Add file assets to node user data scripts, fingerprint fileAssets and hooks content. #3323
Conversation
k8s-ci-robot
added
cncf-cla: yes
pkg/model/bootstrapscript.go
Outdated
| spec["hooks"] = hooks | ||
| if hooksFingerprint, err := b.fingerprintSpecList(hooks); err != nil { | ||
| return "", err | ||
| } else { |
There was a problem hiding this comment.
i think the else is redundant here given the return;
hooksFingerprint, err := b.fingerprintSpecList(hooks)
if err != nil {
return "", err
}
spec["hooksFingerprint"] = hooksFingerprint
pkg/model/bootstrapscript.go
Outdated
|
|
||
| fileAssets := b.getRelevantFileAssets(cs.FileAssets, ig.Spec.Role) | ||
| if len(fileAssets) > 0 { | ||
| if fileAssetsFingerprint, err := b.fingerprintSpecList(fileAssets); err != nil { |
pkg/model/bootstrapscript.go
Outdated
| @@ -124,7 +139,19 @@ func (b *BootstrapScript) ResourceNodeUp(ig *kops.InstanceGroup, cs *kops.Cluste | |||
| spec["taints"] = ig.Spec.Taints | |||
| hooks := b.getRelevantHooks(ig.Spec.Hooks, ig.Spec.Role) | |||
| if len(hooks) > 0 { | |||
| spec["hooks"] = hooks | |||
| if hooksFingerprint, err := b.fingerprintSpecList(hooks); err != nil { | |||
There was a problem hiding this comment.
hmmm ... thinking out loud, perhaps it's overkill; I know we lose the diff (i.e. content) but it might be useful to keep some context, rather then a large hash on the full spec, maybe a hash per item. At least then you have some clue as to what changed. @KashifSaadat @justinsb
There was a problem hiding this comment.
I like that idea, will give it a go!
pkg/model/bootstrapscript.go
Outdated
| spec["hooksFingerprint"] = hooksFingerprint | ||
| } | ||
| } | ||
| fileAssets := b.getRelevantFileAssets(ig.Spec.FileAssets, ig.Spec.Role) |
There was a problem hiding this comment.
same thoughts as above ... though happy to go with the majority :-)
hooks and fileAssets specs.
KashifSaadat
force-pushed
the
bootstrap-include-file-assets
branch
from
4693731
to
e4919d0
Compare
|
Following @gambol99's suggestions I've done the following:
I've dropped the roles (set to nil) to avoid potentially causing an instance group to have a rolling upgrade when it's not necessary. E.g. You could have a File Asset deploying to Masters & Nodes, then drop Masters from the Roles list. This would then trigger a UserData update for Nodes, causing them to require a rebuild with no functional changes. |
|
@gambol99 lgtm?? |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
| func (b *BootstrapScript) getRelevantHooks(hooks []kops.HookSpec, role kops.InstanceGroupRole) []kops.HookSpec { | ||
| // getRelevantHooks returns a list of hooks to be applied to the instance group, | ||
| // with the Manifest and ExecContainer Commands fingerprinted to reduce size | ||
| func (b *BootstrapScript) getRelevantHooks(allHooks []kops.HookSpec, role kops.InstanceGroupRole) ([]kops.HookSpec, error) { |
There was a problem hiding this comment.
Not sure if we can reuse this selector logic in nodeup (probably by moving it to a new package). I think we have the same logic duplicated?
There was a problem hiding this comment.
Do you know where it's duplicated, or where's best to move it to? We could extract from here (taking out the fingerprinting logic so it doesn't make the spec content invalid).
| if err != nil { | ||
| return nil, err | ||
| } | ||
| fileAsset.Content = contentFingerprint + " (fingerprint)" |
There was a problem hiding this comment.
Long term I feel like it would be safer to use a hash in a new field (ContentHash), but this is the right way to start!
There was a problem hiding this comment.
Sure that would be better. Would you suggest updating the spec to include ContentHash (which may get confusing, as we won't expect users to be specifying this in their spec), or just add it as a new field here (might be a bit complicated as it's not a valid field on the struct)?
| return "", fmt.Errorf("error computing fingerprint hash: %v", err) | ||
| } | ||
|
|
||
| return base64.StdEncoding.EncodeToString(hasher.Sum(nil)), nil |
There was a problem hiding this comment.
I like this fingerprint function - it is unique enough that we could use it to retrieve the Content using only the ContentHash (within the "safe space" of a cluster!)
There was a problem hiding this comment.
I think you wrote this one in an earlier PR, came in quite handy :D
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: justinsb The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
/test pull-kops-e2e-kubernetes-aws |
|
/test all [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue |
Changes made: