🐛 Allow SSA after normal resource creation

[filipcirtog]

Addressing issue #3344

Issue:

• When using Server-Side Apply (SSA) users could encounter the following error: object %v does not implement the protobuf marshalling interface and cannot be encoded to a *client.applyconfigurationRuntimeObject protobuf message.

Root Cause:

• By default, the content-type is set to "protobuf" when creating in-tree resources. If resources were previously created without using Server-Side Apply (SSA), attempting an SSA operation later caused the GroupVersionKind (GVK) to be identified, halting execution before a new client with the forceDisableProtoBuf option could be created. This resulted in unintended generation of Protobuf requests, which SSA does not support, causing the previous error.

Changes Made:

• The implementation now includes a cache key that combines both the actual GVK (GroupVersionKind) and the forceDisableProtoBuf flag. This ensures that we now support up to two distinct clients for each GVK: one with forceDisableProtoBuf enabled and another without it.

[linux-foundation-easycla]

The committers listed above are authorized under a signed CLA.

• ✅ login: filipcirtog / name: Filip Cirtog (45ba50e, 4e755a1, a285a4f)

[k8s-ci-robot]

Welcome @filipcirtog!

It looks like this is your first PR to kubernetes-sigs/controller-runtime 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/controller-runtime has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @filipcirtog. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[alvaroaleman]

/ok-to-test

[alvaroaleman]

This means that we will create a new client for every SSA requests. Can we avoid that?

[filipcirtog]

I've noticed the same thing and am currently looking into it.

[filipcirtog]

@alvaroaleman we could also add this to the Apply req. SetHeader("Accept", "application/json").WDYT?

[alvaroaleman]

That will override any user-configured preference and is something that needs maintenace. Upstream is for example working on cbor which is more efficient than json. Can we instead just key the cached clients by both known and forceDisableProtobuf?

[filipcirtog]

Yes, I agree that this is the best solution. While forceDisableProtoBuf is always true for unstructuredResource, I also made the changes for consistency. Please let me know if you have any additional feedback or suggestions to improve this further.

[alvaroaleman]

From what I can tell the only reason for having these two was that unstructured had the same problem of never being able to use proto - Would you mind to de-duplicate them into a single resourceByType?

[filipcirtog]

That's right. I have addressed this. Thank you!

[alvaroaleman]

This isn't needed and can be removed

Suggested change

	TypeMeta: metav1.TypeMeta{
	Kind: "Secret",
	APIVersion: "v1",
	},

[alvaroaleman]

Nit

Suggested change

	cm, err = clientset.CoreV1().Secrets(ptr.Deref(secretApplyConfiguration.GetNamespace(), "")).Get(ctx, ptr.Deref(secretApplyConfiguration.GetName(), ""), metav1.GetOptions{})
	secret, err = clientset.CoreV1().Secrets(ptr.Deref(secretApplyConfiguration.GetNamespace(), "")).Get(ctx, ptr.Deref(secretApplyConfiguration.GetName(), ""), metav1.GetOptions{})

[alvaroaleman]

/cherrypick release-0.22

[k8s-infra-cherrypick-robot]

@alvaroaleman: once the present PR merges, I will cherry-pick it on top of release-0.22 in a new PR and assign it to you.

In response to this:

/cherrypick release-0.22

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[alvaroaleman]

Thanks!

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: 7701c3b0875d44c496bc71f0b70dbd1d4837e36d

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alvaroaleman, filipcirtog

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [alvaroaleman]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-infra-cherrypick-robot]

@alvaroaleman: new pull request created: #3348

In response to this:

/cherrypick release-0.22

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[sbueringer]

/lgtm

This change introduces the possibility of creating multiple clients, which might allow simultaneous requests from different entities. This could lead to concurrency considerations.

How much of a problem do we think this is? (I don't really see the problem)

[filipcirtog]

@sbueringer It was this comment that triggered me to have that conclusion.
// It's better to do creation work twice than to not let multiple people make requests at once

However, thanks to Alvaro's feedback, I've updated the implementation to include a cache key that combines both the actual GVK (GroupVersionKind) and the forceDisableProtoBuf flag. This ensures that we now support up to two distinct clients for each GVK: one with forceDisableProtoBuf enabled and another without it. This approach is an improvement over my initial PR, which created a new client for forceDisableProtoBuf each time.

[sbueringer]

Got it, thx for the quick response. Let's please update the PR description

[filipcirtog]

Done. Thank you. Please let me know if there is anything more to change.

[sbueringer]

All good, thank you!