gitops-engine icon indicating copy to clipboard operation
gitops-engine copied to clipboard

Published 20 hours ago verified publisher icon argoproj

feat: local crd validation

Open pepov opened this issue 5 years ago • 6 comments
trafficstars

CRDs from Kubernetes version 1.15 support a field x-kubernetes-preserve-unknown-fields that affects validation when a CRD introduces a new field and a CR in the same sync defines a value for that field at the same time.

The above would be a backwards compatible change if validation wouldn't blow up on the missing field in the client. The issue is the same when there are other incompatible changes or even when a new CRD version is introduced, which cannot get applied to the API server because it's CR breaks validation.

We can disable validation for resources already, but it's obviously not ideal.

This PR aims to handle validation against the CRD if it exists in the same sync's targets. A new sync-option annotation ValidateWithLocalCRD=true is introduced to make this feature opt-in rather then default.

A test application is prepared for validating the change:

argocd app create logging \
    --dest-namespace default --dest-name in-cluster \
    --repo https://github.com/pepov/argocd-integrations.git \
    --path logging --revision 3.5.0

Sync the app with 3.5.0 first

argocd app sync logging --revision 3.5.0

Change revision to 3.6.0-broken to see the issue without using the annotation:

argocd app sync logging --revision 3.6.0-broken

Change revision to 3.6.0 to see how setting the annotation should fix the problem:

argocd app sync logging --revision 3.6.0

pepov avatar Oct 09 '20 13:10 pepov

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Oct 09 '20 13:10 CLAassistant

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

sonarqubecloud[bot] avatar Oct 14 '20 21:10 sonarqubecloud[bot]

Codecov Report

Merging #157 (d1ec221) into master (53cbe5f) will increase coverage by 0.06%. The diff coverage is 52.94%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #157      +/-   ##
==========================================
+ Coverage   49.18%   49.25%   +0.06%     
==========================================
  Files          39       39              
  Lines        3005     3068      +63     
==========================================
+ Hits         1478     1511      +33     
- Misses       1368     1389      +21     
- Partials      159      168       +9
Impacted Files Coverage Δ
pkg/sync/common/types.go 58.82% <ø> (ø)
pkg/sync/sync_task.go 78.26% <ø> (ø)
pkg/sync/sync_context.go 69.07% <52.94%> (-2.03%) :arrow_down:

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 53cbe5f...d1ec221. Read the comment docs.

codecov-io avatar Oct 14 '20 21:10 codecov-io

With the latest API version changes in Kubernetes and with the closing deprecation of Helm charts (potentially resulting in upgrades to new versions/operators) this would be really great to have.

sagikazarmark avatar Oct 14 '20 21:10 sagikazarmark

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
No Duplication information No Duplication information

sonarqubecloud[bot] avatar Dec 15 '20 21:12 sonarqubecloud[bot]

@alexmt I've changed the code to avoid the extra flag by always validating against a local CRD if it exists in the sync and in case it passed use it as an indicator to retry a failed apply without validation.

pepov avatar Dec 15 '20 22:12 pepov