✨ Enable ssatags KAL linter #12470
✨ Enable ssatags KAL linter #12470
Conversation
k8s-ci-robot
added
do-not-merge/work-in-progress
k8s-ci-robot
added
do-not-merge/needs-area
sbueringer
added
area/api
sbueringer
force-pushed
the
pr-enable-ssatags-linter
branch
from
7dcd23a to
2d68ae1
Compare
k8s-ci-robot
added
size/M
sbueringer
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
sbueringer
changed the title
k8s-ci-robot
added
the
do-not-merge/work-in-progress
sbueringer
force-pushed
the
pr-enable-ssatags-linter
branch
from
2d68ae1 to
8847e73
Compare
|
Ready for review /assign @fabriziopandini @JoelSpeed @sivchari @mboersma /hold |
k8s-ci-robot
added
the
do-not-merge/hold
sbueringer
changed the title
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
sbueringer
force-pushed
the
pr-enable-ssatags-linter
branch
from
8847e73 to
47e7680
Compare
k8s-ci-robot
removed
the
size/M
|
/hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
|
Ready for review/merge now :) |
| @@ -64,6 +64,7 @@ type ClusterResourceSetSpec struct { | |||
|
|
|||
| // resources is a list of Secrets/ConfigMaps where each contains 1 or more resources to be applied to remote clusters. | |||
| // +optional | |||
| // +listType=atomic | |||
There was a problem hiding this comment.
This field is a classic example of one that would probably be listTypeMap. Each name/kind pair within the list should be unique right?
There was a problem hiding this comment.
It should be unique, yes. But I think that doesn't justify making this field a listType=map:
- changing to listType=map produces additional overhead in managedFields (i.e. memory usage)
- changing this to a map leads to issues through the atomic=>map transition (folks won't be able to delete array elements in all scenarios, see: ClusterClass Upgrade Fails Due to ManagedFields Behavior Change in CAPI v1.6 → v1.8 #11857)
If we want that validation we should achieve it through other means that don't lead to these issues.
In my opinion we should be very careful with listType=map and should only use it:
- if we have to for compatibility reasons, e.g. when we changed extraArgs from map to array we had to use listType=map to ensure compatibility on the managedFields level (changing to atomic would have lead to issues)
- if we have the use case for multiple owners for a field (otherwise it's not worth the additional memory overhead of managed fields which can be significant if the array elements are large, see conditions for an example: https://storage.googleapis.com/kubernetes-ci-logs/logs/periodic-cluster-api-e2e-main/1943237186371457024/artifacts/clusters/bootstrap/resources/quick-start-yfb57f/Cluster/quick-start-qsya01.yaml)
There was a problem hiding this comment.
@JoelSpeed Let's discuss this here first. This has impact on almost all other findings. I'm really not in favor of making arrays maps if we can come up with a key for the reasons mentioned above.
I'm not opposed to adding additional validation through other means, but honestly I won't have the bandwith for it in this release cycle. If someone wants to open a PR to add CEL validation with appropriate envtest-based unit test coverage that's fine for me.
There was a problem hiding this comment.
In general, when adding new fields I've always recommended, where there is an obvious map key (list of named objects style) to go map over atomic. In general those decisions have aged well so far to my knowledge and we haven't hit any issues with significant memory usage.
You are right about changing things day 2 though, the SSA migration from atomic to map has had issues in the past, but I was under the impression some fixes went in to resolve those migration issues?
When we've had issues in the past with changing the atomic->map post release, was that during a migration between API versions? Or within the same API version?
There was a problem hiding this comment.
When we've had issues in the past with changing the atomic->map post release, was that during a migration between API versions? Or within the same API version?
It was within the same apiVersion. IIRC I also tested it at the time and the same thing happens even between apiVersions. (and yes there were some fixes in the structured merge library but they were years ago, or at least I'm not aware of others)
There was a problem hiding this comment.
Please see this comment: #11857 (comment)
Specifically:
There was a PR in September 2020 that was improving support of schema changes from granular to atomic and vice versa: kubernetes-sigs/structured-merge-diff#170. The change to improve support for atomic to granular schema changes was later reverted in April 2021: kubernetes-sigs/structured-merge-diff#192.
The recommendation nowadays is to not "change a type from atomic to map/set/granular." (kubernetes.io/docs/reference/using-api/server-side-apply#compatibility-across-topology-changes).
There was a problem hiding this comment.
Adding my two cents on why we should not rush in transforming atomic list on map lists:
- +listType=atomic is making explicit the current behaviour, which seems ok to users
- in some cases allowing co-ownership of fields might lead to undesired effects (e.g. KubeadmConfig, machines could be created before all the actors have added their data to mapLists, leading to unnecessary rollouts).
| @@ -57,6 +57,7 @@ type ResourceSetBinding struct { | |||
|
|
|||
| // resources is a list of resources that the ClusterResourceSet has. | |||
| // +optional | |||
| // +listType=atomic | |||
There was a problem hiding this comment.
[]ResourceBinding style could also be listType Map with each Name/Kind being the keys right?
| @@ -122,6 +124,7 @@ type MachinePoolStatus struct { | |||
|
|
|||
| // nodeRefs will point to the corresponding Nodes if it they exist. | |||
| // +optional | |||
| // +listType=atomic | |||
| @@ -65,6 +65,7 @@ type MachineHealthCheckSpec struct { | |||
| // logical OR, i.e. if any of the conditions is met, the node is unhealthy. | |||
| // | |||
| // +optional | |||
| // +listType=atomic | |||
| @@ -392,6 +394,7 @@ type MachineHealthCheckClass struct { | |||
| // logical OR, i.e. if any of the conditions is met, the node is unhealthy. | |||
| // | |||
| // +optional | |||
| // +listType=atomic | |||
| // +kubebuilder:validation:MaxItems=1000 | ||
| Variables []ClusterClassVariable `json:"variables,omitempty"` | ||
|
|
||
| // patches defines the patches which are applied to customize | ||
| // referenced templates of a ClusterClass. | ||
| // Note: Patches will be applied in the order of the array. | ||
| // +optional | ||
| // +listType=atomic |
| @@ -119,13 +119,15 @@ type ClusterClassSpec struct { | |||
| // variables defines the variables which can be configured | |||
| // in the Cluster topology and are then used in patches. | |||
| // +optional | |||
| // +listType=atomic | |||
sbueringer
force-pushed
the
pr-enable-ssatags-linter
branch
from
42a8566 to
0ab5673
Compare
|
/test pull-cluster-api-e2e-main |
|
/override pull-cluster-api-e2e-main |
|
@sbueringer: Overrode contexts on behalf of sbueringer: pull-cluster-api-e2e-main In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
Signed-off-by: Stefan Büringer buringerst@vmware.com
Signed-off-by: Stefan Büringer buringerst@vmware.com
…rray fields as atomic Signed-off-by: Stefan Büringer buringerst@vmware.com
Signed-off-by: Stefan Büringer buringerst@vmware.com
Signed-off-by: Stefan Büringer buringerst@vmware.com
sbueringer
force-pushed
the
pr-enable-ssatags-linter
branch
from
0ab5673 to
596994a
Compare
|
/lgtm /hold any other reviewers we want to tag in? |
k8s-ci-robot
added
do-not-merge/hold
|
LGTM label has been added. Git tree hash: e7d9ee4cd78e2a658466064980b9ea51c8168af9
|
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JoelSpeed The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
I think Fabrizio once he's back |
|
/lgtm /hold cancel |
k8s-ci-robot
removed
the
do-not-merge/hold
Signed-off-by: Stefan Büringer buringerst@vmware.com
What this PR does / why we need it:
This PR enables the ssatags linter and sets listType=atomic everywhere explicitly.
I think in all the affected cases we don't really have a use case for shared ownership of the fields.
Let's also keep in mind that:
Huge Kudos to @sivchari & @JoelSpeed for the linter!!!
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close the issue(s) when PR gets merged):Part of #10852
Fixes #6504