[Lack of idempotency] ComputeInstance zero-delta updates returns: Cannot make changes on immutable fields: [networkInterface]

[tonybenchsci]

Issue

Same KCC configuration for ComputeInstance on subsequent applies (after initial creation) will return: admission webhook "deny-immutable-field-updates.cnrm.cloud.google.com" denied the request: Cannot make changes on immutable fields: [networkInterface]

Environment

kubectl version

Client Version: version.Info{Major:"1", Minor:"13", GitVersion:"v1.13.12", GitCommit:"a8b52209ee172232b6db7a6e0ce2adc77458829f", GitTreeState:"clean", BuildDate:"2019-10-15T12:12:15Z", GoVersion:"go1.11.13", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"13+", GitVersion:"v1.13.11-gke.23", GitCommit:"93457f9dac45d5f95c2c609232e1ff2343c72684", GitTreeState:"clean", BuildDate:"2020-01-14T06:01:01Z", GoVersion:"go1.12.11b4", Compiler:"gc", Platform:"linux/amd64"}

Tried K8s Config Connector versions

1.0.0
1.4.0

Steps to reproduce

Apply below file with kubectl apply -f es-data1.computeinstance.yaml

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeInstance
metadata:
  name: es-data1
spec:
  minCpuPlatform: "Intel Haswell"
  machineType: n1-highmem-8
  zone: us-east4-a
  networkInterface:
  - networkRef:
      name: default
  bootDisk:
    autoDelete: true
    deviceName: es-v35-data1
    initializeParams:
      sourceImageRef:
        external: https://www.googleapis.com/compute/v1/projects/<REDACTED>

Expected Behavior

computeinstance.compute.cnrm.cloud.google.com/es-data1 unchanged

Actual Behavior

admission webhook "deny-immutable-field-updates.cnrm.cloud.google.com" denied the request: Cannot make changes on immutable fields: [networkInterface]

Additional information

• The only way to get computeinstance.compute.cnrm.cloud.google.com/es-data1 unchanged is by kubectl get ... or going into the KCC cluster's "object browser" UI in GCP, copy the entire networkInterface spec that was created dynamically, and have KCC acquire these settings:

  networkInterface:
  - name: nic0
  networkIp: 10.128.0.19
  networkRef:
    external: https://www.googleapis.com/compute/v1/projects/<REDACTED>
  subnetworkProject: <REDACTED>
  subnetworkRef:
    name: default

• Deleting and re-creating the resource obviously works

[kibbles-n-bytes]

@tonybenchsci Thanks for making us aware of this. We're investigating what we can do on our end, and will update this issue once we have a plan in place.

[tonybenchsci]

@tonybenchsci Thanks for making us aware of this. We're investigating what we can do on our end, and will update this issue once we have a plan in place.

@kibbles-n-bytes any updates on this one? Thanks for v1.5.2 release btw (it's not listed in github code releases yet though, but I see it in gsutil)

[tonybenchsci]

bump. this is breaking our CloudBuild pipeline. Thanks for efforts.

[kibbles-n-bytes]

Hey @tonybenchsci , sorry for the delay. We have a release coming out today that will have a patch for this.

[kibbles-n-bytes]

1.6.1 is now released; please update and let us know if you're still having any issues!

[tonybenchsci]

Fixed! Thanks.