-
Notifications
You must be signed in to change notification settings - Fork 117
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[azure] Verify tags #507
[azure] Verify tags #507
Conversation
@zuzzas Thank you for your contribution. |
Thank you @zuzzas for your contribution. Before I can start building your PR, a member of the organization must set the required label(s) {'reviewed/ok-to-test'}. Once started, you can check the build status in the PR checks section below. |
@zuzzas thanks for the PR, we'll take a look soon. |
/ok-to-test |
Yes, though Azure helps in uniquely identifying the resources via resourceGroups, we still add tags to maintain the homogeneity across clouds. Also, tags on the VMs are specifically needed for certain aspects of Kubernetes to work properly, to identify if VMs belongs to the specific cluster or not, not sure if it's still the case, it was clearly sometime back. Overall, the changes don't look breaking to me, I'd wait for comments from @prashanth26 @ggaurav10. /lgtm otherwise. cc @dkistner |
This reason this was disabled back then was because we had observed Azure having bugs with tagging resources in the past and hence we stuck to just resource group-based filtering, I hope this doesn't affect us anymore. cc: @amshuman-kr |
@prashanth26 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
We ran into this corner case when we ended up with hundreds of orphan VMs/NICs had didn't seem to contain these tags anymore, although we had explicitly tagged them during creation. And this leads to these orphan VMs. Anyways I hope this doesn't occur anymore and we can merge this in and re-introduce this if we observe such issues again. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm let's merge it in for now. If we see issues re-occurring we can take a second call later.
@zuzzas the
Also, the unit-test is failing for the same reason, causing |
Signed-off-by: Andrey Klimentyev <andrey.klimentyev@flant.com>
@hardikdr |
The test step is now failing due to an issue with an internal CI cluster, will fix it soon, and merge. |
/ok-to-test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
What this PR does / why we need it:
Tag verification has been disabled back in May of 2019 by @prashanth26.
We can deduce that it was done due to Azure's unique ability to group resources in Resource Groups. Gardener project, presumably, packs all VMs (and relevant objects) into a single Resource Group (hence no need for tag verification).
That does not work for us, since we deploy master VMs near VMs that are managed by MCM and backed by Machine objects. It also seems weird that there are tags present in AzureMachineClass CRD, but are not used to verify actual objects.
Special notes for your reviewer:
Release note: