Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Re-fetch the VM secret userdata if it was changed #211

Merged
merged 1 commit into from
Mar 28, 2023
Merged

Re-fetch the VM secret userdata if it was changed #211

merged 1 commit into from
Mar 28, 2023

Conversation

rgolangh
Copy link
Contributor

@rgolangh rgolangh commented Nov 28, 2022
edited
Loading

What this PR does / why we need it:

After 24 hours the userdata secret for a VM contains an outdated value.

In order not to return a stale copy of a VM secret refetch it and store.

Which issue this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged): fixes #

Fixes: #169

Release notes:

Fetch the latest userdata secret of a VM if it is updated

@k8s-ci-robot k8s-ci-robot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. do-not-merge/invalid-commit-message Indicates that a PR should not merge because it has an invalid commit message. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Nov 28, 2022
@k8s-ci-robot
Copy link
Contributor

Welcome @rgolangh!

It looks like this is your first PR to kubernetes-sigs/cluster-api-provider-kubevirt 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/cluster-api-provider-kubevirt has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

@k8s-ci-robot k8s-ci-robot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Nov 28, 2022
@k8s-ci-robot k8s-ci-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. and removed size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. labels Nov 28, 2022
@davidvossel
Copy link
Contributor

/ok-to-test

@k8s-ci-robot k8s-ci-robot added the ok-to-test Indicates a non-member PR verified by an org member that is safe to test. label Nov 28, 2022
davidvossel
davidvossel reviewed Nov 28, 2022
View reviewed changes
Copy link
Contributor

@davidvossel davidvossel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i'm so glad to see this being addressed. thanks for the PR. I left some comments in line.

controllers/kubevirtmachine_controller.go Outdated
ctx.BootstrapDataSecret = bootstrapDataSecret
return nil
}
infraClusterClient.Get(ctx, bootstrapDataSecretKey, bootstrapDataSecret)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we need error checking here for this client command.

controllers/kubevirtmachine_controller.go Outdated
Comment on lines 587 to 590
if bootstrapDataSecret != nil && bytes.Compare(bootstrapDataSecret.Data["value"], value) == 0 {
ctx.BootstrapDataSecret = bootstrapDataSecret
return nil
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

isn't this similar to what the CreateOrUpdate function is supposed to be doing?

@k8s-ci-robot k8s-ci-robot added size/M Denotes a PR that changes 30-99 lines, ignoring generated files. and removed size/S Denotes a PR that changes 10-29 lines, ignoring generated files. labels Dec 20, 2022
nirarg
nirarg reviewed Dec 25, 2022
View reviewed changes
controllers/kubevirtmachine_controller.go Outdated
Comment on lines 572 to 578
err := infraClusterClient.Get(
ctx,
client.ObjectKey{Namespace: vmNamespace, Name: *ctx.Machine.Spec.Bootstrap.DataSecretName + "-userdata"},
bootstrapDataSecret)
if err != nil && !apierrors.IsNotFound(err) {
// not found means not created yet, that's ok. Other errors are something we can't handle.
return err
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this code really needed now?
There is no other usage for the "bootstrapDataSecret", and anyway the "CreateOrUpdate" func is going to be called

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good catch. Now that we are always updating the secret, I don't think we need this early exit check if the secret already exists.

nunnatsa
nunnatsa reviewed Mar 26, 2023
View reviewed changes
controllers/kubevirtmachine_controller_test.go Outdated
@@ -1063,6 +1063,36 @@ var _ = Describe("reconcile a kubevirt machine", func() {
Expect(err).ToNot(HaveOccurred())
Expect(out).To(Equal(ctrl.Result{RequeueAfter: 20 * time.Second}))
})

FIt("should fetch the latest bootstrap secret and update the machine context if changed", func() {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please change to It

@rgolangh rgolangh marked this pull request as ready for review March 26, 2023 14:21
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Mar 26, 2023
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/invalid-commit-message Indicates that a PR should not merge because it has an invalid commit message. label Mar 27, 2023
@nunnatsa
Copy link
Contributor

/lgtm
/approve

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 27, 2023
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: nunnatsa, rgolangh

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Mar 27, 2023
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 27, 2023
@nunnatsa
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 27, 2023
@rgolangh
Copy link
Contributor Author

/retest

@rgolangh
Rebuild the cloud-init userdata if the soure VM secret changed
73b73d1 
After 24 hours the userdata secret for a VM contains an outdated value.

We must refetch and update the cloud init secret with the latest data,
otherwise a node will fail the ignition stage.

Signed-off-by: Roy Golan <rgolan@redhat.com>
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 28, 2023
@nunnatsa
Copy link
Contributor

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Mar 28, 2023
@k8s-ci-robot k8s-ci-robot merged commit 3af4744 into kubernetes-sigs:main Mar 28, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidvossel davidvossel davidvossel left review comments

@nirarg nirarg nirarg left review comments

@nunnatsa nunnatsa nunnatsa left review comments

@qinqon qinqon Awaiting requested review from qinqon

@timothysc timothysc Awaiting requested review from timothysc

@agradouski agradouski Awaiting requested review from agradouski

Assignees

@nunnatsa nunnatsa

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. ok-to-test Indicates a non-member PR verified by an org member that is safe to test. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Authorization token for ignition server does not refresh
5 participants
@rgolangh @k8s-ci-robot @davidvossel @nunnatsa @nirarg