OCPBUGS-5036: Restart pods if related configuration was changed

[lobziik]

To ensure that operands are using the most recent configurations,
such as cloud configs or credentials, this PR introduces checks for related config content.

This PR hash calculation for secrets and configmaps content if they are detected in deployment/daemonset pod template spec.

For deployments and daemonsets additional routine was added within the resourceApply procedure. For each reconciliation, it will calculate a hash for configmaps and secrets content which was referenced within PodTemplateSpec.

[openshift-ci-robot]

@lobziik: This pull request references Jira Issue OCPBUGS-5036, which is valid. The bug has been moved to the POST state.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target version (4.13.0) matches configured target version for branch (4.13.0)
• bug is in the state ASSIGNED, which is one of the valid states (NEW, ASSIGNED, POST)

Requesting review from QA contact:
/cc @eurijon

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

To ensure that operands are using the most recent configurations,
such as cloud configs or credentials, this PR introduces checks for related config content.

This PR hash calculation for secrets and configmaps content if they are detected in deployment/daemonset pod template spec.

For deployments and daemonsets additional routine was added within the resourceApply procedure. For each reconciliation, it will calculate a hash for configmaps and secrets content which was referenced within PodTemplateSpec.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[lobziik]

/test unit

[elmiko]

code mostly makes sense to me, the hashing stuff can be brittle sometimes but the code and tests seem good.

i did have a question about log levels and a suggestion for the events.

[elmiko]

updates look nice to me, thanks!
/lgtm

[lobziik]

/cc @eurijon
/cc @JoelSpeed

Re-requesting review breaks review requests for some reason... :/

[pierreprinetti]

FYI e2e-openstack-ovn is only failing for a known unrelated reason.

[lobziik]

/test e2e-vsphere-ovn

[JoelSpeed]

What is vccm?

[lobziik]

vsphere cloud controller manager

[JoelSpeed]

What's the motivation behind adding this new secret, I don't see quite how that's related to the goal of this PR? Is it that the vSphere CCM normally looks up the creds but we need a signal to the logic that this secret is being used?

[lobziik]

https://github.com/openshift/cluster-cloud-controller-manager-operator/blob/master/pkg/cloud/vsphere/assets/cloud-controller-manager-deployment.yaml#L63

ccm reads this secret, and need to reroll deployment if credentials changed. This is a sorta crutch to achieve this.

[lobziik]

/retest

[openshift-ci]

@lobziik: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/prow/e2e-aws-ccm-ovn-install	bc681b8	link	false	/test e2e-aws-ccm-ovn-install
ci/prow/e2e-azure-ovn-ccm-install	bc681b8	link	false	/test e2e-azure-ovn-ccm-install
ci/prow/e2e-vsphere-ovn	bc681b8	link	false	/test e2e-vsphere-ovn
ci/prow/e2e-gcp-ovn-ccm	bc681b8	link	false	/test e2e-gcp-ovn-ccm
ci/prow/e2e-gcp-ovn-ccm-install	bc681b8	link	false	/test e2e-gcp-ovn-ccm-install
ci/prow/e2e-azure-ovn-ccm	bc681b8	link	false	/test e2e-azure-ovn-ccm
ci/prow/e2e-openstack-ovn	bc681b8	link	false	/test e2e-openstack-ovn

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[elmiko]

changes look good to me, i am also slightly confused by the vsphere secret update. i see that vsphere needs it, just seems a little confusing as part of this pr.

/lgtm

[JoelSpeed]

/approve

[JoelSpeed]

Nit, should be %w

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JoelSpeed

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [JoelSpeed]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci-robot]

/retest-required

Remaining retests: 0 against base HEAD 6273311 and 2 for PR HEAD bc681b8 in total

[openshift-ci-robot]

@lobziik: All pull requests linked via external trackers have merged:

• openshift/cluster-cloud-controller-manager-operator#227

Jira Issue OCPBUGS-5036 has been moved to the MODIFIED state.

In response to this:

To ensure that operands are using the most recent configurations,
such as cloud configs or credentials, this PR introduces checks for related config content.

This PR hash calculation for secrets and configmaps content if they are detected in deployment/daemonset pod template spec.

For deployments and daemonsets additional routine was added within the resourceApply procedure. For each reconciliation, it will calculate a hash for configmaps and secrets content which was referenced within PodTemplateSpec.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[pierreprinetti]

Is this going to be backported?

[lobziik]

/cherry-pick release-4.12

[openshift-cherrypick-robot]

@lobziik: #227 failed to apply on top of branch "release-4.12":

Applying: Fix misleading comment
Applying: Augment Deployments and Daemonsets with related configs hashes
Applying: Add watch for secrets and configmaps in `openshift-cloud-controller-manager` namespace
Applying: Add volume with the secret to the vsphere ccm
Applying: Get rid of deprecated sets, use generics instead
Applying: Increase resource rendering threshold to 25ms
Using index info to reconstruct a base tree...
M	pkg/cloud/cloud_test.go
Falling back to patching base and 3-way merge...
Auto-merging pkg/cloud/cloud_test.go
CONFLICT (content): Merge conflict in pkg/cloud/cloud_test.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0006 Increase resource rendering threshold to 25ms
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-4.12

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.