Open ziyue-101 opened 1 month ago
$ KCC_USE_DIRECT_RECONCILERS=GKEHubFeatureMembership ARTIFACTS=1 E2E_KUBE_TARGET=envtest RUN_E2E=1 E2E_GCP_TARGET=real go test -test.count=1 -timeout 1800s -v ./tests/e2e -run TestAll -run 'TestAllInSeries/fixtures/gkehubfeaturemembership' | tee log
-------redacted--------
--- PASS: TestAllInSeries (736.02s)
--- PASS: TestAllInSeries/fixtures (736.02s)
--- PASS: TestAllInSeries/fixtures/gkehubfeaturemembership (735.88s)
PASS
ok github.com/GoogleCloudPlatform/k8s-config-connector/tests/e2e 736.259s
mutable-but-unreadable-fields Applied a resource to a dev cluster, the resource doesn't have mutable-but-unreadable-fields
$ k apply -f temp.yaml
gkehubfeaturemembership.gkehub.cnrm.cloud.google.com/gkehubfeaturemembership-sample created
containercluster.container.cnrm.cloud.google.com/gkehubfeaturemembership-dep-acm created
gkehubfeature.gkehub.cnrm.cloud.google.com/gkehubfeaturemembership-dep-acm created
gkehubmembership.gkehub.cnrm.cloud.google.com/gkehubfeaturemembership-dep-acm created
service.serviceusage.cnrm.cloud.google.com/gkehubfeaturemembership-dep1-acm1 created
service.serviceusage.cnrm.cloud.google.com/gkehubfeaturemembership-dep2-acm created
service.serviceusage.cnrm.cloud.google.com/gkehubfeaturemembership-dep3-acm created
ziyue@kcc-dev:~/go/src/k8s-config-connector/pkg/test/resourcefixture/testdata/basic/gkehub/v1beta1$ k get gkehubfeaturemembership.gkehub.cnrm.cloud.google.com/gkehubfeaturemembership-sample
NAME AGE READY STATUS STATUS AGE
gkehubfeaturemembership-sample 19s
ziyue@kcc-dev:~/go/src/k8s-config-connector/pkg/test/resourcefixture/testdata/basic/gkehub/v1beta1$ k get gkehubfeaturemembership.gkehub.cnrm.cloud.google.com/gkehubfeaturemembership-sample -oyaml
apiVersion: gkehub.cnrm.cloud.google.com/v1beta1
kind: GKEHubFeatureMembership
metadata:
annotations:
cnrm.cloud.google.com/management-conflict-prevention-policy: none
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"gkehub.cnrm.cloud.google.com/v1beta1","kind":"GKEHubFeatureMembership","metadata":{"annotations":{},"name":"gkehubfeaturemembership-sample","namespace":"default"},"spec":{"configmanagement":{"configSync":{"git":{"policyDir":"config-connector","secretType":"none","syncBranch":"master","syncRepo":"https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit","syncRev":"HEAD","syncWaitSecs":"20"},"sourceFormat":"unstructured"},"hierarchyController":{"enableHierarchicalResourceQuota":true,"enablePodTreeLabels":true,"enabled":true},"policyController":{"auditIntervalSeconds":"20","enabled":true,"exemptableNamespaces":["test-namespace"],"logDeniesEnabled":true,"referentialRulesEnabled":true,"templateLibraryInstalled":true}},"featureRef":{"name":"gkehubfeaturemembership-dep-acm"},"location":"global","membershipRef":{"name":"gkehubfeaturemembership-dep-acm"},"projectRef":{"external":"projects/cnrm-ziyue"}}}
creationTimestamp: "2024-06-04T01:25:58Z"
generation: 1
managedFields:
- apiVersion: gkehub.cnrm.cloud.google.com/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:spec:
.: {}
f:configmanagement:
.: {}
f:configSync:
.: {}
f:git:
.: {}
f:policyDir: {}
f:secretType: {}
f:syncBranch: {}
f:syncRepo: {}
f:syncRev: {}
f:syncWaitSecs: {}
f:sourceFormat: {}
f:hierarchyController:
.: {}
f:enableHierarchicalResourceQuota: {}
f:enablePodTreeLabels: {}
f:enabled: {}
f:policyController:
.: {}
f:auditIntervalSeconds: {}
f:enabled: {}
f:exemptableNamespaces: {}
f:logDeniesEnabled: {}
f:referentialRulesEnabled: {}
f:templateLibraryInstalled: {}
f:featureRef:
.: {}
f:name: {}
f:location: {}
f:membershipRef:
.: {}
f:name: {}
f:projectRef:
.: {}
f:external: {}
manager: kubectl
operation: Update
time: "2024-06-04T01:25:58Z"
name: gkehubfeaturemembership-sample
namespace: default
resourceVersion: "389770236"
uid: dc7dafde-8610-44b8-b70f-bdc6a943c210
spec:
configmanagement:
configSync:
git:
policyDir: config-connector
secretType: none
syncBranch: master
syncRepo: https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit
syncRev: HEAD
syncWaitSecs: "20"
sourceFormat: unstructured
hierarchyController:
enableHierarchicalResourceQuota: true
enablePodTreeLabels: true
enabled: true
policyController:
auditIntervalSeconds: "20"
enabled: true
exemptableNamespaces:
- test-namespace
logDeniesEnabled: true
referentialRulesEnabled: true
templateLibraryInstalled: true
featureRef:
name: gkehubfeaturemembership-dep-acm
location: global
membershipRef:
name: gkehubfeaturemembership-dep-acm
projectRef:
external: projects/cnrm-ziyue
Verify that any custom diffs from the DCL controller are reflected in the direct path
The custom diff fields are HNC fields: https://source.corp.google.com/piper///depot/google3/cloud/graphite/mmv2/services/google/gkehub/hub_utils.go;l=264;bpv=1;bpt=1
make sure the CRD is backwards compatible The CRD only changes description format in config/crds/resources/apiextensions.k8s.io_v1_customresourcedefinition_gkehubfeaturememberships.gkehub.cnrm.cloud.google.com.yaml. Thus, it should not break anything
acquisition of resource works
The gkehubfeaturemembership resource only supports acquisition by name, which should be already handled by the base controller by doing a Find before Create https://github.com/GoogleCloudPlatform/k8s-config-connector/blob/5c145ea50e2acbf9c76dc940a011f510410053e5/pkg/controller/direct/directbase/directbase_controller.go#L305
container annotations
the resource doesn't support container annotations
/cc @haiyanmeng
check that the "special" directives here continue to be supported
with the state-into-spec: merge
, no additional fields are merged into spec. Thus, the new controller will not need to need to write status into spec.
$ k get GKEHubFeatureMembership gkehubfeaturemembership-sample -oyaml
apiVersion: gkehub.cnrm.cloud.google.com/v1beta1
kind: GKEHubFeatureMembership
metadata:
annotations:
cnrm.cloud.google.com/management-conflict-prevention-policy: none
cnrm.cloud.google.com/state-into-spec: merge
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"gkehub.cnrm.cloud.google.com/v1beta1","kind":"GKEHubFeatureMembership","metadata":{"annotations":{},"name":"gkehubfeaturemembership-sample","namespace":"default"},"spec":{"configmanagement":{"configSync":{"git":{"policyDir":"config-connector","secretType":"none","syncBranch":"master","syncRepo":"https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit","syncRev":"HEAD","syncWaitSecs":"20"},"sourceFormat":"unstructured"},"hierarchyController":{"enableHierarchicalResourceQuota":true,"enablePodTreeLabels":true,"enabled":true},"policyController":{"auditIntervalSeconds":"20","enabled":true,"exemptableNamespaces":["test-namespace"],"logDeniesEnabled":true,"referentialRulesEnabled":true,"templateLibraryInstalled":true}},"featureRef":{"name":"gkehubfeaturemembership-dep-acm"},"location":"global","membershipRef":{"name":"gkehubfeaturemembership-dep-acm"},"projectRef":{"external":"projects/cnrm-ziyue"}}}
creationTimestamp: "2024-06-04T01:25:58Z"
finalizers:
- cnrm.cloud.google.com/finalizer
- cnrm.cloud.google.com/deletion-defender
generation: 2
managedFields:
- apiVersion: gkehub.cnrm.cloud.google.com/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.: {}
f:kubectl.kubernetes.io/last-applied-configuration: {}
f:spec:
.: {}
f:configmanagement:
.: {}
f:configSync:
.: {}
f:git:
.: {}
f:policyDir: {}
f:secretType: {}
f:syncBranch: {}
f:syncRepo: {}
f:syncRev: {}
f:syncWaitSecs: {}
f:sourceFormat: {}
f:hierarchyController:
.: {}
f:enableHierarchicalResourceQuota: {}
f:enablePodTreeLabels: {}
f:enabled: {}
f:policyController:
.: {}
f:auditIntervalSeconds: {}
f:enabled: {}
f:exemptableNamespaces: {}
f:logDeniesEnabled: {}
f:referentialRulesEnabled: {}
f:templateLibraryInstalled: {}
f:featureRef:
.: {}
f:name: {}
f:location: {}
f:membershipRef:
.: {}
f:name: {}
f:projectRef:
.: {}
f:external: {}
manager: kubectl
operation: Update
time: "2024-06-04T01:25:58Z"
- apiVersion: gkehub.cnrm.cloud.google.com/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
f:cnrm.cloud.google.com/state-into-spec: {}
f:spec:
f:configmanagement:
f:policyController:
f:monitoring:
.: {}
f:backends: {}
f:version: {}
manager: cnrm-controller-manager
operation: Update
time: "2024-06-10T21:48:01Z"
- apiVersion: gkehub.cnrm.cloud.google.com/v1beta1
fieldsType: FieldsV1
fieldsV1:
f:status:
.: {}
f:conditions: {}
f:observedGeneration: {}
manager: cnrm-controller-manager
operation: Update
subresource: status
time: "2024-06-10T21:48:04Z"
name: gkehubfeaturemembership-sample
namespace: default
resourceVersion: "395175415"
uid: dc7dafde-8610-44b8-b70f-bdc6a943c210
spec:
configmanagement:
configSync:
git:
policyDir: config-connector
secretType: none
syncBranch: master
syncRepo: https://github.com/GoogleCloudPlatform/cloud-foundation-toolkit
syncRev: HEAD
syncWaitSecs: "20"
sourceFormat: unstructured
hierarchyController:
enableHierarchicalResourceQuota: true
enablePodTreeLabels: true
enabled: true
policyController:
auditIntervalSeconds: "20"
enabled: true
exemptableNamespaces:
- test-namespace
logDeniesEnabled: true
monitoring:
backends:
- PROMETHEUS
- CLOUD_MONITORING
referentialRulesEnabled: true
templateLibraryInstalled: true
version: 1.18.1
featureRef:
name: gkehubfeaturemembership-dep-acm
location: global
membershipRef:
name: gkehubfeaturemembership-dep-acm
projectRef:
external: projects/cnrm-ziyue
status:
conditions:
- lastTransitionTime: "2024-06-10T21:48:01Z"
message: The resource is up to date
reason: UpToDate
status: "True"
type: Ready
observedGeneration: 2
Checklist
Describe the feature or resource
Checklist for GKEHubFeatureMembership
direct
actuation. There may be some overlap on items. Not all of these will necessarily be applicable.Checklist for existing resources
Code & Reconcilliaiton
if foo != nil
checkKCC System
Kcc/controller-manager
(consistent with other controllers) in order for usage telemetry to workCRD
Special Labels/ Directives support
General Labels/ Directives support
As taken from: https://github.com/maqiuyujoyce/k8s-config-connector/blob/master/pkg/k8s/constants.go
Container Annotations
Functional
References
Immutability
Webhooks
Testing
Additional information
No response
Importance
No response