Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not block composed resources on failed neighbor #2180

Merged
merged 4 commits into from
Jun 8, 2021
Merged

Do not block composed resources on failed neighbor #2180

merged 4 commits into from
Jun 8, 2021

Conversation

hasheddan
Copy link
Member

@hasheddan hasheddan commented Mar 2, 2021
edited
Loading

Description of your changes

Updates the composite resource reconciler to render all resources it is
able to even if it is not able to render all resources in the specified
composition. This is a change in behavior from refusing to render any
composed resources if not able to render all.

Signed-off-by: hasheddan georgedanielmangum@gmail.com

Fixes #2175

I have:

  • Read and followed Crossplane's contribution process.
  • Run make reviewable test to ensure this PR is ready for review.

How has this code been tested

Using the manifests in #2175:

  1. Create an ObjectStorageBucket
🤖 (crossplane) k get objectstoragebucket
NAME   READY   CONNECTION-SECRET   AGE
test   False                       119s
  1. Observed that only the Bucket was created
🤖 (crossplane) k get bucket
NAME               READY   SYNCED   AGE
test-j4jhd-7kvk8   True    True     60m
  1. See that both references are create but IAMPolicy does not have a name
- apiVersion: resources.company.systems/v1alpha1
  kind: CompositeObjectStorageBucket
  metadata:
    annotations:
      crossplane.io/external-name: ""
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"resources.company.systems/v1alpha1","kind":"ObjectStorageBucket","metadata":{"annotations":{},"name":"test","namespace":"default"},"spec":{}}
    creationTimestamp: "2021-06-03T22:14:21Z"
    generateName: test-
    generation: 4
    labels:
      crossplane.io/claim-name: test
      crossplane.io/claim-namespace: default
      crossplane.io/composite: test-j4jhd
   ...
   name: test-j4jhd
  spec:
    claimRef:
      apiVersion: resources.company.systems/v1alpha1
      kind: ObjectStorageBucket
      name: test
      namespace: default
    compositionRef:
      name: object-storage-bucket-aws
    resourceRefs:
    - apiVersion: s3.aws.crossplane.io/v1beta1
      kind: Bucket
      name: test-j4jhd-7kvk8
    - apiVersion: identity.aws.crossplane.io/v1alpha1
      kind: IAMPolicy
  status:
    conditions:
    - lastTransitionTime: "2021-06-03T22:16:51Z"
      reason: Creating
      status: "False"
      type: Ready
    uid: arn:aws:s3:::test-j4jhd-7kvk8
  1. Now that uid is populated in status, we can create the IAMPolicy
🤖 (crossplane-runtime) k get iampolicy
NAME               ARN                                           READY   SYNCED   AGE
test-j4jhd-5phzf   arn:aws:iam::609897127049:policy/test-j4jhd   True    True     6m23s
  1. Name of IAMRole is now present in resource refs on the composite
- apiVersion: resources.company.systems/v1alpha1
  kind: CompositeObjectStorageBucket
  metadata:
    annotations:
      crossplane.io/external-name: ""
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"resources.company.systems/v1alpha1","kind":"ObjectStorageBucket","metadata":{"annotations":{},"name":"test","namespace":"default"},"spec":{}}
    creationTimestamp: "2021-06-03T22:14:21Z"
    generateName: test-
    generation: 5
    labels:
      crossplane.io/claim-name: test
      crossplane.io/claim-namespace: default
      crossplane.io/composite: test-j4jhd
    ...
    name: test-j4jhd
    ...
  spec:
    claimRef:
      apiVersion: resources.company.systems/v1alpha1
      kind: ObjectStorageBucket
      name: test
      namespace: default
    compositionRef:
      name: object-storage-bucket-aws
    resourceRefs:
    - apiVersion: s3.aws.crossplane.io/v1beta1
      kind: Bucket
      name: test-j4jhd-7kvk8
    - apiVersion: identity.aws.crossplane.io/v1alpha1
      kind: IAMPolicy
      name: test-j4jhd-5phzf
  status:
    conditions:
    - lastTransitionTime: "2021-06-03T23:16:37Z"
      reason: Available
      status: "True"
      type: Ready
    uid: arn:aws:s3:::test-j4jhd-7kvk8
  1. Deleting the claim cleans up the composite and all managed resources.

@hasheddan hasheddan requested a review from negz March 2, 2021 23:16
@hasheddan
Copy link
Member Author

check-diff is know bug that is fixed in #2166

@hasheddan
Copy link
Member Author

I removed the BucketPolicy from the composition and that resulted in the cannot access object metadata error going away, but the UID field was not being patched back to the XR or XRC correctly 🤔

@muvaf muvaf mentioned this pull request Mar 9, 2021
Closed
@muvaf
Copy link
Member

muvaf commented Apr 8, 2021

Are we feeling OK with including this in v1.2.0?

@hasheddan
Copy link
Member Author

@muvaf yep! Need to do a bit more testing, but I'll get this fixed up and ready to go!

@hasheddan hasheddan changed the title Skip but do not error on composed resource with missing required patch Do not block composed resources on failed neighbor Apr 9, 2021
@hasheddan hasheddan marked this pull request as ready for review April 9, 2021 22:19
@hasheddan hasheddan force-pushed the required-render-partial branch 2 times, most recently from 0706880 to 4a83d99 Compare April 9, 2021 23:21
@chlunde chlunde mentioned this pull request Apr 12, 2021
Closed
@muvaf
Copy link
Member

muvaf commented Apr 19, 2021

The append will mess up with the ordered association code here because it is coupled with the order very tightly.

As we talked offline, we need either an empty entry or placeholder. My preference would be towards empty entry. It seems like we need to remove the requirements here and there is also a workaround here in the code that sets the references (I don't remember why it existed precisely, but I think it might have to do with using ObjectReference schema, which we don't do now even though the struct in Go code is ObjectReference).

I think it's worth testing these changes. I can't really see a reason why it'd not be able to have an array entry with all the values being "". But if it can't, maybe having apiVersion and kind but leaving name empty could be helpful as placeholder.

A different approach could be that we could mark the entry with the name or index of the template that's used, i.e. adding a baseName to ref struct here. But I guess that ship has sailed in #2131 where we decided to use an annotation on the composed resource.

@negz
Copy link
Member

negz commented Apr 20, 2021

A different approach could be that we could mark the entry with the name or index of the template that's used, i.e. adding a baseName to ref struct here. But I guess that ship has sailed in #2131 where we decided to use an annotation on the composed resource.

Just dropping some breadcrumbs to this specific comment - #2131 (comment), which touches on why I didn't take that option.

@hasheddan
Make name in composite resource references optional
6750ee1 
Makes it possible for a resource reference to exist with just GVK to
accomodate for incremental rendering of resources in a composition.

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
@hasheddan hasheddan requested a review from muvaf June 3, 2021 23:52
@hasheddan
Copy link
Member Author

hasheddan commented Jun 3, 2021
edited
Loading

@muvaf @negz I have updated here to only reference composed resources by GVK when we are unable to render them (see updated testing results in PR body) and everything appears to be behaving correctly. I think this is ready for another review, but I am still testing out a few scenarios -- I am specifically concerned with situations where we fail to render a resource after we have already rendered it successfully in the past, but I think we should still be fine in that case.

negz
negz reviewed Jun 7, 2021
View reviewed changes
Copy link
Member

@negz negz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One question and a nit, but this broadly LGTM.

internal/controller/apiextensions/composite/reconciler.go Outdated Show resolved Hide resolved
internal/controller/apiextensions/composite/reconciler.go Outdated Show resolved Hide resolved
@hasheddan
Do not block composed resources on failed neighbor
c5d94bf 
Updates the composite resource reconciler to render all resources it is
able to even if it is not able to render all resources in the specified
composition. This is a change in behavior from refusing to render any
composed resources if not able to render all.

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
@hasheddan
Do not garbage collect composed resources with no name
e633380 
Skips composed resource references with no name when garbage collecting
in the template associator because the lack of a name indicates that the
resource was not rendered.

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
@hasheddan
Update xcrd tests to allow for missing name in composed refs
295fd05 
Composites can now reference missing composed resources that it can't
render so we must allow for empty names.

Signed-off-by: hasheddan <georgedanielmangum@gmail.com>
muvaf
muvaf approved these changes Jun 8, 2021
View reviewed changes
Copy link
Member

@muvaf muvaf left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! Thanks @hasheddan !

@hasheddan hasheddan merged commit 2da0955 into crossplane:master Jun 8, 2021
@negz negz mentioned this pull request Jun 18, 2021
Closed
3 tasks
@renovate renovate bot mentioned this pull request Jun 29, 2021
Closed
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@muvaf muvaf muvaf approved these changes

@negz negz negz approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Required patch policy aborts rendering of entire composite
3 participants
@hasheddan @muvaf @negz