OLS-1829: Detect change in specified BYOK images#1171
OLS-1829: Detect change in specified BYOK images#1171syedriko wants to merge 1 commit intoopenshift:mainfrom
Conversation
openshift-ci-robot
added
the
jira/valid-reference
|
@syedriko: This pull request references OLS-1829 which is a valid jira issue. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository. |
openshift-merge-robot
added
the
needs-rebase
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
syedriko
force-pushed
the
syedriko-ols-1829
branch
from
3db7729 to
1c15fa8
Compare
openshift-merge-robot
removed
the
needs-rebase
syedriko
force-pushed
the
syedriko-ols-1829
branch
11 times, most recently
from
09a7fb1 to
ba9750b
Compare
|
/retest |
syedriko
force-pushed
the
syedriko-ols-1829
branch
3 times, most recently
from
1ced66f to
dae62eb
Compare
|
/retest |
syedriko
force-pushed
the
syedriko-ols-1829
branch
from
dae62eb to
99dad6c
Compare
|
/retest |
|
/test bundle-e2e-4-20 |
syedriko
force-pushed
the
syedriko-ols-1829
branch
3 times, most recently
from
6e38915 to
26719f6
Compare
syedriko
force-pushed
the
syedriko-ols-1829
branch
from
49c08c2 to
3374dec
Compare
|
/retest |
syedriko
force-pushed
the
syedriko-ols-1829
branch
2 times, most recently
from
6a6fbf0 to
68a1b49
Compare
|
/retest |
syedriko
force-pushed
the
syedriko-ols-1829
branch
2 times, most recently
from
ca383ff to
653aaca
Compare
|
/retest |
syedriko
force-pushed
the
syedriko-ols-1829
branch
from
653aaca to
8a4bf20
Compare
|
/test bundle-e2e-4-20 |
syedriko
force-pushed
the
syedriko-ols-1829
branch
from
8a4bf20 to
c65bb52
Compare
|
/retest |
syedriko
force-pushed
the
syedriko-ols-1829
branch
from
c65bb52 to
1ae0320
Compare
openshift-merge-robot
added
the
needs-rebase
syedriko
force-pushed
the
syedriko-ols-1829
branch
from
1ae0320 to
da2c048
Compare
openshift-merge-robot
added
needs-rebase
syedriko
force-pushed
the
syedriko-ols-1829
branch
from
da2c048 to
075115a
Compare
openshift-merge-robot
removed
the
needs-rebase
syedriko
force-pushed
the
syedriko-ols-1829
branch
from
075115a to
55f171f
Compare
openshift-merge-robot
added
the
needs-rebase
syedriko
force-pushed
the
syedriko-ols-1829
branch
from
55f171f to
c32aa64
Compare
openshift-merge-robot
removed
the
needs-rebase
syedriko
force-pushed
the
syedriko-ols-1829
branch
2 times, most recently
from
6281413 to
c01d74e
Compare
syedriko
force-pushed
the
syedriko-ols-1829
branch
from
c01d74e to
62151b2
Compare
|
@syedriko: The following test failed, say
Full PR test history. Your PR dashboard. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here. |
| isName := utils.ImageStreamNameFor(rag.Image) | ||
| initContainerName := fmt.Sprintf("rag-%d", idx) | ||
| triggers = append(triggers, fmt.Sprintf(`{"from":{"kind":"ImageStreamTag","name":"%s:latest"},"fieldPath":"spec.template.spec.initContainers[?(@.name==\"%s\")].image"}`, isName, initContainerName)) | ||
| } |
There was a problem hiding this comment.
Problem: Line 56 builds JSON as a string using fmt.Sprintf(). This is fragile and error-prone.
The better option is
// Add struct definitions at top of file
type ImageTrigger struct {
From ImageTriggerFrom json:"from"
FieldPath string json:"fieldPath"
}
type ImageTriggerFrom struct {
Kind string json:"kind"
Name string json:"name"
}
// Updated function
func generateImageStreamTriggers(cr *olsv1alpha1.OLSConfig) (string, error) {
var triggers []ImageTrigger
for idx, rag := range cr.Spec.OLSConfig.RAG {
isName := utils.ImageStreamNameFor(rag.Image)
initContainerName := fmt.Sprintf("rag-%d", idx)
triggers = append(triggers, ImageTrigger{
From: ImageTriggerFrom{
Kind: "ImageStreamTag",
Name: fmt.Sprintf("%s:latest", isName),
},
FieldPath: fmt.Sprintf(spec.template.spec.initContainers[?(@.name=="%s")].image, initContainerName),
})
}
data, err := json.Marshal(triggers)
if err != nil {
return "", fmt.Errorf("marshal image triggers: %w", err)
}
return string(data), nil
}
| deployment.Spec.Template.Spec.ImagePullSecrets = cr.Spec.OLSConfig.ImagePullSecrets | ||
| } | ||
| deployment.Annotations[utils.OLSAppServerImageStreamTriggerAnnotation] = generateImageStreamTriggers(cr) | ||
| } |
There was a problem hiding this comment.
this requires error handling
triggers, err := generateImageStreamTriggers(cr)
if err != nil {
return nil, fmt.Errorf("generate image stream triggers: %w", err)
}
deployment.Annotations[utils.OLSAppServerImageStreamTriggerAnnotation] = triggers
|
|
||
| func DeploymentSpecEqual(a, b *appsv1.DeploymentSpec) bool { | ||
| func DeploymentSpecEqual(a, b *appsv1.DeploymentSpec, compareInitContainers bool) bool { | ||
| if !apiequality.Semantic.DeepEqual(a.Template.Spec.NodeSelector, b.Template.Spec.NodeSelector) || // check node selector |
There was a problem hiding this comment.
This looks like a breaking change in the API
Can you make sure it does not break anything else
| for _, rag := range cr.Spec.OLSConfig.RAG { | ||
| ragImages = append(ragImages, rag.Image) | ||
| } | ||
|
|
There was a problem hiding this comment.
Do we need images validation here?
| sum := sha1.Sum([]byte(image)) //nolint:gosec | ||
| sfx := hex.EncodeToString(sum[:])[:6] | ||
| return fmt.Sprintf("%s-%s", slug, sfx) | ||
| } |
There was a problem hiding this comment.
Function performs multiple string replacements and regex operations without explaining or documenting the Kubernetes name constraints it's trying to satisfy.
At least we need comments what we are doing here and why
We also need unit tests for this function
| if err := r.Update(ctx, updated); err != nil { | ||
| return fmt.Errorf("update ImageStream %q: %w", name, err) | ||
| } | ||
| } |
There was a problem hiding this comment.
This code seems suspicious
| err = testReconcilerInstance.Get(ctx, types.NamespacedName{Name: utils.ImageStreamNameFor(rag.Image), Namespace: testReconcilerInstance.GetNamespace()}, &is) | ||
| Expect(err).NotTo(HaveOccurred()) | ||
| } | ||
| }) |
There was a problem hiding this comment.
Missing Test Coverage:
No tests for generateImageStreamTriggers() - the JSON generation function
No tests for ImageStreamNameFor() - the name generation function
No tests for edge cases:
Multiple RAG entries with same image (deduplication)
Invalid image references
ImageStream update scenarios
Orphaned ImageStream cleanup
Empty RAG list
| Expect(appServerDeployment.Spec.Template.Spec.InitContainers[0].Image).To( | ||
| Equal(internalRegistyHostName + "/" + utils.OLSNamespaceDefault + "/" + imageName + "@" + digest), | ||
| ) | ||
| }) |
There was a problem hiding this comment.
Add documentation on this?
4 participants
Description
Implemented change detection for BYOK images.
Type of change
Related Tickets & Documents
Checklist before requesting a review
Testing