KEP-20 part 2: trigger plans manually #1352
Conversation
zen-dog
force-pushed
the
ad/kep-20
branch
2 times, most recently
from
bff7f29
to
a441ee6
Compare
Summary: - current `ValidationWebhookConfiguration` is replaced by `MutatingWebhookConfiguration` to allow instance admission webhook to set the `Spec.PlanExecution.PlanName` - `Spec.PlanExecution.PlanName` is now not required anymore Note: - Instance CRD got updated - breaking change: ValidationWebhookConfiguration from previous KUDO version (in case webhooks were used) has to be removed manually Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
so that when the same plan is re-triggered a new UID is generated and the controller can restart the plan. Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
…instance additionally, instance controller now properly handles the cases where the webhooks are enabled and where they are disabled. Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
| @@ -116,6 +128,85 @@ func (i *Instance) PlanStatus(plan string) *PlanStatus { | |||
| return nil | |||
| } | |||
|
|
|||
| // annotateSnapshot stores the current spec of Instance into the snapshot annotation | |||
There was a problem hiding this comment.
Moved here from the instance_controller as they're needed in the webhook too.
new command `kudoctl plan trigger --name=<planNam> --instance=<instanceName>` is now available Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
zen-dog
added
release-highlight
release/breaking-change
| // 2. Cleanup plan exists in the operator version and has *never run* before | ||
| // 3. Cleanup hasn't been scheduled yet (first time the deletion is being reconciled) | ||
| // we set the Spec.PlanExecution.PlanName = 'cleanup' | ||
| hasToScheduleCleanupAfterDeletion := func() bool { |
There was a problem hiding this comment.
Is there a specific reason that these are inline funcs? I'd rather have them outside as actual funcs or just plain code in this method.
There was a problem hiding this comment.
Since they're only used once inside this method, they would otherwise "pollute" the controller namespace. I prefer to inline them to give a "speaking name" to otherwise complicated check.
There was a problem hiding this comment.
Yeah, I get the "pollution" argument, although I blame go for it ;)
Still, I wouldn't mind having just the simple booleans inside this func instead of full functions that are only called once, but it's not a blocker for me. Just looks weird.
ANeumann82
added
release/highlight
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
| // 2. Cleanup plan exists in the operator version and has *never run* before | ||
| // 3. Cleanup hasn't been scheduled yet (first time the deletion is being reconciled) | ||
| // we set the Spec.PlanExecution.PlanName = 'cleanup' | ||
| hasToScheduleCleanupAfterDeletion := func() bool { |
There was a problem hiding this comment.
Yeah, I get the "pollution" argument, although I blame go for it ;)
Still, I wouldn't mind having just the simple booleans inside this func instead of full functions that are only called once, but it's not a blocker for me. Just looks weird.
|
I'd like to see at least one more review on this though. It's a big PR ;) |
absolutely! 💯 |
Proper namespace handling for CREATEd instances, robust detection of instances deletion life-cycle and logging improvements Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
There was a problem hiding this comment.
👏 nice work, the logic is very complex but you did a great job documenting it!
My only bigger concern is - you cannot trigger plan when running kudo without webhooks. I was always thinkig about the whole thing in this way:
- kudo without webhooks is only suitable for newcomers who want to quickly start something locally and run some very basic operator like cowsay and see what kudo is doing and play around with its features OR for developers of operators who run local and know what they are doing since no webhooks are not giving you consistency guarantees
- with webhooks for ALL OTHER CASES
I think it will be misleading that you can trigger plans only for kudo running in cluster and with webhooks.
The bottom line is: KUDO API is edge-based which suits a lot of real-world practical scenarios really good. However, the only way KUDO operations stay consistent (and e.g. avoid data loss) is by guarding them with the webhook. While it was possible to run into inconsistent behavior without manually triggering plans, the later definitely exaggerates it. I'm strongly against allowing it without webhooks. |
Then please at least make it obvious that it's not allowed from CLI, not just silently ignore it. Also document it with the reasoning 🙏 thanks |
Signed-off-by: Aleksey Dukhovniy <alex.dukhovniy@googlemail.com>
zen-dog
dismissed
porridge’s stale review
I addressed all smaller issues and the bigger one (e2e test) will be a followup PR
Summary: - current `ValidationWebhookConfiguration` is replaced by `MutatingWebhookConfiguration`. Instance admission webhook is now setting the `Spec.PlanExecution.PlanName` on updates/creates - `kudo-manager-instance-validation-webhook-config` webhook (when active) is enforcing all rules around triggering plans directly (manually) and indirectly (through Instance updates), making sure that no conflicting plans are running - new CLI command `$ kubectl kudo plan trigger --name deploy --instance dummy-instance` is available to trigger a plan manually - manually triggering plans is only possible when webhooks are enabled (`kudo init --webhook=InstanceValidation ...`) **Notes**: - **change**: Instance CRD got updated - **heavy change**: `ValidationWebhookConfiguration` from previous KUDO version (in case webhooks were used) has to be removed manually <!-- Thanks for sending a pull request! Here are some tips for you: 1. If this is your first time, please read our contributor guidelines: https://github.com/kudobuilder/kudo/blob/master/CONTRIBUTING.md 2. Make sure you have added and ran the tests before submitting your PR 3. If the PR is unfinished, start it as a Draft PR: https://github.blog/2019-02-14-introducing-draft-pull-requests/ --> **What this PR does / why we need it**: <!-- *Automatically closes linked issue when PR is merged. Usage: `Fixes #<issue number>`, or `Fixes (paste link of issue)`. --> Fixes #649 #741 Signed-off-by: Thomas Runyon <runyontr@gmail.com>
Summary:
ValidationWebhookConfigurationis replaced byMutatingWebhookConfiguration. Instance admission webhook is now setting theSpec.PlanExecution.PlanNameon updates/createskudo-manager-instance-validation-webhook-configwebhook (when active) is enforcing all rules around triggering plans directly (manually) and indirectly (through Instance updates), making sure that no conflicting plans are running$ kubectl kudo plan trigger --name deploy --instance dummy-instanceis available to trigger a plan manuallykudo init --webhook=InstanceValidation ...)Note:
ValidationWebhookConfigurationfrom previous KUDO version (in case webhooks were used) has to be removed manuallyWhat this PR does / why we need it:
Fixes #649 #741