Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

kubectl: Verify dry run support #69449

Merged
merged 3 commits into from
Oct 11, 2018
Merged

kubectl: Verify dry run support #69449

merged 3 commits into from
Oct 11, 2018

Conversation

apelisse
Copy link
Member

@apelisse apelisse commented Oct 5, 2018
edited

We want to verify if the resource supports dry-run before we send dry-run queries to it, because old servers are just ignoring the query-param and will persist the objects. Not good.

Even though the heuristic isn't perfect yet, I think it's obviously better than what we have today.

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

Release note:

NONE

@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-kind Indicates a PR lacks a `kind/foo` label and requires one. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Oct 5, 2018
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: apelisse

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubectl sig/cli Categorizes an issue or PR as relevant to SIG CLI. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Oct 5, 2018
@apelisse apelisse force-pushed the verify-dry-run-support branch 2 times, most recently from 749bc05 to 782bda2 Compare October 5, 2018 18:37
@apelisse apelisse changed the title [WIP] kubectl: Verify dry run support kubectl: Verify dry run support Oct 5, 2018
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Oct 5, 2018
@apelisse apelisse mentioned this pull request Oct 5, 2018
Closed
14 tasks
@apelisse
Copy link
Member Author

apelisse commented Oct 5, 2018

/kind bug

@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. and removed needs-kind Indicates a PR lacks a `kind/foo` label and requires one. labels Oct 5, 2018
seans3
seans3 approved these changes Oct 5, 2018
View reviewed changes
pkg/kubectl/cmd/apply.go Outdated
@@ -684,6 +693,22 @@ type patcher struct {
}

func (p *patcher) patchSimple(obj runtime.Object, modified []byte, source, namespace, name string, errOut io.Writer) ([]byte, runtime.Object, error) {
if p.serverDryRun {
doc, err := p.discoveryClient.OpenAPISchema()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

patchSimple is already a large function. Should we break this check into it's own patcher method? Additionally, can we add significant comments to describe why this is necessary (what bug this fixes).

liggitt
liggitt reviewed Oct 5, 2018
View reviewed changes
pkg/kubectl/cmd/util/openapi/dryrun.go

func checkExtension(extensions []*openapi_v2.NamedAny, gvk schema.GroupVersionKind) bool {
for _, extension := range extensions {
if extension.GetValue().GetYaml() == "" ||
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not familiar with this method of getting data out of the openapi doc... it's yaml-encoded?

cc @mbohlool for review

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since vendor extensions can be any type of yaml data in the openapi spec, this framework is just keeping it as bytes that can be decoded into whatever needed.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Antonie used gnostic openapi structs more than me, if this works, I am fine with it. If I want to be on the safe side, I will only check the name and if the value is empty, log error or fail or something because that is not usual.

@apelisse apelisse force-pushed the verify-dry-run-support branch 3 times, most recently from 1895724 to 277bfa4 Compare October 5, 2018 21:36
mbohlool
mbohlool reviewed Oct 5, 2018
View reviewed changes
pkg/kubectl/cmd/apply.go Outdated
// supports dryRun. Sending dryRun requests to apiserver that don't
// support it will result in objects being unwillingly persisted.
//
// If the GVK can not be found (it can be a CRD or a resource coming
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I won't do this assumption specially for aggregated server. I would say it safer to say it does not support dry-run than assuming it does.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed. I guess my argument is that this piece of code is safer than what we have today (nothing is checked at all).

mbohlool
mbohlool reviewed Oct 5, 2018
View reviewed changes
pkg/kubectl/cmd/util/openapi/dryrun.go Outdated
"k8s.io/apimachinery/pkg/runtime/schema"
)

func checkExtension(extensions []*openapi_v2.NamedAny, gvk schema.GroupVersionKind) bool {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I would use a better name here.e.g., hasGVKExtension?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good suggestion, thank you!

@k8s-ci-robot k8s-ci-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label Oct 6, 2018
@k8s-ci-robot k8s-ci-robot added size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. and removed size/L Denotes a PR that changes 100-499 lines, ignoring generated files. needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. labels Oct 8, 2018
@apelisse
Copy link
Member Author

apelisse commented Oct 9, 2018

I've been caught by the gofmt change! :-) Fixed all the things.

@seans3
Copy link
Contributor

seans3 commented Oct 9, 2018

/retest
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 9, 2018
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

7 similar comments
@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

@fejta-bot
Copy link

/retest
This bot automatically retries jobs that failed/flaked on approved PRs (send feedback to fejta).

Review the full test history for this PR.

Silence the bot with an /lgtm cancel comment for consistent failures.

@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 10, 2018
Antoine Pelisse added 3 commits October 10, 2018 08:55
Create a method to check dryRun is supported
ae73528 
We don't want to run dryRun requests against servers that don't support
dry-run, since they might ignore the flag and just persist the unwanted
changes.

This creates a new method that checks in the OpenAPI if the dryRun
parameter can be used.
dry-run: Create class to find if a type is a CRD
a0460a5 
Finding out if a Group-version-kind is a CRD is useful, since we want to
detect dry-run ability differently for CRDs.
dry-run: Verify if the object supports dry-run
f2e2a93 
For each object, first we verify if they have a dryRun parameter in the
openapi for the patch verb. If we can't find the object, we assume that
CRD will behave like "namespace". So we check if namespace supports
dryRun. If it does, then we verify that the resource is a CRD.
@seans3
Copy link
Contributor

seans3 commented Oct 11, 2018

/retest
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Oct 11, 2018
@k8s-ci-robot k8s-ci-robot merged commit b1ea6dc into kubernetes:master Oct 11, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liggitt liggitt liggitt left review comments

@mbohlool mbohlool mbohlool left review comments

@seans3 seans3 seans3 approved these changes

@adohe-zz adohe-zz Awaiting requested review from adohe-zz

@ghodss ghodss Awaiting requested review from ghodss

Assignees

@seans3 seans3

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/kubectl cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note-none Denotes a PR that doesn't merit a release note. sig/cli Categorizes an issue or PR as relevant to SIG CLI. size/XL Denotes a PR that changes 500-999 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@apelisse @k8s-ci-robot @seans3 @fejta-bot @liggitt @mbohlool