You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We were specify the tolerations for the podTemplateSpec through the field spec.podTemplateSpec.spec.tolerations but our configuration was overwritten by another field in the CR spec.tolerations without notice or warning.
Did you expect to see something different?
We expect our input to be rejected with clear error message up front, if the desired behavior of the handling of spec.podTemplateSpec.spec.tolerations is to be overwritten by spec.tolerations.
How to reproduce it (as minimally and precisely as possible):
One possible fix is to add a check in the admission webhook which rejects the CR if the field spec.podTemplateSpec.spec.tolerations is not empty.
An alternative is to add a error level log message near
The usage of PodTemplateSpec in cass-operator is generally undocumented and not recommended, there are multiple fields which are overwritten or modified without passing them directly to the pods and that's by design. For normal use cases, there should be no need to use PodTemplateSpec.
The controller-runtime does not allow warning validations in webhooks as of yet without a significant rewrite, until kubernetes-sigs/controller-runtime#1896 is implemented.
We would probably add a warning for all PodTemplateSpec usages. As of now, we do not intend to support it or ensure backwards compatibility when using PodTemplateSpec. If you have a real reason to use it which isn't supported otherwise in the CRD, please create a feature request.
What happened?
We were specify the
tolerations
for thepodTemplateSpec
through the fieldspec.podTemplateSpec.spec.tolerations
but our configuration was overwritten by another field in the CRspec.tolerations
without notice or warning.Did you expect to see something different?
We expect our input to be rejected with clear error message up front, if the desired behavior of the handling of
spec.podTemplateSpec.spec.tolerations
is to be overwritten byspec.tolerations
.How to reproduce it (as minimally and precisely as possible):
Environment
Cass Operator version:
* Kubernetes version information: `Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.1", GitCommit:"86ec240af8cbd1b60bcc4c03c20da9b98005b92e", GitTreeState:"clean", BuildDate:"2021-12-16T11:41:01Z", GoVersion:"go1.17.5", Compiler:"gc", Platform:"linux/amd64"}Server Version: version.Info{Major:"1", Minor:"24", GitVersion:"v1.24.0", GitCommit:"4ce5a8954017644c5420bae81d72b09b735c21f0", GitTreeState:"clean", BuildDate:"2022-05-19T15:39:43Z", GoVersion:"go1.18.1", Compiler:"gc", Platform:"linux/amd64"}` * Kubernetes cluster kind:v1.10.3
Shown above in the
reproduce
sectionAnything else we need to know?:
The root cause is at
cass-operator/pkg/reconciliation/construct_podtemplatespec.go
Line 635 in a6054d2
One possible fix is to add a check in the admission webhook which rejects the CR if the field
spec.podTemplateSpec.spec.tolerations
is not empty.An alternative is to add a error level log message near
cass-operator/pkg/reconciliation/construct_podtemplatespec.go
Line 635 in a6054d2
┆Issue is synchronized with this Jira Story by Unito
┆Issue Number: CASS-29
The text was updated successfully, but these errors were encountered: