Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add option to treat configmaps as mutable #1926

Merged
merged 11 commits into from
Mar 14, 2022
Merged

Add option to treat configmaps as mutable #1926

merged 11 commits into from
Mar 14, 2022

Conversation

viveklak
Copy link
Contributor

@viveklak viveklak commented Mar 10, 2022
edited
Loading

Proposed changes

This is a workaround for configmap in particular while #1775 awaits some additional support from the schema (pulumi/pulumi#9158)

Enabling the enableConfigMapMutable flag will treat configmaps as mutable - i.e. convert what would previously be a replacement to an update when mutated. If the provider flag is enabled, the previous behavior can be opted-in on a resource by resource basis by specifying the replaceOnChanges: [*] option. If the flag is not enabled (default), existing replacement behavior would be retained.

Related issues (optional)

Fixes #1847

@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

@viveklak viveklak marked this pull request as draft March 10, 2022 20:29
@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

1 similar comment
@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

@lblackstone
Copy link
Member

The implementation looks fine, but I'm concerned about two things with this change:

  1. I'm leery about changing the default replace behavior. The intent with the replaceOnChanges approach was to keep the current behavior for now, but allow overrides. This seems like more of a major release change since it might break workloads that were expecting the current behavior.
  2. The immutable flag wasn't introduced until k8s 1.18 (stable in 1.21), so users of older cluster versions wouldn't have any way to opt out of the changed behavior.

I'd be ok gating the behavior change behind an opt-in provider flag, but wonder if we'd want to explicitly tie it to the immutable flag. Alternatively, we could use a provider flag to change the default from replace to update, and support replacements explicitly with the replaceOnChanges resource option.

@viveklak
Copy link
Contributor Author

The implementation looks fine, but I'm concerned about two things with this change:

  1. I'm leery about changing the default replace behavior. The intent with the replaceOnChanges approach was to keep the current behavior for now, but allow overrides. This seems like more of a major release change since it might break workloads that were expecting the current behavior.

Yes, I had the same impression. Perhaps I am missing something obvious here though. Based on my reading of pulumi/pulumi#7226 there is no way currently to undo the replacement (marking replaceOnChanges undefined etc.) as you suggested in pulumi/pulumi#9158 (comment). So sounds like regardless, we would have to flip the default interpretation of configMaps from being immutable to mutable to address this problem. replaceOnChanges can be used to support the old behavior though (i.e. add replaceOnChanges: [".data"] instead of using the immutable field). Nonetheless this is still a break right? The only way to avoid that I can see is to fix the engine's step_generator handling of replaceOnChanges to also handle the "unsetting" case (e.g. treating undefined replaceOnChanges to mean no replacement to perform). This might be still complicated since the interpretation will vary based on what version of the CLI is running.

I'd be ok gating the behavior change behind an opt-in provider flag, but wonder if we'd want to explicitly tie it to the immutable flag. Alternatively, we could use a provider flag to change the default from replace to update, and support replacements explicitly with the replaceOnChanges resource option.

I am fine with the latter approach which I alluded to above as well (use replaceOnChanges to trigger replacement instead of immutable field).

@lblackstone
Copy link
Member

lblackstone commented Mar 11, 2022
edited
Loading

there is no way currently to undo the replacement

It looks like the mergeOpts function should support overriding something specified in the SDK. i.e., if the SDK has replaceOnChanges: [".data"] set by default, it could be overridden by the user setting replaceOnChanges: [], but perhaps I'm mistaken about that.

This might be still complicated since the interpretation will vary based on what version of the CLI is running.

Good point; I hadn't considered that. My first thought is that we could check the engine version at runtime, but I'm not sure if the provider has access to that information. That would be good to find out if that's a possibility.

I am fine with the latter approach which I alluded to above as well (use replaceOnChanges to trigger replacement instead of immutable field).

Let's try the provider flag approach and see how that looks. We could flip the default replacement behavior for both ConfigMap and Secret, and indicate how to use replaceOnChanges to opt into the previous behavior on a per-resource basis.

@viveklak
Copy link
Contributor Author

Let's try the provider flag approach and see how that looks. We could flip the default replacement behavior for both ConfigMap and Secret, and indicate how to use replaceOnChanges to opt into the previous behavior on a per-resource basis.

Yeah that sounds good! Will move forward with that approach.

@viveklak viveklak marked this pull request as ready for review March 11, 2022 22:17
@viveklak
Copy link
Contributor Author

@lblackstone this is now ready for a review.

@viveklak viveklak changed the title Make configmaps mutable unless marked explicitly Add option to treat configmaps as mutable Mar 11, 2022
@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

lblackstone
lblackstone requested changes Mar 14, 2022
View reviewed changes
Copy link
Member

@lblackstone lblackstone left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Implementation looks good. I don't see any SDK changes, so you'll need to make sure that you regenerate those as well with the schema changes.

CHANGELOG.md Outdated Show resolved Hide resolved
CHANGELOG.md Outdated Show resolved Hide resolved
CHANGELOG.md Outdated Show resolved Hide resolved
provider/pkg/gen/schema.go Outdated Show resolved Hide resolved
provider/pkg/gen/schema.go Outdated Show resolved Hide resolved
viveklak and others added 4 commits March 14, 2022 10:12
@viveklak @lblackstone
Update provider/pkg/gen/schema.go
0b6315f 
Co-authored-by: Levi Blackstone <levi@pulumi.com>
@viveklak @lblackstone
Update provider/pkg/gen/schema.go
a000f8b 
Co-authored-by: Levi Blackstone <levi@pulumi.com>
@viveklak @lblackstone
Update CHANGELOG.md
9d62c60 
Co-authored-by: Levi Blackstone <levi@pulumi.com>
@viveklak @lblackstone
Update CHANGELOG.md
ec6b9b6 
Co-authored-by: Levi Blackstone <levi@pulumi.com>
@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

3 similar comments
@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

@github-actions
Copy link

Does the PR have any schema changes?

Looking good! No breaking changes found.
No new resources/functions.

@viveklak viveklak merged commit 056b832 into master Mar 14, 2022
@pulumi-bot pulumi-bot deleted the vl/1847 branch March 14, 2022 18:09
@viveklak viveklak mentioned this pull request Mar 14, 2022
Merged
@viveklak viveklak mentioned this pull request Jun 6, 2022
Open
@DrorBuhnik
Copy link

Hi,
Can we also have enableSecretMutable flag to so the same thing for secrets?

I applied the flag for cm and it works as expected, but there is no comparable workaround for secrets

Thank you!

@lblackstone lblackstone mentioned this pull request Jan 18, 2023
Closed
@lblackstone
Copy link
Member

I opened #2291 to track the option for Secrets.

@MaienM MaienM mentioned this pull request Aug 14, 2024
Merged
blampe added a commit that referenced this pull request Aug 21, 2024
@MaienM @blampe
Add option to treat secrets as mutable (#3164)
2ec7a1a 
This introduces the flag `enableSecretMutable` which does for `Secret`s
what the existing `enableConfigMapMutable` flag does for `ConfigMap`s.
See #1926 for the motivation for this flag. Changes to the `type` field
will still trigger a replacement as this field is immutable.

Fixes #2291.
Fixes #3181.

---------

Co-authored-by: Bryce Lampe <bryce@pulumi.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lblackstone lblackstone lblackstone approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

AWS nodes become permanently unreachable after updating aws-auth ConfigMap
3 participants
@viveklak @lblackstone @DrorBuhnik