-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OCPBUGS-5036: Restart pods if related configuration was changed #227
OCPBUGS-5036: Restart pods if related configuration was changed #227
Conversation
@lobziik: This pull request references Jira Issue OCPBUGS-5036, which is valid. The bug has been moved to the POST state. 3 validation(s) were run on this bug
Requesting review from QA contact: The bug has been updated to refer to the pull request using the external bug tracker. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/test unit |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
code mostly makes sense to me, the hashing stuff can be brittle sometimes but the code and tests seem good.
i did have a question about log levels and a suggestion for the events.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
updates look nice to me, thanks!
/lgtm
/cc @eurijon Re-requesting review breaks review requests for some reason... :/ |
FYI |
/test e2e-vsphere-ovn |
- name: secret-vccm | ||
secret: | ||
secretName: {{ .globalCredsSecretName }} | ||
optional: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What is vccm?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
vsphere cloud controller manager
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What's the motivation behind adding this new secret, I don't see quite how that's related to the goal of this PR? Is it that the vSphere CCM normally looks up the creds but we need a signal to the logic that this secret is being used?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ccm reads this secret, and need to reroll deployment if credentials changed. This is a sorta crutch to achieve this.
To ensure that operands are using most recent configurations, such as cloud configs or credentials, check for related config content was added. This patch introduces hash calculation for secrets and configmaps content if they are detected in deployment/daemonset pod template spec.
…anager` namespace
Add volume to indicate that ccm deployment is depending on the creds secret
Seems recent tooling updates made these tests a little slower, increase timeouts to 0.025s to reduce CI flakes.
Replace all event reasons with constants instead of using free-form strings to comply k8s conventions Ref: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#events
/retest |
@lobziik: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
changes look good to me, i am also slightly confused by the vsphere secret update. i see that vsphere needs it, just seems a little confusing as part of this pr.
/lgtm
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/approve
|
||
hashSourceBytes, err := json.Marshal(hashSource) | ||
if err != nil { | ||
return "", fmt.Errorf("unable to marshal dependant config content into JSON: %v", err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit, should be %w
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JoelSpeed The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
@lobziik: All pull requests linked via external trackers have merged: Jira Issue OCPBUGS-5036 has been moved to the MODIFIED state. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Is this going to be backported? |
/cherry-pick release-4.12 |
@lobziik: #227 failed to apply on top of branch "release-4.12":
In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
To ensure that operands are using the most recent configurations,
such as cloud configs or credentials, this PR introduces checks for related config content.
This PR hash calculation for secrets and configmaps content if they are detected in deployment/daemonset pod template spec.
For deployments and daemonsets additional routine was added within the resourceApply procedure. For each reconciliation, it will calculate a hash for configmaps and secrets content which was referenced within PodTemplateSpec.