pulp-operator icon indicating copy to clipboard operation
pulp-operator copied to clipboard

Published 20 hours ago verified publisher icon pulp

[BUG] Our reconciliation logic is not handling a field removal from CR

Open git-hyagi opened this issue 3 years ago • 2 comments

Our reconciliation logic is not handling a resource removal from CR, it is only checking if what is defined is deployed.

git-hyagi avatar Sep 19 '22 12:09 git-hyagi

After an internal discussion, we decided that, for now, if a field is removed we will use mutating webhooks to set it back to the same value as before.

This is to avoid issues like removing a PVC field and losing all the data (if no PVC is defined, the reconcile logic would define an emptyDir).

If we find that this is not the best approach, we will tweak the settings for each field of Pulp CR.

git-hyagi avatar Sep 27 '22 17:09 git-hyagi

We did some tests and could make the validation through the admission controller work, but decided to not enable it yet.

To enable the validation webhooks users would need to first configure a certificate that needs to be trusted by api pods. We checked some ways to achieve this:

  • through service certificate in OCP environments
  • by manually installing cert-manager
  • by manually installing cert-manager-operator in OCP environments
  • by manually creating and configuring the certificates and CA

Considering that any of the above alternatives would be another burden for the operator adoption, we decided to not merge #658 into main yet.

git-hyagi avatar Oct 04 '22 14:10 git-hyagi