OCPBUGS-55217: CombineCABundleConfigMaps: use optimistic create/update #1936
Conversation
vrutkovs
force-pushed
the
combine-cas-optimistic-update
branch
from
5fd5ebc to
7eaf2a0
Compare
vrutkovs
force-pushed
the
combine-cas-optimistic-update
branch
from
7eaf2a0 to
7af439c
Compare
vrutkovs
changed the title
openshift-ci-robot
added
the
jira/valid-reference
|
@vrutkovs: This pull request references API-1802 which is a valid jira issue. Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target either version "4.19." or "openshift-4.19.", but it targets "4.18.0" instead. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
vrutkovs
changed the title
openshift-ci
bot
added
the
do-not-merge/work-in-progress
vrutkovs
force-pushed
the
combine-cas-optimistic-update
branch
from
7af439c to
d5dd901
Compare
vrutkovs
changed the title
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
vrutkovs
changed the title
openshift-ci-robot
added
the
jira/valid-bug
|
@vrutkovs: This pull request references Jira Issue OCPBUGS-55217, which is valid. 3 validation(s) were run on this bug
Requesting review from QA contact: The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
|
/cc |
| "ca-bundle.crt": string(caBytes), | ||
| }, | ||
| modified := additionalAnnotations.EnsureTLSMetadataUpdate(&cm.ObjectMeta) | ||
| cm.Data = map[string]string{ | ||
| "ca-bundle.crt": string(caBytes), | ||
| } | ||
| return cm, nil | ||
| return cm, modified, nil |
There was a problem hiding this comment.
How is the bool return value supposed to be interpreted? It's unclear to me what it means when EnsureTLSMetadataUpdate returns false (and so the returned bool value is false) but Data has been mutated.
There was a problem hiding this comment.
modified here returns if update is necessary:
requiredConfigMap, updateRequired, err := resourcesynccontroller.CombineCABundleConfigMaps(
It means either metadata or contents has changed. I think I missed "content has changed, but not the metadata", so I'll add some unittests to verify that
| applyoperatorv1 "github.com/openshift/client-go/operator/applyconfigurations/operator/v1" | ||
|
|
There was a problem hiding this comment.
Could this make backporting more painful?
There was a problem hiding this comment.
This may complicate it, yes, but I'd prefer to avoid packports to 4.18 and earlier as we don't have stable rotation tests for them anyway
| @@ -14,15 +14,22 @@ import ( | |||
| "github.com/openshift/library-go/pkg/operator/certrotation" | |||
| ) | |||
|
|
|||
| func CombineCABundleConfigMaps(destinationConfigMap ResourceLocation, lister corev1listers.ConfigMapLister, additionalAnnotations certrotation.AdditionalAnnotations, inputConfigMaps ...ResourceLocation) (*corev1.ConfigMap, error) { | |||
| func CombineCABundleConfigMaps(destinationConfigMap *corev1.ConfigMap, lister corev1listers.ConfigMapLister, additionalAnnotations certrotation.AdditionalAnnotations, inputConfigMaps ...ResourceLocation) (*corev1.ConfigMap, bool, error) { | |||
There was a problem hiding this comment.
This must not have any unit test coverage... could you add some to cover the behavior change being made please?
vrutkovs
force-pushed
the
combine-cas-optimistic-update
branch
from
d5dd901 to
f4c068a
Compare
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: vrutkovs The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| @@ -14,15 +14,21 @@ import ( | |||
| "github.com/openshift/library-go/pkg/operator/certrotation" | |||
| ) | |||
|
|
|||
| func CombineCABundleConfigMaps(destinationConfigMap ResourceLocation, lister corev1listers.ConfigMapLister, additionalAnnotations certrotation.AdditionalAnnotations, inputConfigMaps ...ResourceLocation) (*corev1.ConfigMap, error) { | |||
| func CombineCABundleConfigMaps(destinationConfigMap *corev1.ConfigMap, lister corev1listers.ConfigMapLister, additionalAnnotations certrotation.AdditionalAnnotations, inputConfigMaps ...ResourceLocation) (*corev1.ConfigMap, bool, error) { | |||
There was a problem hiding this comment.
Is there a reasonable way to introduce this as a function with a different name, and deprecate the existing one, to avoid lockstep updates to hypershift, kas-o, kcm-o, and scheduler-o?
There was a problem hiding this comment.
Yeah, I think it would be a good idea
| if !reflect.DeepEqual(cm.Data, newCMData) { | ||
| modified = true | ||
| } | ||
| return cm, nil | ||
|
|
||
| cm.Data = newCMData |
There was a problem hiding this comment.
Nit: I expected to see the assignment to cm.Data inside the "then" block with the assignment to modified. It looks correct to me either way.
| } | ||
|
|
||
| func (m *mockConfigMapNamespaceLister) List(selector labels.Selector) ([]*corev1.ConfigMap, error) { | ||
| return nil, nil |
There was a problem hiding this comment.
Nit: Panic in unimplemented stubs to prevent someone later using them by mistake.
| if err == nil && result == nil { | ||
| t.Errorf("Expected result to not be nil when no error occurred") | ||
| } | ||
|
|
There was a problem hiding this comment.
Any reason not to compare the full returned CM against an expected CM?
There was a problem hiding this comment.
Right, it would verify removal of expired certs too
vrutkovs
force-pushed
the
combine-cas-optimistic-update
branch
from
f4c068a to
f1ee606
Compare
It should be <namespace>-<name>, not the other way around
Instead of re-creating configmap from scratch every time this function should attempt to use existing configmap and replace the contents only. This would prevent extra configmap updates when metadata changes
vrutkovs
force-pushed
the
combine-cas-optimistic-update
branch
from
f1ee606 to
855d77f
Compare
|
@vrutkovs: all tests passed! Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
Instead of re-creating configmap from scratch every time this function should attempt to use existing configmap and replace the contents only. This would prevent extra configmap updates when metadata changes.
Tested in openshift/cluster-kube-apiserver-operator#1812