Bug 1857175: enforce clusterID label via webhook and preserve old behaviour in the backend #644
Conversation
This reverts commit 75857f1.
enxebre
changed the title
openshift-ci-robot
added
bugzilla/severity-high
|
@enxebre: This pull request references Bugzilla bug 1857175, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/hold |
openshift-ci-robot
added
the
do-not-merge/hold
|
@enxebre: This pull request references Bugzilla bug 1857175, which is valid. 3 validation(s) were run on this bug
DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
JoelSpeed
left a comment
JoelSpeed
left a comment
There was a problem hiding this comment.
Should we update the validating webhooks so that the label can't be modified later as well? I expect we would want the clusterID label to be immutable?
| if m.GetLabels() == nil { | ||
| m.Labels = make(map[string]string) | ||
| } | ||
| m.Labels[MachineClusterIDLabel] = h.clusterID |
There was a problem hiding this comment.
Why use the interface accessor on one line, then the struct member on another? Seems odd to me
| if m.GetLabels() == nil { | |
| m.Labels = make(map[string]string) | |
| } | |
| m.Labels[MachineClusterIDLabel] = h.clusterID | |
| if m.Labels == nil { | |
| m.Labels = make(map[string]string) | |
| } | |
| m.Labels[MachineClusterIDLabel] = h.clusterID |
| if ms.GetLabels() == nil { | ||
| ms.Labels = make(map[string]string) | ||
| } | ||
| ms.Labels[MachineClusterIDLabel] = h.clusterID |
There was a problem hiding this comment.
Same as above
| if ms.GetLabels() == nil { | |
| ms.Labels = make(map[string]string) | |
| } | |
| ms.Labels[MachineClusterIDLabel] = h.clusterID | |
| if ms.Labels == nil { | |
| ms.Labels = make(map[string]string) | |
| } | |
| ms.Labels[MachineClusterIDLabel] = h.clusterID |
Yeh but this might have other implications on existing resources difficult to predict. Let's scope this PR to fix the existing issue while improving the current experience for creation. |
Make sense /approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JoelSpeed The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
|
tested this on a running cluster and realised I was defaulting the wrong labels for the machineSet. Fixed now. |
…nd machineSet via webhook With openshift#608 we dropped the burden from the user to set the clusterID label on machines. As elaborated in openshift#608 (comment) the motivation is that this is an implementation detail that users shouldn't care about. However as the labels are used by machineSet to determine ownership, the change introduced above might result in edge scenarios where the machineSet and machine label has a different value. This would result in machines going orphan and the machineSet recreating new instances. Bad. Therefore we choose now to remove the burden from users by enforcing the label value via webhhooks and keeping the old behaviour in the backend to avoid any chance of breaking existing environments where bad input might have been set as in https://bugzilla.redhat.com/show_bug.cgi?id=1857175.
|
/retest |
…uster-api-cluster With #608 we dropped the burden from the user to set the clusterID label on machines. As elaborated in #608 (comment) the motivation is that this is an implementation detail that users shouldn't care about. However as the labels are used by machineSet to determine ownership, the change introduced above might result in edge scenarios where the machineSet and machine label has a different value. This would result in machines going orphan and the machineSet recreating new instances. Bad. Therefore we choose now to remove the burden from users by enforcing the label value via webhhooks and keeping the old behaviour in the backend to avoid any chance of breaking existing environments where bad input might have been set as in https://bugzilla.redhat.com/show_bug.cgi?id=1857175. This should be fixed by openshift/machine-api-operator#644 and this PR validates that scenario.
…hift.io/cluster-api-cluster With #608 we dropped the burden from the user to set the clusterID label on machines. As elaborated in #608 (comment) the motivation is that this is an implementation detail that users shouldn't care about. However as the labels are used by machineSet to determine ownership, the change introduced above might result in edge scenarios where the machineSet and machine label has a different value. This would result in machines going orphan and the machineSet recreating new instances. Bad. Therefore we choose now to remove the burden from users by enforcing the label value via webhhooks and keeping the old behaviour in the backend to avoid any chance of breaking existing environments where bad input might have been set as in https://bugzilla.redhat.com/show_bug.cgi?id=1857175. This should be fixed by openshift/machine-api-operator#644 and this PR validates that scenario.
…hift.io/cluster-api-cluster With #608 we dropped the burden from the user to set the clusterID label on machines. As elaborated in #608 (comment) the motivation is that this is an implementation detail that users shouldn't care about. However as the labels are used by machineSet to determine ownership, the change introduced above might result in edge scenarios where the machineSet and machine label has a different value. This would result in machines going orphan and the machineSet recreating new instances. Bad. Therefore we choose now to remove the burden from users by enforcing the label value via webhhooks and keeping the old behaviour in the backend to avoid any chance of breaking existing environments where bad input might have been set as in https://bugzilla.redhat.com/show_bug.cgi?id=1857175. This should be fixed by openshift/machine-api-operator#644 and this PR validates that scenario.
|
/hold cancel |
openshift-ci-robot
removed
the
do-not-merge/hold
|
@enxebre: This pull request references Bugzilla bug 1857175, which is valid. 3 validation(s) were run on this bug
DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/test e2e-azure-operator |
|
/retest Please review the full test history for this PR and help us cut down flakes. |
|
@enxebre: All pull requests linked via external trackers have merged: openshift/machine-api-operator#644. Bugzilla bug 1857175 has been moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This enabled webhooks to enforce the clusterID labels on machineSet/machine creation openshift#644. To avoid any difficult to predict side effect we want to honour any existing value that is already set on existing resources.
This is to bring openshift/machine-api-operator#644 and so restoring the previous backend behaviour in the machine controller openshift/machine-api-operator@261c337
This is to bring openshift/machine-api-operator#644 and so restoring the previous backend behaviour in the machine controller openshift/machine-api-operator@261c337
This is to bring openshift/machine-api-operator#644 and so restoring the previous backend behaviour in the machine controller openshift/machine-api-operator@261c337
…-api-operator#644 This is to bring openshift/machine-api-operator#644 and so restoring the previous backend behaviour in the machine controller openshift/machine-api-operator@261c337
|
@enxebre: Some pull requests linked via external trackers have merged: . The following pull requests linked via external trackers have not merged:
DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Bug 1857175: Revendor mao to bring openshift/machine-api-operator#644
Bug 1857175: Revendor mao to bring openshift/machine-api-operator#644
…-api-operator#644 This is to bring openshift/machine-api-operator#644 and so restoring the previous backend behaviour in the machine controller openshift/machine-api-operator@261c337
This tries to fix the following scenario: We set ms.Spec.Selector.MatchLabels[MachineClusterIDLabel] if it's not present. It's not present and we set it to the correct value. If there happens to be a bad label in `ms.Spec.Template.Labels` this would result in a miss match. Follow for openshift#608, openshift#644 and openshift#653.
This enabled webhooks to enforce the clusterID labels on machineSet/machine creation openshift#644. To avoid any difficult to predict side effect we want to honour any existing value that is already set on existing resources.
6 participants
With #608 we dropped the burden from the user to set the clusterID label on machines.
As elaborated in #608 (comment) the motivation is that this is an implementation detail that users shouldn't care about.
However as the labels are used by machineSet to determine ownership, the change introduced above might result in edge scenarios where the machineSet and machine label has a different value. This would result in machines going orphan and the machineSet recreating new instances. Bad.
Therefore we choose now to remove the burden from users by enforcing the label value via webhhooks and keeping the old behaviour in the backend to avoid any chance of breaking existing environments where bad input might have been set as in https://bugzilla.redhat.com/show_bug.cgi?id=1857175.
openshift/cluster-api-actuator-pkg#178
openshift/cluster-api-provider-gcp#106
openshift/cluster-api-provider-azure#153
openshift/cluster-api-provider-aws#341