feat: add strategic merge patch of Pods via PodTemplateSpec (#862)

* feat: add strategic merge patch func for PodTemplateSpec * fix: include metadata in template patch CRD Set the controller-gen option to include embedded metadata in CRD fields, to allow patches to specify metadata changes. * fix: fixing code after breaking changes * chore: fixing more tests after breaking changes * chore: update KTF * chore: use SSA for CRDs * chore: more --server-side flags in tests * chore: fix skaffold builds for kubectl apply with SSA * chore: make PodTemplateSpec a pointer and fixing more tests after breaking changes * chore: fixing more tests after breaking changes * tests: fix e2e tests * chore: include changelog * Apply suggestions from code review Co-authored-by: Grzegorz Burzyński <[email protected]> Co-authored-by: Mattia Lavacca <[email protected]> * chore: cleanup tests for new PodTemplateSpec changes * fix: move strategic merges into deployment gen This patch moves the strategic merging (of PodTemplateSpec) into the generator code for ControlPlane and DataPlane deployments so that the logic of merging is connected with generation. This helped to highlight some incorrect assumptions in tests (we now merge over container resources, for instance) and helps keep the logic closer to reduce the risk of regressions in the future. * fix: patch test code for new merge strat * fix: blanket update check for podtemplatespec diff * fix: update deployments for any PodTemplateSpec change * fix: lint cleanup * fix: reduce nested make calls * fix: missing part of standard gwapi CRD url * fix: use go-cmp instead of reflect * fix: defaults and comparisons for deployments --------- Co-authored-by: Travis Raines <[email protected]> Co-authored-by: Shane Utt <[email protected]> Co-authored-by: Grzegorz Burzyński <[email protected]> Co-authored-by: Mattia Lavacca <[email protected]>
Kong · Jul 19, 2023 · ec5a314 · ec5a314
1 parent ec3a1f3
commit ec5a314
Show file tree

Hide file tree

Showing 73 changed files with 64,997 additions and 22,451 deletions.
diff --git a/.golangci.yaml b/.golangci.yaml
@@ -20,6 +20,7 @@ linters:
   - gci
   - gofmt
   - goimports
+  - gomodguard
   - gosec
   - gosimple
   - govet
@@ -72,6 +73,13 @@ linters-settings:
         disabled: true
   exhaustive:
     default-signifies-exhaustive: true
+  gomodguard:
+    blocked:
+      modules:
+      - github.com/pkg/errors:
+          recommendations:
+          - fmt
+          - errors
 issues:
   max-same-issues: 0
   fix: true
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -32,6 +32,15 @@
   [#849](https://github.com/Kong/gateway-operator/pull/849)
 - Bump Gateway API to v0.6.2 and enable Gateway API conformance testing.
   [#853](https://github.com/Kong/gateway-operator/pull/853)
+- Add `PodTemplateSpec` to `DeploymentOptions` to allow applying strategic merge
+  patcher on top of `Pod`s generated by the operator.
+  This is a **breaking change** which requires manual porting from `Pods` field
+  to `PodTemplateSpec`.
+  More info on strategic merge patch can be found in official Kubernetes docs at
+  [sig-api-machinery/strategic-merge-patch.md][strategic-merge-patch].
+  [#862](https://github.com/Kong/gateway-operator/pull/862)
+
+[strategic-merge-patch]: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-api-machinery/strategic-merge-patch.md
 
 ### Fixes
 

diff --git a/Makefile b/Makefile
@@ -296,9 +296,11 @@ check.rbacs: kic-role-generator
 # Build - Manifests
 # ------------------------------------------------------------------------------
 
+CRD_OPTIONS ?= "+crd:generateEmbeddedObjectMeta=true"
+
 .PHONY: manifests
 manifests: controller-gen ## Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-	$(CONTROLLER_GEN) rbac:roleName=manager-role crd webhook paths="./controllers/...;./$(APIS_DIR)/..." output:crd:artifacts:config=config/crd/bases
+	$(CONTROLLER_GEN) $(CRD_OPTIONS) rbac:roleName=manager-role webhook paths="./controllers/...;./$(APIS_DIR)/..." +output:crd:artifacts:config=config/crd/bases
 
 # ------------------------------------------------------------------------------
 # Build - Container Images
@@ -464,22 +466,15 @@ GATEWAY_API_VERSION ?= $(shell go list -m -f '{{ .Version }}' $(GATEWAY_API_PACK
 GATEWAY_API_CRDS_LOCAL_PATH = $(shell go env GOPATH)/pkg/mod/$(GATEWAY_API_PACKAGE)@$(GATEWAY_API_VERSION)/config/crd
 GATEWAY_API_REPO ?= kubernetes-sigs/gateway-api
 GATEWAY_API_RAW_REPO ?= https://raw.githubusercontent.com/$(GATEWAY_API_REPO)
-GATEWAY_API_CRDS_URL = github.com/$(GATEWAY_API_REPO)/config/crd/$(GATEWAY_API_RELEASE_CHANNEL)?ref=$(GATEWAY_API_VERSION)
+GATEWAY_API_CRDS_STANDARD_URL = github.com/$(GATEWAY_API_REPO)/config/crd/standard?ref=$(GATEWAY_API_VERSION)
+GATEWAY_API_CRDS_EXPERIMENTAL_URL = github.com/$(GATEWAY_API_REPO)/config/crd/experimental?ref=$(GATEWAY_API_VERSION)
 GATEWAY_API_RAW_REPO_URL = $(GATEWAY_API_RAW_REPO)/$(GATEWAY_API_VERSION)
 
-.PHONY: print-gateway-api-crds-url
-print-gateway-api-crds-url:
-	@echo $(GATEWAY_API_CRDS_URL)
-
-.PHONY: print-gateway-api-raw-repo-url
-print-gateway-api-raw-repo-url:
-	@echo $(GATEWAY_API_RAW_REPO_URL)
-
 .PHONY: generate.gateway-api-urls
 generate.gateway-api-urls:
-	CRDS_STANDARD_URL=$(shell GATEWAY_API_RELEASE_CHANNEL="" $(MAKE) print-gateway-api-crds-url)\
-		CRDS_EXPERIMENTAL_URL=$(shell GATEWAY_API_RELEASE_CHANNEL="experimental" $(MAKE) print-gateway-api-crds-url) \
-		RAW_REPO_URL=$(shell $(MAKE) print-gateway-api-raw-repo-url) \
+	CRDS_STANDARD_URL="$(GATEWAY_API_CRDS_STANDARD_URL)" \
+		CRDS_EXPERIMENTAL_URL="$(GATEWAY_API_CRDS_EXPERIMENTAL_URL)" \
+		RAW_REPO_URL="$(GATEWAY_API_RAW_REPO_URL)" \
 		INPUT=$(shell pwd)/internal/utils/cmd/generate-gateway-api-urls/gateway_consts.tmpl \
 		OUTPUT=$(shell pwd)/internal/utils/test/zz_generated_gateway_api.go \
 		go generate -tags=generate_gateway_api_urls ./internal/utils/cmd/generate-gateway-api-urls
@@ -533,10 +528,18 @@ _run:
 		-zap-time-encoding iso8601 \
 		-zap-log-level 2
 
+SKAFFOLD_RUN_PROFILE ?= dev
+
+.PHONY: _skaffold
+_skaffold: skaffold
+	$(SKAFFOLD) $(CMD) --port-forward=pods --profile=$(SKAFFOLD_PROFILE) $(SKAFFOLD_FLAGS)
+
 .PHONY: run.skaffold
-run.skaffold: _ensure-kong-system-namespace
-	TAG=$(TAG)-debug REPO_INFO=$(REPO_INFO) COMMIT=$(COMMIT) \
-		$(SKAFFOLD) dev --port-forward=pods --profile=dev
+run.skaffold:
+	TAG=$(TAG) REPO_INFO=$(REPO_INFO) COMMIT=$(COMMIT) \
+		CMD=dev \
+		SKAFFOLD_PROFILE=$(SKAFFOLD_RUN_PROFILE) \
+		$(MAKE) _skaffold
 
 .PHONY: debug
 debug: webhook-certs-dir manifests generate install _ensure-kong-system-namespace
@@ -558,7 +561,7 @@ debug.skaffold.continuous: _ensure-kong-system-namespace
 # Install CRDs into the K8s cluster specified in ~/.kube/config.
 .PHONY: install
 install: manifests kustomize
-	$(KUSTOMIZE) build config/crd | kubectl apply -f -
+	$(KUSTOMIZE) build config/crd | kubectl apply --server-side -f -
 
 # Uninstall CRDs from the K8s cluster specified in ~/.kube/config.
 # Call with ignore-not-found=true to ignore resource not found errors during deletion.

diff --git a/apis/v1alpha1/shared_types.go b/apis/v1alpha1/shared_types.go
@@ -19,10 +19,10 @@ type DeploymentOptions struct {
 	// +kubebuilder:default=1
 	Replicas *int32 `json:"replicas,omitempty"`
 
-	// Pods defines the Deployment's pods.
+	// PodTemplateSpec defines PodTemplateSpec for Deployment's pods.
 	//
 	// +optional
-	Pods PodsOptions `json:"pods,omitempty"`
+	PodTemplateSpec *corev1.PodTemplateSpec `json:"podTemplateSpec,omitempty"`
 }
 
 // Rollout defines options for rollouts.

diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go