You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We are currently working on a new validating webhook in seed-admission-controller for such extension resources, see gardener/gardener#4293, I think we could include the validation of etcd resources there as well. Alternatively, etcd-druid could introduce its own validating webhook if for whatever reason the above option is not good enough.
Motivation (Why is this needed?):
We recently had a rather severe issue that could have been prevented if we had such validation in place, see gardener/gardener-extension-provider-azure#328 (comment). In this particular case, gardenlet was generating an etcd resource with a spec.backup.store.prefix set to -- due to a data race. With validation in place, we could have detected -- as an invalid spec.backup.store.prefix and prevented the reconciliation from continuing. This particular issue is already fixed in gardenlet (see gardener/gardener#4459 and gardener/gardener#4454), but similar issues may occur in the future.
Approach/Hint to the implement solution (optional):
The text was updated successfully, but these errors were encountered:
Thanks for creating the issue @stoyanr! @shreyas-s-rao created another issue #213 for the same purpose. But the approach is slightly different that it is suggesting to make the backup configuration fields immutable which will have much of the same effect as the validation proposed here. Should we keep and address both issues? WDYT?
Sorry @amshuman-kr I didn't see that issue yesterday. I think both approaches are valid and should be considered. Validation of etcd resources is needed for both of them, so the 2 issues are somewhat duplicates. Feel free to close one of them if you prefer.
Feature (What you would like to be added):
Please add validation code for etcd resources, similarly to the validation code that already exists for other Gardener extension resources, even though this is technically still dead code.
We are currently working on a new validating webhook in
seed-admission-controller
for such extension resources, see gardener/gardener#4293, I think we could include the validation ofetcd
resources there as well. Alternatively,etcd-druid
could introduce its own validating webhook if for whatever reason the above option is not good enough.Motivation (Why is this needed?):
We recently had a rather severe issue that could have been prevented if we had such validation in place, see gardener/gardener-extension-provider-azure#328 (comment). In this particular case,
gardenlet
was generating anetcd
resource with aspec.backup.store.prefix
set to--
due to a data race. With validation in place, we could have detected--
as an invalidspec.backup.store.prefix
and prevented the reconciliation from continuing. This particular issue is already fixed ingardenlet
(see gardener/gardener#4459 and gardener/gardener#4454), but similar issues may occur in the future.Approach/Hint to the implement solution (optional):
The text was updated successfully, but these errors were encountered: