Add MCO-1002 enhancement

pablintino · pablintino · commit 6fc302bdb2cc · 2025-05-01T13:25:31.000+02:00
diff --git a/enhancements/machine-config/machine-config-non-reconcilable-changes.md b/enhancements/machine-config/machine-config-non-reconcilable-changes.md
@@ -0,0 +1,189 @@
+---
+title: machine-config-non-reconcilable-changes
+authors:
+  - "@pablintino"
+reviewers:
+  - "@yuqi-zhang"
+approvers:
+  - "@yuqi-zhang"
+api-approvers:
+  - "@JoelSpeed"
+creation-date: 2025-04-23
+tracking-link:
+  - https://issues.redhat.com/browse/MCO-1002
+see-also:
+replaces:
+superseded-by:
+---
+
+# MachineConfig Non-Reconcilable Changes
+
+## Summary
+
+This enhancement describes the context around the MCO validation of MC CRs and 
+why it will need to be skipped under certain, specific, circumstances. There 
+are known customer use-cases that requires making non-reconcilable MC changes.
+
+## Motivation
+
+The MCO performs an internal validation of the rendered MC applied to each 
+pool before applying it to the nodes. The MCO validation process can be split 
+into three phases:
+
+1. Parse the Ignition raw configuration.
+2. Ensure the Ignition configuration is valid.
+3. Ensure there are no changes to non-reconcilable fields.
+
+The first two steps are self-explanatory and are not covered by this 
+enhancement, as the MCO will always perform them. The third one, the 
+validation of non-reconcilable fields, is the main target of this enhancement.
+
+The rendered MCs are fetched by new nodes when they join, and at that time, 
+Ignition itself run following the instructions of the rendered MC Ignition. 
+After the first boot the MCO is in charge of applying supported changes to 
+nodes, and even if its configuration adheres to the Ignition schema, not all of 
+the fields are supported after the first boot. The non-reconcilable 
+validation mechanism alerts the user with a detailed message of the changes in 
+MCs that are not supported.
+As stated, the main limitation behind the configuration validation is that the 
+MCO does not support the complete Ignition schema thus, the only way for a 
+user to make changes that the MCO does not support is to recreate the cluster 
+from scratch.
+To avoid trashing and spinning the cluster up from scratch this enhancement 
+proposes a flag in the MCO MachineConfiguration CR to tell the MCO to skip the 
+validations and let the MCS serve the Ignition configuration, that can be used 
+by new nodes. Not supported fields are harmless for the already existing nodes
+, that given the new configuration, will only apply changes for the fields the 
+MCD supports.
+
+### User Stories
+
+* As a cluster admin, I am adding new nodes to a long-standing cluster and I 
+would like change the partitions for the new nodes.
+* As a cluster admin, I am adding new nodes to a long-standing cluster and the 
+new hardware requires a different set of kernel arguments that I would like 
+to introduce.
+
+### Goals
+
+* Add a knob in MCO's MachineConfiguration CR to skip non-reconcilable fields 
+validation if necessary.
+
+### Non-Goals
+
+* Allow invalid Ignition/MachineConfig fields to be applied.
+* Disable non-reconcilable MCs validation by default.
+
+## Proposal
+
+Update the MachineConfiguration CR by adding a new field to the spec that 
+allows users to bypass validation for irreconcileable MachineConfig changes. 
+The field will default to the current behaviour that is to 
+validate all rendered MCs.
+
+The MachineConfig Controller and the MachingConfig MachineConfigDaemons will 
+read in runtime the new field and if the value explicitely states that the 
+validation should be skipped they will let the MC pass and get applied to 
+the nodes.
+
+MachineConfig daemons will continue to perform the already supported updates 
+to nodes, no matter if the non-reconcilable validation is skipped or not.
+Already existing nodes that receives only non-supported changes will skip the 
+update and will be considered updated.
+
+### Workflow Description
+
+When a MCO user modifies the cluster-wide MachineConfigs a new rendered 
+MachineConfig CR is created for each pool that has an association with the 
+created, modified or deleted MachineConfig. The rendered MachineConfig, before
+being applied, is validated against the Ignition Schema.
+
+After the Ignition validation is done, the non-reconcilable fields validation 
+is performed or skipped based on the proposed
+`machineConfigurationValidationPolicy` field in the MachineConfiguration CR.
+If the field is set to `Relaxed` the non-reconcilable fields validation is 
+skipped performed, otherwise is done.
+
+The non-reconcilable MC validation remains as it is with this enhancement, as 
+the [implementation](https://github.com/openshift/machine-config-operator/blob/e44d380686aee42f784a277236dbac49b083441e/pkg/controller/common/reconcile.go#L69) 
+does not change with this enhancement.
+
+### API Extensions
+
+- Update the MachineConfiguration CRD to add an enumeration field, called 
+`machineConfigurationValidationPolicy` that is used as the validation 
+skipping toggle. The field does not set a default values to let the MCO pick 
+what to do in the default case. The enumeration has only two values:
+    - Strict: Validation is always performed. This is the value the MCO will
+    use as default.
+    - Relaxed: The validation of non reconcilable fields is skipped and only 
+    the Ignition syntactic validation will be done. 
+
+### Risks and Mitigations
+
+By setting `machineConfigurationValidationPolicy` to `Relaxed` the customer 
+acknowledges that providing MCs that make use of Ignition features out of the 
+scope of the MCO will lead to cluster with nodes using different Ignition 
+configurations.
+
+### Drawbacks
+
+None.
+
+## Design Details
+
+### Open Questions [optional]
+
+None.
+
+### Test Plan
+
+MCO e2e tests and unit tests will cover this functionality.
+
+### Graduation Criteria
+
+This feature is behind the tech-preview FeatureGate in 4.20. 
+Once it is tested by QE and users it can be GA'd since it should not impact 
+daily usage of a cluster.
+
+## Dev Preview -> Tech Preview
+
+Not applicable. Feature introduced in Tech Preview. 
+
+## Tech Preview -> GA
+
+Bugs found by e2e tests and QE are .
+
+#### Removing a deprecated feature
+
+### Upgrade / Downgrade Strategy
+
+Upgrades or downgrades are not impacted by the presence or not of this feature.
+
+### Version Skew Strategy
+
+Not applicable.
+
+### Operational Aspects of API Extensions
+
+#### Failure Modes
+
+If the non-reconcilable configuration validation is performed and it fails 
+the MCO continues to report the failure as it is alraedy doing in the MCP, by
+setting to the MCP the `RenderDegraded` condition to true.
+
+If the configuration reaches the MCD and the non-reconcilable validation 
+fails the MCN `UpdatePrepared` condition is updated with the details of the 
+validation failure.
+
+#### Support Procedures
+
+None.
+
+## Implementation History
+
+Not applicable.
+
+## Alternatives (Not Implemented)
+
+Not applicable.
