Support for server side apply #392
Conversation
|
Thanks for the draft PR @redbaron ! |
|
|
||
| if existingRes != nil { | ||
| // Strip rebasing "base" object of kapp history so that it never shows up in the diff, regardless | ||
| // of rebase rules used | ||
| existingResForRebasing, err = f.NewResourceWithHistory(existingRes).HistorylessResource() |
There was a problem hiding this comment.
I believe there was a sleeper bug here, which unfolded like following:
- By the end of this function
existingReswas unconditionally stripped of history withHistorylessResource() newReswas unconditionally stripped of history withHistorylessResource()existingResForRebasinghas history kept, because it comes from the cluster as is- When building
rebasedNewResusingexistingResForRebasing + newRes, history was removed due to default rebase rules included in the kapp transplanting history-less annotations fromnewRes - If we redeploy same object as previous deployment, end result has no spurious diff, because both objects have history stripped
Should provided config had different rebase rules, rebasedNewRes is going to have history annotations from existingResForRebasing, but existingRes wont, generating spurious diff.
Similar situation arises when metadata.managedFields is populated by the cluster. This field is considered history and is stripped in HistorylessResource() call, but default rebase rules have no mentions of it.
Instead of updating default rebase rule, I opted for fixing it at the source. Here I am stripping history from all objects, ensuring it is not going to show up in any diffs regardless of kapp config provided. Technically it is a change in behaviour, hence this comment to highlight it.
There was a problem hiding this comment.
will think through it, thanks for call out 👍
There was a problem hiding this comment.
to double check -- changes in NewChangeAgainstLastApplied are not really affecting SSA, right? (i might have to ask to separate them out into a diff PR).
renuy
requested review from
cppforlife,
rohitagg2020,
praveenrewar and
100mik
pkg/kapp/cmd/app/deploy.go
Outdated
| if o.ApplyFlags.ServerSideApply { | ||
| o.DiffFlags.ChangeSetOpts.Mode = ctldiff.ServerSideApplyChangeSetMode | ||
| } |
There was a problem hiding this comment.
not a fan of doing it in RunE, lets move this into Run()... (also going to see if there is a better place for this)
There was a problem hiding this comment.
I plan to add flag validation step and return error, rather than silently overwriting values provided by user, so it should be a RunE I believe because it can return error.
There was a problem hiding this comment.
I believe we could move these validations to the Run()function as it returns an error and let the command initialisation have
RunE: func(_ *cobra.Command, _ []string) error { return o.Run() }|
|
||
| if existingRes != nil { | ||
| // Strip rebasing "base" object of kapp history so that it never shows up in the diff, regardless | ||
| // of rebase rules used | ||
| existingResForRebasing, err = f.NewResourceWithHistory(existingRes).HistorylessResource() |
There was a problem hiding this comment.
will think through it, thanks for call out 👍
pkg/kapp/cmd/app/deploy.go
Outdated
| if o.ApplyFlags.ServerSideApply { | ||
| o.DiffFlags.ChangeSetOpts.Mode = ctldiff.ServerSideApplyChangeSetMode | ||
| } |
There was a problem hiding this comment.
I believe we could move these validations to the Run()function as it returns an error and let the command initialisation have
RunE: func(_ *cobra.Command, _ []string) error { return o.Run() }
| @@ -313,6 +313,8 @@ apiVersion: v1 | |||
| kind: ConfigMap | |||
| metadata: | |||
| name: test-cm | |||
| annotations: | |||
| ann1: val1 | |||
There was a problem hiding this comment.
I've added this to show that not all annotations stripped when object is passed to rebase rules
| @@ -351,15 +353,18 @@ data: | |||
| "values": asYAML(t, map[string]interface{}{ | |||
| "existing": func() interface{} { | |||
| raw := cm.Raw() | |||
| removeHistory(raw) | |||
There was a problem hiding this comment.
Consequence of https://github.com/vmware-tanzu/carvel-kapp/pull/392/files#r768970039 is that rebase rules don't see history in objects passed to them. I've adjusted test to reflect it.
|
Hm, all tests are passing locally on Docker Desktop managed 1.21 kubernetes cluster, but |
Strategic merge patch is not support for CRDs without schema
|
OK, it reached the stage where I'd like to propose it for a merge. I added option to run E2E tests with SSA enabled and test suite now passes with SSA on my 1.21 K8S, except for tests with rebasing. I'll go through diff and add notes on parts worth paying attention to.
There is a missing test for /cc @cppforlife |
|
cool cool. ill do a deep dive today/tomorrow on this @redbaron. other folks will also take a look... |
|
(still reading through the code... hoping to be done tomorrow) |
| // Patch dry run returns merged object with all patch-file fields present | ||
| err = kubectl.RunWithOptsIntoJSON([]string{"patch", "svc", "redis-primary", "--patch-file", tmpFile.Name(), "--dry-run=client"}, | ||
| RunOpts{IntoNs: true}, &expectedObj) | ||
| require.NoError(t, err) |
There was a problem hiding this comment.
seems like a complicated way of determining expected state. is there something simpler that can be done (aka more static/hard-coded into the test)?
| var err error | ||
|
|
||
| if c.aou.opts.ServerSideApply { | ||
| updatedRes, err = ctlres.WithIdentityAnnotation(c.newRes, func(r ctlres.Resource) (ctlres.Resource, error) { |
There was a problem hiding this comment.
it seems that we have two types of Patch operations: one where we are working with a resource, and one where we are working with some "minimal/raw" patch. instead of exposing WithIdentityAnnotation outside of IdentifiedResources resources class, lets keep existing Patch method to work with Resource class (instead of []byte) and change it so that it can add annotation on the fly. lets also add PatchRaw which does take []byte. this should result in keeping WithIdentityAnnotation as private.
|
|
||
| if existingRes != nil { | ||
| // Strip rebasing "base" object of kapp history so that it never shows up in the diff, regardless | ||
| // of rebase rules used | ||
| existingResForRebasing, err = f.NewResourceWithHistory(existingRes).HistorylessResource() |
There was a problem hiding this comment.
to double check -- changes in NewChangeAgainstLastApplied are not really affecting SSA, right? (i might have to ask to separate them out into a diff PR).
| type ChangeSetOpts struct { | ||
| AgainstLastApplied bool | ||
| Mode ChangeSetMode |
There was a problem hiding this comment.
after reading through flag "adjusting" above, i think we should just turns this into:
type ChangeSetOpts struct {
ServerSideApply bool
AgainstLastApplied bool
}
anywhere where we are doing a switch based on mode, we should just do:
switch {
case opts.ServerSideApply: ...
case opts.AgainstLastApplied: ...
default: ...
}
the reasoning for this, it seems that mode enum introduces quite a bit of gymanistics necessary to compute what it should be.
| @@ -218,5 +211,11 @@ func (resourceWithoutHistory) removeAppliedResAnnKeysMods() []ctlres.ResourceMod | |||
| ResourceMatcher: ctlres.AllMatcher{}, | |||
| Path: ctlres.NewPathFromStrings([]string{"metadata", "annotations", debugAppliedResDiffFullAnnKey}), | |||
| }, | |||
| // metadata.managedFields technically is not kapp history, but we want to strip it in same situations we are | |||
| // stripping kapp history, it is server side apply history after all | |||
| ctlres.FieldRemoveMod{ | |||
There was a problem hiding this comment.
without this, was this breaking anything? (if so, just for ssa, or for non-ssa operation?)
There was a problem hiding this comment.
Yes, with SSA enabled it was reporting diff on managedFields where it shouldn't
|
Thanks for a quick review, I'll make requested changes shortly |
|
@redbaron lmk, when to take a look at the PR again. |
|
Hey guys, Could you give me a brief update on the topic? Are there still plans to support server-side-apply or will there be no further work on this topic for the time being? |
|
Hi @ebma16! Unfortunately the maintainers don't have the bandwidth to work on this at the moment, and I am not sure when we will be able to prioritise it. We can definitely prioritise a review if you would be interested in submitting a PR or continuing on this one. kapp rebase rules should still work well with other tools that support SSA. Could you share the specific problem that you are facing? |
|
Hi @praveenrewar, At the moment I have no problems with the kapp rebase rules. We are still in an early phase of the project and I just did a small test for the interaction between the Java-Operator-SDK (using SSA) and the kapp rebase rules (without SSA). So far I could not find any problems and everything worked. I was just curious about the current status when I read this thread ;) I will continue with this constellation (kapp without SSA and other tools using SSA). If I notice any problems, I will definitely let you know and continue this thread! |
|
Sure, keep us updated. Happy to chat on carvel slack channel too if you need help with anything. |
First take on server side apply feature (#388) to collect early feedback.
Some highlights:
kappcode paths, so I had to approximate it by diffing existing instances against dry run SSA result. This required calls to K8S much earlier in the code than it was previously, which required some plumbingNewChangeSSAchange factoryKAPP_E2E_SSA=1env var value. When set,--ssa-enabledflag is added to kapp invocation allowing same tests to be run in SSA mode. Tests with rebasing are skipped in SSA mode.*corbra.Commandin the testing process. It is not a full replacement for akappcommand execution, but greatly helped developing this feature as most interesting scenarios come up ine2eand not unit testing.Unimplemented:
--diff-against-last-applied.Yet untested (unless there is an existing E2E test covering it):
Features deliberately left outside of this PR:
kappcould assist with it.