sbueringer /test pull-cluster-api-e2e-full-main |
|
/cherry-pick release-1.2 |
|
@chrischdi: once the present PR merges, I will cherry-pick it on top of release-1.2 in a new PR and assign it to you. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
* Adds helper function for CustomValidators to skip immutability checks * CAPD: skip immutability checks for topology dry run * book: add provider documentation Co-authored-by: fabriziopandini <[email protected]>
|
/test pull-cluster-api-e2e-full-main |
|
Thx |
k8s-ci-robot
added
the
lgtm
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: fabriziopandini The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
@chrischdi: new pull request created: #6861 In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
What this PR does / why we need it:
This proposes an improvement on how we implement dry run for detecting changes by actually using dry run server side apply.
The proposed implementation has the following advantages
Disadvantages:
TODOs:
InfrastructureMachineTemplateorBootstrapTemplate): If there are existing validating webhooks which block due to immutability when a resource gets updated (ValidateUpdate) they need to implement thesigs.k8s.io/cluster-aip/util/webhooks.TopologyAwareValidatorinstead which provides a bool to decide skipping immutability checks