Add Patch resources to all SDKs #2043

lblackstone · 2022-06-23T19:15:25Z

Proposed changes

Add Patch resources for all Kubernetes resource types that can be used to patch existing cluster resources rather than creating a new resource under Pulumi management. See #2011 for additional details on the background and design of this feature.

Related issues (optional)

Fix #2015

Add Patch resources for all Kubernetes resource types that can be used to patch existing cluster resources rather than creating a new resource under Pulumi management. See #2011 for additional details on the background and design of this feature.

Tests

provider/pkg/await/await.go

github-actions · 2022-07-12T20:58:02Z

Does the PR have any schema changes?

Looking good! No breaking changes found.

New resources:

kubernetes:admissionregistration.k8s.io/v1:MutatingWebhookConfigurationPatch
kubernetes:admissionregistration.k8s.io/v1:ValidatingWebhookConfigurationPatch
kubernetes:admissionregistration.k8s.io/v1beta1:MutatingWebhookConfigurationPatch
kubernetes:admissionregistration.k8s.io/v1beta1:ValidatingWebhookConfigurationPatch
kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinitionPatch
kubernetes:apiextensions.k8s.io/v1beta1:CustomResourceDefinitionPatch
kubernetes:apiextensions.k8s.io:CustomResourcePatch
kubernetes:apiregistration.k8s.io/v1:APIServicePatch
kubernetes:apiregistration.k8s.io/v1beta1:APIServicePatch
kubernetes:apps/v1:ControllerRevisionPatch
kubernetes:apps/v1:DaemonSetPatch
kubernetes:apps/v1:DeploymentPatch
kubernetes:apps/v1:ReplicaSetPatch
kubernetes:apps/v1:StatefulSetPatch
kubernetes:apps/v1beta1:ControllerRevisionPatch
kubernetes:apps/v1beta1:DeploymentPatch
kubernetes:apps/v1beta1:StatefulSetPatch
kubernetes:apps/v1beta2:ControllerRevisionPatch
kubernetes:apps/v1beta2:DaemonSetPatch
kubernetes:apps/v1beta2:DeploymentPatch
kubernetes:apps/v1beta2:ReplicaSetPatch
kubernetes:apps/v1beta2:StatefulSetPatch
kubernetes:auditregistration.k8s.io/v1alpha1:AuditSinkPatch
kubernetes:authentication.k8s.io/v1:TokenRequestPatch
kubernetes:authentication.k8s.io/v1:TokenReviewPatch
kubernetes:authentication.k8s.io/v1beta1:TokenReviewPatch
kubernetes:authorization.k8s.io/v1:LocalSubjectAccessReviewPatch
kubernetes:authorization.k8s.io/v1:SelfSubjectAccessReviewPatch
kubernetes:authorization.k8s.io/v1:SelfSubjectRulesReviewPatch
kubernetes:authorization.k8s.io/v1:SubjectAccessReviewPatch
kubernetes:authorization.k8s.io/v1beta1:LocalSubjectAccessReviewPatch
kubernetes:authorization.k8s.io/v1beta1:SelfSubjectAccessReviewPatch
kubernetes:authorization.k8s.io/v1beta1:SelfSubjectRulesReviewPatch
kubernetes:authorization.k8s.io/v1beta1:SubjectAccessReviewPatch
kubernetes:autoscaling/v1:HorizontalPodAutoscalerPatch
kubernetes:autoscaling/v2:HorizontalPodAutoscalerPatch
kubernetes:autoscaling/v2beta1:HorizontalPodAutoscalerPatch
kubernetes:autoscaling/v2beta2:HorizontalPodAutoscalerPatch
kubernetes:batch/v1:CronJobPatch
kubernetes:batch/v1:JobPatch
kubernetes:batch/v1beta1:CronJobPatch
kubernetes:batch/v2alpha1:CronJobPatch
kubernetes:certificates.k8s.io/v1:CertificateSigningRequestPatch
kubernetes:certificates.k8s.io/v1beta1:CertificateSigningRequestPatch
kubernetes:coordination.k8s.io/v1:LeasePatch
kubernetes:coordination.k8s.io/v1beta1:LeasePatch
kubernetes:core/v1:BindingPatch
kubernetes:core/v1:ConfigMapPatch
kubernetes:core/v1:EndpointsPatch
kubernetes:core/v1:EventPatch
kubernetes:core/v1:LimitRangePatch
kubernetes:core/v1:NamespacePatch
kubernetes:core/v1:NodePatch
kubernetes:core/v1:PersistentVolumeClaimPatch
kubernetes:core/v1:PersistentVolumePatch
kubernetes:core/v1:PodPatch
kubernetes:core/v1:PodTemplatePatch
kubernetes:core/v1:ReplicationControllerPatch
kubernetes:core/v1:ResourceQuotaPatch
kubernetes:core/v1:SecretPatch
kubernetes:core/v1:ServiceAccountPatch
kubernetes:core/v1:ServicePatch
kubernetes:discovery.k8s.io/v1:EndpointSlicePatch
kubernetes:discovery.k8s.io/v1beta1:EndpointSlicePatch
kubernetes:events.k8s.io/v1:EventPatch
kubernetes:events.k8s.io/v1beta1:EventPatch
kubernetes:extensions/v1beta1:DaemonSetPatch
kubernetes:extensions/v1beta1:DeploymentPatch
kubernetes:extensions/v1beta1:IngressPatch
kubernetes:extensions/v1beta1:NetworkPolicyPatch
kubernetes:extensions/v1beta1:PodSecurityPolicyPatch
kubernetes:extensions/v1beta1:ReplicaSetPatch
kubernetes:flowcontrol.apiserver.k8s.io/v1alpha1:FlowSchemaPatch
kubernetes:flowcontrol.apiserver.k8s.io/v1alpha1:PriorityLevelConfigurationPatch
kubernetes:flowcontrol.apiserver.k8s.io/v1beta1:FlowSchemaPatch
kubernetes:flowcontrol.apiserver.k8s.io/v1beta1:PriorityLevelConfigurationPatch
kubernetes:flowcontrol.apiserver.k8s.io/v1beta2:FlowSchemaPatch
kubernetes:flowcontrol.apiserver.k8s.io/v1beta2:PriorityLevelConfigurationPatch
kubernetes:meta/v1:StatusPatch
kubernetes:networking.k8s.io/v1:IngressClassPatch
kubernetes:networking.k8s.io/v1:IngressPatch
kubernetes:networking.k8s.io/v1:NetworkPolicyPatch
kubernetes:networking.k8s.io/v1beta1:IngressClassPatch
kubernetes:networking.k8s.io/v1beta1:IngressPatch
kubernetes:node.k8s.io/v1:RuntimeClassPatch
kubernetes:node.k8s.io/v1alpha1:RuntimeClassPatch
kubernetes:node.k8s.io/v1beta1:RuntimeClassPatch
kubernetes:policy/v1:PodDisruptionBudgetPatch
kubernetes:policy/v1beta1:PodDisruptionBudgetPatch
kubernetes:policy/v1beta1:PodSecurityPolicyPatch
kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBindingPatch
kubernetes:rbac.authorization.k8s.io/v1:ClusterRolePatch
kubernetes:rbac.authorization.k8s.io/v1:RoleBindingPatch
kubernetes:rbac.authorization.k8s.io/v1:RolePatch
kubernetes:rbac.authorization.k8s.io/v1alpha1:ClusterRoleBindingPatch
kubernetes:rbac.authorization.k8s.io/v1alpha1:ClusterRolePatch
kubernetes:rbac.authorization.k8s.io/v1alpha1:RoleBindingPatch
kubernetes:rbac.authorization.k8s.io/v1alpha1:RolePatch
kubernetes:rbac.authorization.k8s.io/v1beta1:ClusterRoleBindingPatch
kubernetes:rbac.authorization.k8s.io/v1beta1:ClusterRolePatch
kubernetes:rbac.authorization.k8s.io/v1beta1:RoleBindingPatch
kubernetes:rbac.authorization.k8s.io/v1beta1:RolePatch
kubernetes:scheduling.k8s.io/v1:PriorityClassPatch
kubernetes:scheduling.k8s.io/v1alpha1:PriorityClassPatch
kubernetes:scheduling.k8s.io/v1beta1:PriorityClassPatch
kubernetes:settings.k8s.io/v1alpha1:PodPresetPatch
kubernetes:storage.k8s.io/v1:CSIDriverPatch
kubernetes:storage.k8s.io/v1:CSINodePatch
kubernetes:storage.k8s.io/v1:CSIStorageCapacityPatch
kubernetes:storage.k8s.io/v1:StorageClassPatch
kubernetes:storage.k8s.io/v1:VolumeAttachmentPatch
kubernetes:storage.k8s.io/v1alpha1:VolumeAttachmentPatch
kubernetes:storage.k8s.io/v1beta1:CSIDriverPatch
kubernetes:storage.k8s.io/v1beta1:CSINodePatch
kubernetes:storage.k8s.io/v1beta1:CSIStorageCapacityPatch
kubernetes:storage.k8s.io/v1beta1:StorageClassPatch
kubernetes:storage.k8s.io/v1beta1:VolumeAttachmentPatch

provider/pkg/gen/_go-templates/apiextensions/customResourcePatch.go

provider/pkg/gen/dotnet-templates/apiextensions/CustomResourcePatch.cs

viveklak · 2022-07-12T20:39:51Z

provider/pkg/gen/overlays.go

@@ -1285,6 +1285,71 @@ var apiextentionsCustomResource = pschema.ResourceSpec{
 	},
 }

+var apiextentionsCustomResourcePatch = pschema.ResourceSpec{


In the interest of avoiding unnecessary duplication, refer to properties etc. from apiextentionsCustomResource instead?

provider/pkg/gen/schema.go

provider/pkg/provider/provider.go

provider/pkg/gen/_go-templates/apiextensions/customResourcePatch.go

tests/sdk/nodejs/server-side-apply/step2/index.ts

provider/pkg/provider/provider.go

provider/pkg/gen/schema.go

viveklak · 2022-07-12T21:26:09Z

provider/pkg/provider/provider.go

@@ -2683,12 +2707,13 @@ func (k *kubeProvider) tryServerSidePatch(
 			return nil, nil, false, err
 		}
 	}
-	if err != nil {
-		return nil, nil, false, err
+	if err.Error() == "name is required" {


Nit - consider returning a strongly typed error for this instead?

viveklak

Directionally LGTM! We might move addressing some of the suggestions to a subsequent PR for review ergonomics.

github-actions · 2022-07-12T21:31:34Z

Does the PR have any schema changes?

Looking good! No breaking changes found.

New resources:

kubernetes:admissionregistration.k8s.io/v1:MutatingWebhookConfigurationPatch
kubernetes:admissionregistration.k8s.io/v1:ValidatingWebhookConfigurationPatch
kubernetes:admissionregistration.k8s.io/v1beta1:MutatingWebhookConfigurationPatch
kubernetes:admissionregistration.k8s.io/v1beta1:ValidatingWebhookConfigurationPatch
kubernetes:apiextensions.k8s.io/v1:CustomResourceDefinitionPatch
kubernetes:apiextensions.k8s.io/v1beta1:CustomResourceDefinitionPatch
kubernetes:apiextensions.k8s.io:CustomResourcePatch
kubernetes:apiregistration.k8s.io/v1:APIServicePatch
kubernetes:apiregistration.k8s.io/v1beta1:APIServicePatch
kubernetes:apps/v1:ControllerRevisionPatch
kubernetes:apps/v1:DaemonSetPatch
kubernetes:apps/v1:DeploymentPatch
kubernetes:apps/v1:ReplicaSetPatch
kubernetes:apps/v1:StatefulSetPatch
kubernetes:apps/v1beta1:ControllerRevisionPatch
kubernetes:apps/v1beta1:DeploymentPatch
kubernetes:apps/v1beta1:StatefulSetPatch
kubernetes:apps/v1beta2:ControllerRevisionPatch
kubernetes:apps/v1beta2:DaemonSetPatch
kubernetes:apps/v1beta2:DeploymentPatch
kubernetes:apps/v1beta2:ReplicaSetPatch
kubernetes:apps/v1beta2:StatefulSetPatch
kubernetes:auditregistration.k8s.io/v1alpha1:AuditSinkPatch
kubernetes:authentication.k8s.io/v1:TokenRequestPatch
kubernetes:authentication.k8s.io/v1:TokenReviewPatch
kubernetes:authentication.k8s.io/v1beta1:TokenReviewPatch
kubernetes:authorization.k8s.io/v1:LocalSubjectAccessReviewPatch
kubernetes:authorization.k8s.io/v1:SelfSubjectAccessReviewPatch
kubernetes:authorization.k8s.io/v1:SelfSubjectRulesReviewPatch
kubernetes:authorization.k8s.io/v1:SubjectAccessReviewPatch
kubernetes:authorization.k8s.io/v1beta1:LocalSubjectAccessReviewPatch
kubernetes:authorization.k8s.io/v1beta1:SelfSubjectAccessReviewPatch
kubernetes:authorization.k8s.io/v1beta1:SelfSubjectRulesReviewPatch
kubernetes:authorization.k8s.io/v1beta1:SubjectAccessReviewPatch
kubernetes:autoscaling/v1:HorizontalPodAutoscalerPatch
kubernetes:autoscaling/v2:HorizontalPodAutoscalerPatch
kubernetes:autoscaling/v2beta1:HorizontalPodAutoscalerPatch
kubernetes:autoscaling/v2beta2:HorizontalPodAutoscalerPatch
kubernetes:batch/v1:CronJobPatch
kubernetes:batch/v1:JobPatch
kubernetes:batch/v1beta1:CronJobPatch
kubernetes:batch/v2alpha1:CronJobPatch
kubernetes:certificates.k8s.io/v1:CertificateSigningRequestPatch
kubernetes:certificates.k8s.io/v1beta1:CertificateSigningRequestPatch
kubernetes:coordination.k8s.io/v1:LeasePatch
kubernetes:coordination.k8s.io/v1beta1:LeasePatch
kubernetes:core/v1:BindingPatch
kubernetes:core/v1:ConfigMapPatch
kubernetes:core/v1:EndpointsPatch
kubernetes:core/v1:EventPatch
kubernetes:core/v1:LimitRangePatch
kubernetes:core/v1:NamespacePatch
kubernetes:core/v1:NodePatch
kubernetes:core/v1:PersistentVolumeClaimPatch
kubernetes:core/v1:PersistentVolumePatch
kubernetes:core/v1:PodPatch
kubernetes:core/v1:PodTemplatePatch
kubernetes:core/v1:ReplicationControllerPatch
kubernetes:core/v1:ResourceQuotaPatch
kubernetes:core/v1:SecretPatch
kubernetes:core/v1:ServiceAccountPatch
kubernetes:core/v1:ServicePatch
kubernetes:discovery.k8s.io/v1:EndpointSlicePatch
kubernetes:discovery.k8s.io/v1beta1:EndpointSlicePatch
kubernetes:events.k8s.io/v1:EventPatch
kubernetes:events.k8s.io/v1beta1:EventPatch
kubernetes:extensions/v1beta1:DaemonSetPatch
kubernetes:extensions/v1beta1:DeploymentPatch
kubernetes:extensions/v1beta1:IngressPatch
kubernetes:extensions/v1beta1:NetworkPolicyPatch
kubernetes:extensions/v1beta1:PodSecurityPolicyPatch
kubernetes:extensions/v1beta1:ReplicaSetPatch
kubernetes:flowcontrol.apiserver.k8s.io/v1alpha1:FlowSchemaPatch
kubernetes:flowcontrol.apiserver.k8s.io/v1alpha1:PriorityLevelConfigurationPatch
kubernetes:flowcontrol.apiserver.k8s.io/v1beta1:FlowSchemaPatch
kubernetes:flowcontrol.apiserver.k8s.io/v1beta1:PriorityLevelConfigurationPatch
kubernetes:flowcontrol.apiserver.k8s.io/v1beta2:FlowSchemaPatch
kubernetes:flowcontrol.apiserver.k8s.io/v1beta2:PriorityLevelConfigurationPatch
kubernetes:meta/v1:StatusPatch
kubernetes:networking.k8s.io/v1:IngressClassPatch
kubernetes:networking.k8s.io/v1:IngressPatch
kubernetes:networking.k8s.io/v1:NetworkPolicyPatch
kubernetes:networking.k8s.io/v1beta1:IngressClassPatch
kubernetes:networking.k8s.io/v1beta1:IngressPatch
kubernetes:node.k8s.io/v1:RuntimeClassPatch
kubernetes:node.k8s.io/v1alpha1:RuntimeClassPatch
kubernetes:node.k8s.io/v1beta1:RuntimeClassPatch
kubernetes:policy/v1:PodDisruptionBudgetPatch
kubernetes:policy/v1beta1:PodDisruptionBudgetPatch
kubernetes:policy/v1beta1:PodSecurityPolicyPatch
kubernetes:rbac.authorization.k8s.io/v1:ClusterRoleBindingPatch
kubernetes:rbac.authorization.k8s.io/v1:ClusterRolePatch
kubernetes:rbac.authorization.k8s.io/v1:RoleBindingPatch
kubernetes:rbac.authorization.k8s.io/v1:RolePatch
kubernetes:rbac.authorization.k8s.io/v1alpha1:ClusterRoleBindingPatch
kubernetes:rbac.authorization.k8s.io/v1alpha1:ClusterRolePatch
kubernetes:rbac.authorization.k8s.io/v1alpha1:RoleBindingPatch
kubernetes:rbac.authorization.k8s.io/v1alpha1:RolePatch
kubernetes:rbac.authorization.k8s.io/v1beta1:ClusterRoleBindingPatch
kubernetes:rbac.authorization.k8s.io/v1beta1:ClusterRolePatch
kubernetes:rbac.authorization.k8s.io/v1beta1:RoleBindingPatch
kubernetes:rbac.authorization.k8s.io/v1beta1:RolePatch
kubernetes:scheduling.k8s.io/v1:PriorityClassPatch
kubernetes:scheduling.k8s.io/v1alpha1:PriorityClassPatch
kubernetes:scheduling.k8s.io/v1beta1:PriorityClassPatch
kubernetes:settings.k8s.io/v1alpha1:PodPresetPatch
kubernetes:storage.k8s.io/v1:CSIDriverPatch
kubernetes:storage.k8s.io/v1:CSINodePatch
kubernetes:storage.k8s.io/v1:CSIStorageCapacityPatch
kubernetes:storage.k8s.io/v1:StorageClassPatch
kubernetes:storage.k8s.io/v1:VolumeAttachmentPatch
kubernetes:storage.k8s.io/v1alpha1:VolumeAttachmentPatch
kubernetes:storage.k8s.io/v1beta1:CSIDriverPatch
kubernetes:storage.k8s.io/v1beta1:CSINodePatch
kubernetes:storage.k8s.io/v1beta1:CSIStorageCapacityPatch
kubernetes:storage.k8s.io/v1beta1:StorageClassPatch
kubernetes:storage.k8s.io/v1beta1:VolumeAttachmentPatch

lblackstone · 2022-07-12T21:36:28Z

Directionally LGTM! We might move addressing some of the suggestions to a subsequent PR for review ergonomics.

Sounds good! I will make another pass through these feedback items once this merges.

github-actions bot added the impact/no-changelog-required This issue doesn't require a CHANGELOG update label Jun 23, 2022

lblackstone force-pushed the lblackstone/patch-resources branch 2 times, most recently from 4e2ba41 to d93c859 Compare July 8, 2022 20:02

pulumi deleted a comment from github-actions bot Jul 8, 2022

lblackstone force-pushed the lblackstone/patch-resources branch from d93c859 to 24b94a2 Compare July 8, 2022 21:52

pulumi deleted a comment from github-actions bot Jul 8, 2022

lblackstone added 8 commits July 11, 2022 12:37

Add Patch resources to all SDKs

ee421b6

Add Patch resources for all Kubernetes resource types that can be used to patch existing cluster resources rather than creating a new resource under Pulumi management. See #2011 for additional details on the background and design of this feature.

Update SDK dep

401dd90

Disable managed-by label for SSA

ae39699

Remove managedFields from patch calculation

0daf28c

Require SSA mode for Patch resources

751ea0d

DryRun -> Preview

2757a98

Improve error handling

eaf44ef

Update some comments

566db9b

lblackstone force-pushed the lblackstone/patch-resources branch from 24b94a2 to 658e30b Compare July 11, 2022 22:12

lblackstone marked this pull request as ready for review July 11, 2022 22:18

lblackstone requested a review from viveklak July 11, 2022 22:18

pulumi deleted a comment from github-actions bot Jul 11, 2022

Tests

4167799

Tests

lblackstone force-pushed the lblackstone/patch-resources branch from 658e30b to 4167799 Compare July 11, 2022 22:48

pulumi deleted a comment from github-actions bot Jul 11, 2022

This comment was marked as outdated.

Sign in to view

Fix test CRD conflicts

bcfb1b3

pulumi deleted a comment from github-actions bot Jul 12, 2022

Fix miscellaneous test errors

abcc95f

pulumi deleted a comment from github-actions bot Jul 12, 2022

Fix preview bug

0c03a7e

pulumi deleted a comment from github-actions bot Jul 12, 2022