New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add file assets to node user data scripts, fingerprint fileAssets and hooks content. #3323
Add file assets to node user data scripts, fingerprint fileAssets and hooks content. #3323
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just left a few comments ...
pkg/model/bootstrapscript.go
Outdated
spec["hooks"] = hooks | ||
if hooksFingerprint, err := b.fingerprintSpecList(hooks); err != nil { | ||
return "", err | ||
} else { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think the else is redundant here given the return;
hooksFingerprint, err := b.fingerprintSpecList(hooks)
if err != nil {
return "", err
}
spec["hooksFingerprint"] = hooksFingerprint
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cleaned up
pkg/model/bootstrapscript.go
Outdated
|
||
fileAssets := b.getRelevantFileAssets(cs.FileAssets, ig.Spec.Role) | ||
if len(fileAssets) > 0 { | ||
if fileAssetsFingerprint, err := b.fingerprintSpecList(fileAssets); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the same
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Cleaned up
pkg/model/bootstrapscript.go
Outdated
@@ -124,7 +139,19 @@ func (b *BootstrapScript) ResourceNodeUp(ig *kops.InstanceGroup, cs *kops.Cluste | |||
spec["taints"] = ig.Spec.Taints | |||
hooks := b.getRelevantHooks(ig.Spec.Hooks, ig.Spec.Role) | |||
if len(hooks) > 0 { | |||
spec["hooks"] = hooks | |||
if hooksFingerprint, err := b.fingerprintSpecList(hooks); err != nil { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
hmmm ... thinking out loud, perhaps it's overkill; I know we lose the diff (i.e. content) but it might be useful to keep some context, rather then a large hash on the full spec, maybe a hash per item. At least then you have some clue as to what changed. @KashifSaadat @justinsb
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like that idea, will give it a go!
pkg/model/bootstrapscript.go
Outdated
spec["hooksFingerprint"] = hooksFingerprint | ||
} | ||
} | ||
fileAssets := b.getRelevantFileAssets(ig.Spec.FileAssets, ig.Spec.Role) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same thoughts as above ... though happy to go with the majority :-)
hooks and fileAssets specs.
4693731
to
e4919d0
Compare
Following @gambol99's suggestions I've done the following:
I've dropped the roles (set to nil) to avoid potentially causing an instance group to have a rolling upgrade when it's not necessary. E.g. You could have a File Asset deploying to Masters & Nodes, then drop Masters from the Roles list. This would then trigger a UserData update for Nodes, causing them to require a rebuild with no functional changes. |
@gambol99 lgtm?? |
/lgtm |
func (b *BootstrapScript) getRelevantHooks(hooks []kops.HookSpec, role kops.InstanceGroupRole) []kops.HookSpec { | ||
// getRelevantHooks returns a list of hooks to be applied to the instance group, | ||
// with the Manifest and ExecContainer Commands fingerprinted to reduce size | ||
func (b *BootstrapScript) getRelevantHooks(allHooks []kops.HookSpec, role kops.InstanceGroupRole) ([]kops.HookSpec, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure if we can reuse this selector logic in nodeup (probably by moving it to a new package). I think we have the same logic duplicated?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you know where it's duplicated, or where's best to move it to? We could extract from here (taking out the fingerprinting logic so it doesn't make the spec content invalid).
if err != nil { | ||
return nil, err | ||
} | ||
fileAsset.Content = contentFingerprint + " (fingerprint)" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Long term I feel like it would be safer to use a hash in a new field (ContentHash
), but this is the right way to start!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sure that would be better. Would you suggest updating the spec to include ContentHash (which may get confusing, as we won't expect users to be specifying this in their spec), or just add it as a new field here (might be a bit complicated as it's not a valid field on the struct)?
return "", fmt.Errorf("error computing fingerprint hash: %v", err) | ||
} | ||
|
||
return base64.StdEncoding.EncodeToString(hasher.Sum(nil)), nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I like this fingerprint function - it is unique enough that we could use it to retrieve the Content using only the ContentHash (within the "safe space" of a cluster!)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think you wrote this one in an earlier PR, came in quite handy :D
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: justinsb The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
/test all [submit-queue is verifying that this PR is safe to merge] |
/test pull-kops-e2e-kubernetes-aws |
/test all [submit-queue is verifying that this PR is safe to merge] |
Automatic merge from submit-queue |
Changes made: