search

neondatabase / autoscaling

Postgres vertical autoscaling in k8s
Apache License 2.0
142 stars 16 forks source link

neonvm-controller: Add '--skip-update-validation-for' #990

Open sharnoff opened 2 weeks ago

sharnoff commented 2 weeks ago

Copying the second commit's message:

This flag is a new escape hatch to allow arbitrary updates to an object, bypassing the webhook update validation (but still within the CRD).

Sometimes when trialing things on staging, we end up with objects in a bad state that can't be deleted because update validation fails when removing the finalizer (e.g., due to destructive CRD changes).

This PR comes in two parts:

  1. Refactoring — moving webhook setup in to the controller, so that it's easier to control from there
  2. Feature — adding the --skip-update-validation-for flag to neonvm-controller, and using our newfound control over webhooks to skip the update webhook for objects named with the flag.

Probably worth merging via rebase-and-merge.

Omrigan commented 2 hours ago

Does kubectl apply --validate=false do something different? From the man:

    --validate='strict':
    Must be one of: strict (or true), warn, ignore (or false).  "true" or "strict" will use a schema to validate the input and fail the request if invalid. It will perform server side validation if ServerSideFieldValidation is enabled on the api-server, but will fall back to less reliable client-side validation if not.        "warn" will warn about unknown or duplicate fields without blocking the request if server-side field validation is enabled on the API server, and behave as "ignore" otherwise.         "false" or "ignore" will not perform any schema validation, silently dropping any unknown or duplicate fields

I think it would be much more convenient to have a bypass method always-on.

sharnoff commented 2 hours ago

I didn't know about kubectl apply --validate=false, but the main benefit I was thinking of here was allowing neonvm-controller to make changes without validation. Specifically because:

Sometimes when trialing things on staging, we end up with objects in a bad state that can't be deleted because update validation fails when removing the finalizer (e.g., due to destructive CRD changes).

Could you elaborate on what you mean by

I think it would be much more convenient to have a bypass method always-on.

?