Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replication depends on "replicated-from-version", not on actual contents #349

Open
stippi2 opened this issue Sep 11, 2024 · 1 comment · May be fixed by #352
Open

Replication depends on "replicated-from-version", not on actual contents #349

stippi2 opened this issue Sep 11, 2024 · 1 comment · May be fixed by #352
Labels
bug

Comments

@stippi2
Copy link
Contributor

stippi2 commented Sep 11, 2024
edited
Loading

Describe the bug
The replicator uses the annotation replicated-from-version to figure out if it has to do anything. It skips replication if the value of this annotation is already the resource-version of the source resource.
If a pull-mode resource is applied again, its value is overwritten with an empty value, but the replicator will ignore it and not fill it again.

To Reproduce

  • Create a YAML file with a resource configured for pull-mode: 
    apiVersion: v1
kind: Secret
metadata:
  name: secret-replica
  annotations:
    replicator.v1.mittwald.de/replicate-from: default/some-secret
data: {}
  • kubectl apply -f this resource.
  • The replicator will fill the resource from the source resource and add the replicator.v1.mittwald.de/replicated-from-version annotation with a value containing the K8s resource-version of the source.
  • Now apply the resource again (kubectl apply -f). This step simulates a subsequent deployment (update). Maybe this resource is part of a helm Chart. It is not changed in the Chart, but applying it again does not have no effect! Instead, it has the effect of overwriting the contents of the secret with an empty value again (data: {}). That is because the applied resource is different from that resource in the K8s API server.
  • Since the annotation replicator.v1.mittwald.de/replicated-from-version is not part of the YAML file, it is not changed.
  • The replicator will received a CHANGED event for the resource. It will compare the value of the replicated-from-version annotation with the resource-version of the source secret and conclude that nothing needs to be done.
  • The target secret remains empty.

Expected behavior
The replicator feels responsible for always keeping the payload of the target and source resources in sync and uses an appropriate mechanism that can guarantee this.

Environment:

  • Kubernetes version: Not relevant
  • kubernetes-replicator version: v2.10.1

Additional context
I open the issue to discuss possible solutions. My proposal would be to deprecate the replicated-from-version annotation and instead always compare the payloads. I am aware this is slightly more costly in terms of CPU usage during startup of the replicator, when it receives ADDED events for all resources that it watches. However, I believe it is worth it. I would like to implement the agreed upon solution and open a PR.
@stippi2 stippi2 added the bug label Sep 11, 2024
@stippi2 stippi2 mentioned this issue Sep 12, 2024
Open
@stippi2
Copy link
Contributor Author

stippi2 commented Sep 16, 2024

@martin-helmich: Would be great to get your general opinion on this one. If you prefer, we could also just create a PR that introduces a command line option for changing the behavior on an opt-in basis?

@stippi2 stippi2 linked a pull request Oct 16, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
1 participant
@stippi2