Skip to content

🐛 Relax minLength for bootstrap.dataSecretName to 0 #12164

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 9, 2025
Merged

🐛 Relax minLength for bootstrap.dataSecretName to 0 #12164

merged 1 commit into from
May 9, 2025

Conversation

mboersma
Copy link
Contributor

@mboersma mboersma commented May 7, 2025
edited
Loading

What this PR does / why we need it:

Changes the validation for Machine spec's bootstrap.dataSecretName to // +kubebuilder:validation:MinLength=0. This allows an empty string, which is an existing use case for managed MachinePools.

Which issue(s) this PR fixes:

Fixes #12161

/area bootstrap

@k8s-ci-robot k8s-ci-robot added area/bootstrap Issues or PRs related to bootstrap providers cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels May 7, 2025
@k8s-ci-robot k8s-ci-robot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label May 7, 2025
@mboersma
Copy link
Contributor Author

mboersma commented May 7, 2025

/cc @sbueringer

@k8s-ci-robot k8s-ci-robot requested a review from sbueringer May 7, 2025 20:31
@nawazkh
Copy link
Member

nawazkh commented May 7, 2025

Thank you for this!
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 7, 2025
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 6c8de6c1cd29aca39dd336a0b4546570f37a6c26

@nawazkh nawazkh removed their assignment May 7, 2025
@tamalsaha tamalsaha mentioned this pull request May 8, 2025
Merged
3 tasks
sbueringer
sbueringer reviewed May 8, 2025
View reviewed changes
@sbueringer
Copy link
Member

/cherry-pick release-1.10

@k8s-infra-cherrypick-robot
Copy link

@sbueringer: once the present PR merges, I will cherry-pick it on top of release-1.10 in a new PR and assign it to you.

In response to this:

/cherry-pick release-1.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@sbueringer
Copy link
Member

@mboersma One question

enxebre
enxebre reviewed May 8, 2025
View reviewed changes
api/v1beta2/machine_types.go
@@ -696,7 +696,7 @@ type Bootstrap struct {
// dataSecretName is the name of the secret that stores the bootstrap data script.
// If nil, the Machine should remain in the Pending state.
// +optional
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:MinLength=0
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

consider make this not a pointer in v1beta2 based on the outcome of #12153 (comment)

Copy link
Member

@sbueringer sbueringer May 8, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that should not be part of this PR as this PR is a bug fix for a specific issue and we'll also backport it

@mboersma mboersma force-pushed the datasecretname-min-length-zero branch from 94e077b to 6597677 Compare May 8, 2025 13:10
@k8s-ci-robot k8s-ci-robot removed the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 8, 2025
@fabriziopandini
Copy link
Member

What is the use case for setting dataSecretName to ""?
TBH It doesn't seems a clean API to me

@mboersma
Copy link
Contributor Author

mboersma commented May 8, 2025
edited
Loading

What is the use case for setting dataSecretName to ""?

In an Azure managed MachinePool, for example, spec.template.spec.bootstrap.dataSecretName is not actually used, so our templates and tests and docs set it to an empty string in that case.

Now with CAPI v1.10.x, we see this error:

spec.template.spec.bootstrap.dataSecretName in body should be at least 1 chars long

We've had a couple customers report it already, even though we haven't finished integrating CAPI v1.10 yet because of this.

We can work around it in CAPZ by setting the dataSecretName to "unused" everywhere, but this seems more backward-compatible (intentionally or otherwise).

@sbueringer
Copy link
Member

I think we can debate what to do for v1beta2, but for v1beta1 we have to allow minLength=0 again and should make that change ASAP. Otherwise we keep a change in v1.10 that breaks MachinePool implementations across a few providers (which is definitely a breaking change, and we should not do that within v1beta1)

@sbueringer
Copy link
Member

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 8, 2025
@k8s-ci-robot
Copy link
Contributor

LGTM label has been added.

Git tree hash: 4c6ff23cbe7cde2f98278a40e38c44f611b46557

@richardcase
Copy link
Member

richardcase commented May 8, 2025
edited
Loading

In an Azure managed MachinePool, for example, spec.template.spec.bootstrap.dataSecretName is not actually used, so our templates and tests and docs set it to an empty string in that case.

This is a similar situation for AWS MachinePools

@sbueringer
Copy link
Member

sbueringer commented May 8, 2025
edited
Loading

In my opinion this is another reason why we should stop reusing the MachineSpec struct between MD and MP.

We would be able to clean this up for MD/MS/Machine without breaking MP if we wouldn't reuse the struct

(edit, ah nope, MachinePool Machines doesn't allow that...)

@damdo damdo mentioned this pull request May 8, 2025
Merged
5 tasks
damdo
damdo reviewed May 8, 2025
View reviewed changes
Copy link
Member

@damdo damdo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

Is there a specific approver for this, or is it you @sbueringer ?

@sbueringer
Copy link
Member

I would like to wait for a response from Fabrizio

@sbueringer
Copy link
Member

cc @fabriziopandini ^^

@fabriziopandini
Copy link
Member

I'm ok in unblocking this fix for v1beta1/v1.10, but I would like we seek for a better solution for v1beta2
/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: fabriziopandini

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label May 9, 2025
@k8s-ci-robot k8s-ci-robot merged commit 7e6eaac into kubernetes-sigs:main May 9, 2025
23 checks passed
@k8s-ci-robot k8s-ci-robot added this to the v1.11 milestone May 9, 2025
@k8s-infra-cherrypick-robot
Copy link

@sbueringer: #12164 failed to apply on top of branch "release-1.10":

Applying: Relax minLength for bootstrap.dataSecretName to 0
Using index info to reconstruct a base tree...
M	api/v1beta1/machine_types.go
A	api/v1beta2/machine_types.go
M	config/crd/bases/cluster.x-k8s.io_machinedeployments.yaml
M	config/crd/bases/cluster.x-k8s.io_machinepools.yaml
M	config/crd/bases/cluster.x-k8s.io_machines.yaml
M	config/crd/bases/cluster.x-k8s.io_machinesets.yaml
Falling back to patching base and 3-way merge...
Auto-merging config/crd/bases/cluster.x-k8s.io_machinesets.yaml
CONFLICT (content): Merge conflict in config/crd/bases/cluster.x-k8s.io_machinesets.yaml
Auto-merging config/crd/bases/cluster.x-k8s.io_machines.yaml
CONFLICT (content): Merge conflict in config/crd/bases/cluster.x-k8s.io_machines.yaml
Auto-merging config/crd/bases/cluster.x-k8s.io_machinepools.yaml
CONFLICT (content): Merge conflict in config/crd/bases/cluster.x-k8s.io_machinepools.yaml
Auto-merging config/crd/bases/cluster.x-k8s.io_machinedeployments.yaml
CONFLICT (content): Merge conflict in config/crd/bases/cluster.x-k8s.io_machinedeployments.yaml
CONFLICT (modify/delete): api/v1beta2/machine_types.go deleted in HEAD and modified in Relax minLength for bootstrap.dataSecretName to 0. Version Relax minLength for bootstrap.dataSecretName to 0 of api/v1beta2/machine_types.go left in tree.
Auto-merging api/v1beta1/machine_types.go
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 Relax minLength for bootstrap.dataSecretName to 0

In response to this:

/cherry-pick release-1.10

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@tamalsaha
Copy link

Thanks! Can we get v1.10.2?

@chrischdi
Copy link
Member

Thanks! Can we get v1.10.2?

It first needs a PR to cherry-pick it to release-1.10 branch.

If I'm right and plans do not change, v1.10.2 is planned to be released on 20th may.

https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/release/releases/release-1.11.md

@tamalsaha
Copy link

tamalsaha commented May 9, 2025
edited
Loading

I see. An earlier patch release will be much appreciated as v0.10.x release of capz/capg/capa all are blocked on this pr.

@sbueringer
Copy link
Member

sbueringer commented May 9, 2025
edited
Loading

I think you have to discuss this with the release team.

Btw this could have been detected earlier by bumping to beta.0 or any of the subsequent pre releases.

@sbueringer
Copy link
Member

Can someone open a manual cherry-pick for release-1.10 please?

@sbueringer
Copy link
Member

I'm ok in unblocking this fix for v1beta1/v1.10, but I would like we seek for a better solution for v1beta2 /approve

@richardcase @mboersma Can one of you please open an issue for that?

I'll then link it accordingly in the v1beta2 & "Graduate MachinePool" umbrella issues.

@richardcase
Copy link
Member

I'm ok in unblocking this fix for v1beta1/v1.10, but I would like we seek for a better solution for v1beta2

I'll add it to the list tracking issue for v1beta2 machinepools

@richardcase richardcase mentioned this pull request May 9, 2025
Open
16 tasks
@mboersma mboersma deleted the datasecretname-min-length-zero branch May 9, 2025 12:53
@damdo
Copy link
Member

damdo commented May 9, 2025

Here is the backport PR @sbueringer #12180

@damdo damdo mentioned this pull request May 9, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enxebre enxebre enxebre left review comments

@sbueringer sbueringer sbueringer left review comments

@richardcase richardcase Awaiting requested review from richardcase

@vincepri vincepri Awaiting requested review from vincepri

+1 more reviewer

@damdo damdo damdo left review comments

Reviewers whose approvals may not affect merge requirements
Assignees

@sbueringer sbueringer

@damdo damdo

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/bootstrap Issues or PRs related to bootstrap providers cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.
Projects
None yet
Milestone
v1.11
Development

Successfully merging this pull request may close these issues.

v1.10 MinLength validation breaks managed MPs