Kubemci doesn't care about all the fields of all the GCP resources that it creates. Some fields are not specified, so the default value is used. This works great for initial-creation. When someone runs kubemci again, we check the settings for the resources and determine if the existing one "matches" the desired one. The question is, how to best handle fields that we did not explicitly specify?
Sometimes I added these extra fields to the "desired" resource (e.g HealthCheck), sometimes (e.g. BackendService) I only compared fields I was interested in (bad).
Firewall Rules: in-progress (PR#77). (see next paragraph)
In the end, @nikhiljindal and I thought we should:
-Add fields to the "desired" where it made sense to require the default value. (e.g. a firewall rule must be an INGRESS (not EGRESS) rule to make sense)
-Ignore fields where we decided it was okay to do so.
With this scheme, when a new field is added, by default we will not ignore its value. The tool will complain about not wanting to overwrite the resource without --force, until we make a code update.
nikhiljindal
commented
6 years ago
Kubemci doesn't care about all the fields of all the GCP resources that it creates. Some fields are not specified, so the default value is used. This works great for initial-creation. When someone runs kubemci again, we check the settings for the resources and determine if the existing one "matches" the desired one. The question is, how to best handle fields that we did not explicitly specify? Sometimes I added these extra fields to the "desired" resource (e.g HealthCheck), sometimes (e.g. BackendService) I only compared fields I was interested in (bad).
Here's the breakdown of how each resource is handled. Explicitly compares fields (not desirable, we should fix this): -BackendService https://github.com/GoogleCloudPlatform/k8s-multicluster-ingress/blob/master/app/kubemci/pkg/gcp/backendservice/backendservicesyncer.go
Added extra fields to "desired" -ForwardingRule: Fine as is (https://github.com/GoogleCloudPlatform/k8s-multicluster-ingress/commit/ed433cf3d52951c279a69de573182218a91829fe) -HealthCheck-> Needs fixing. Remove "kind". "proxyHeader" TBD.
No extra fields needed: -TargetProxy -UrlMap
Firewall Rules: in-progress (PR#77). (see next paragraph)
In the end, @nikhiljindal and I thought we should: -Add fields to the "desired" where it made sense to require the default value. (e.g. a firewall rule must be an INGRESS (not EGRESS) rule to make sense) -Ignore fields where we decided it was okay to do so. With this scheme, when a new field is added, by default we will not ignore its value. The tool will complain about not wanting to overwrite the resource without --force, until we make a code update.