THREESCALE-14652 Prevent perpetual reconcile by hardcoding K8s-defaulted fields in component specs#1174
Open
urbanikb wants to merge 1 commit into3scale:masterfrom
Open
THREESCALE-14652 Prevent perpetual reconcile by hardcoding K8s-defaulted fields in component specs#1174urbanikb wants to merge 1 commit into3scale:masterfrom
urbanikb wants to merge 1 commit into3scale:masterfrom
Conversation
urbanikb
force-pushed
the
THREESCALE-14652
branch
3 times, most recently
from
f0e8544 to
2efbfb9
Compare
Contributor
Author
|
@tkan145 the required tests on prow are failing due to CI already using go 1.25 Other than this the PR is ready for review. I will rebase this on master when #1173 is merged to clear the CI errors. |
urbanikb
changed the title
urbanikb
changed the title
urbanikb
changed the title
…ponent specs
The K8s API server fills zero-value fields with defaults when a resource is
written. Mutators using reflect.DeepEqual then see a mismatch between the
desired spec (Go zero values) and the live spec (K8s-filled defaults),
triggering an update on every reconcile cycle.
Explicitly set all K8s-defaulted fields in every component Deployment spec:
- Probe fields: Scheme, TimeoutSeconds, PeriodSeconds, SuccessThreshold,
FailureThreshold
- Container / init-container fields: TerminationMessagePath,
TerminationMessagePolicy, ImagePullPolicy (init containers are most
sensitive — DeploymentPodInitContainerMutator does a full struct DeepEqual)
- Pod spec fields: RestartPolicy, DNSPolicy, SecurityContext,
TerminationGracePeriodSeconds, SchedulerName
- Volume source fields: DefaultMode on Secret, ConfigMap, and Projected
volume sources
- Use nil (not []T{}) for optional volume/volumemount slices so
reflect.DeepEqual treats K8s-normalised absent and locally-absent the same
Extend UpdateResource to log the object's namespace and APIManager owner
name as structured fields, enabling the integration test's ReconcileCounter
to attribute each Deployment update to the correct CR instance.
Add ReconcileCounter and verifyNoDeploymentUpdates to the integration test
suite to assert ≤50 total Deployment update calls per APIManager install,
providing a regression test for this class of bug.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Codecov Report❌ Patch coverage is Additional details and impacted files@@ Coverage Diff @@
## master #1174 +/- ##
==========================================
+ Coverage 41.84% 44.28% +2.43%
==========================================
Files 203 204 +1
Lines 20859 21087 +228
==========================================
+ Hits 8729 9338 +609
+ Misses 11350 10947 -403
- Partials 780 802 +22
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
|
PR needs rebase. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
https://redhat.atlassian.net/browse/THREESCALE-14652
Summary
Fixes perpetual Deployment update loops caused by the K8s API server silently filling zero-value fields with defaults on write. Mutators using
reflect.DeepEqualthen always see a mismatch between the desired spec (Go zero values) and the live spec (K8s-filled defaults), triggering an update on every reconcile cycle.Root cause fields explicitly set in all component Deployment specs:
Scheme,TimeoutSeconds,PeriodSeconds,SuccessThreshold,FailureThresholdTerminationMessagePath,TerminationMessagePolicy,ImagePullPolicy(init containers most sensitive —DeploymentPodInitContainerMutatordoes a full structDeepEqual)RestartPolicy,DNSPolicy,SecurityContext,TerminationGracePeriodSeconds,SchedulerNameDefaultModeonSecret,ConfigMap, andProjectedvolume sourcesnil(not[]T{}) for optional volume/volumemount slicesObservability:
UpdateResourcenow logsnamespaceand APIManager ownernameas structured fields, enabling the integration test counter to attribute each Deployment update to the correct CR instance.Regression test:
ReconcileCounter+verifyNoDeploymentUpdatesassert that total Deployment update calls per APIManager install stay within[1, 50]. The floor of 1 guards against a silent counter misconfiguration; the ceiling of 50 stays well below what the perpetual-reconcile bug produced (hundreds of updates per install).Test plan
WATCH_NAMESPACE=dummy make test-integrationTotalbetween 1 and 50🤖 Generated with Claude Code