Examples for Server Side Apply

Signed-off-by: Hasan Turken <[email protected]>
crossplane-contrib · May 16, 2024 · b6ab42d · b6ab42d
1 parent befaab8
commit b6ab42d
Show file tree

Hide file tree

Showing 8 changed files with 77 additions and 27 deletions.
diff --git a/...ject/object-multiple-managing-single.yaml → examples/object/object-ssa-labeler.yaml b/...ject/object-multiple-managing-single.yaml → examples/object/object-ssa-labeler.yaml
@@ -2,36 +2,18 @@
 # It requires the provider to be started with the --enable-server-side-apply flag.
 apiVersion: kubernetes.crossplane.io/v1alpha2
 kind: Object
-metadata:
-  name: sample-service-owner
-spec:
-  forProvider:
-    manifest:
-      apiVersion: v1
-      kind: Service
-      metadata:
-        name: sample-service
-        namespace: default
-        labels:
-          example: "true"
-      spec:
-        selector:
-          app.kubernetes.io/name: MyApp
-        ports:
-          - protocol: TCP
-            port: 80
-            targetPort: 9376
-  providerConfigRef:
-    name: kubernetes-provider
----
-apiVersion: kubernetes.crossplane.io/v1alpha2
-kind: Object
 metadata:
   name: sample-service-labeler
+  annotations:
+    # Note(turkenh): Import restarts Crossplane pod losing the cached provider package
+    # hence preventing changes being redeployed with modified deployment runtime config.
+    uptest.upbound.io/disable-import: "true"
 spec:
   # Note: This resource will only patch/update the manifest below.
   # It will not delete or create the resource.
   # As a limitation, it will not clean up the changes it made during its deletion.
+  # This requires the Server Side Apply feature to be enabled in the provider
+  # with the --enable-server-side-apply flag.
   managementPolicies: ["Observe", "Update"]
   forProvider:
     manifest:
@@ -41,6 +23,6 @@ spec:
         name: sample-service
         namespace: default
         labels:
-          another: label
+          another-key: another-value
   providerConfigRef:
     name: kubernetes-provider
diff --git a/examples/object/object-ssa-owner.yaml b/examples/object/object-ssa-owner.yaml
@@ -0,0 +1,32 @@
+# Note: This example is for the alpha feature of server side apply.
+# It requires the provider to be started with the --enable-server-side-apply flag.
+apiVersion: kubernetes.crossplane.io/v1alpha2
+kind: Object
+metadata:
+  name: sample-service-owner
+  annotations:
+    uptest.upbound.io/pre-assert-hook: testhooks/enable-ssa.sh
+    uptest.upbound.io/post-assert-hook: testhooks/validate-ssa.sh
+    uptest.upbound.io/timeout: "60"
+    # Note(turkenh): Import restarts Crossplane pod losing the cached provider package
+    # hence preventing changes being redeployed with modified deployment runtime config.
+    uptest.upbound.io/disable-import: "true"
+spec:
+  forProvider:
+    manifest:
+      apiVersion: v1
+      kind: Service
+      metadata:
+        name: sample-service
+        namespace: default
+        labels:
+          some-key: some-value
+      spec:
+        selector:
+          app.kubernetes.io/name: MyApp
+        ports:
+          - protocol: TCP
+            port: 80
+            targetPort: 9376
+  providerConfigRef:
+    name: kubernetes-provider
diff --git a/examples/object/object-watching.yaml b/examples/object/object-watching.yaml
@@ -7,6 +7,9 @@ metadata:
   annotations:
     uptest.upbound.io/post-assert-hook: testhooks/validate-watching.sh
     uptest.upbound.io/timeout: "60"
+    # Note(turkenh): Import restarts Crossplane pod losing the cached provider package
+    # hence preventing changes being redeployed with modified deployment runtime config.
+    uptest.upbound.io/disable-import: "true"
 spec:
   # Watch for changes to the Namespace object.
   # Watching resources is an alpha feature and needs to be enabled with --enable-watches

diff --git a/examples/object/object.yaml b/examples/object/object.yaml
@@ -4,6 +4,9 @@ metadata:
   name: sample-namespace
   annotations:
     uptest.upbound.io/timeout: "60"
+    # Note(turkenh): Import restarts Crossplane pod losing the cached provider package
+    # hence preventing changes being redeployed with modified deployment runtime config.
+    uptest.upbound.io/disable-import: "true"
 spec:
   # Watch for changes to the Namespace object.
   # Watching resources is an alpha feature and needs to be enabled with --enable-watches

diff --git a/examples/object/testhooks/enable-ssa.sh b/examples/object/testhooks/enable-ssa.sh
@@ -0,0 +1,5 @@
+#!/usr/bin/env bash
+set -aeuo pipefail
+
+echo "Enabling ssa feature for the provider"
+${KUBECTL} patch deploymentruntimeconfig runtimeconfig-provider-kubernetes --type='json' -p='[{"op":"replace","path":"/spec/deploymentTemplate/spec/template/spec/containers/0/args", "value":["--debug", "--enable-server-side-apply"]}]'
diff --git a/examples/object/testhooks/validate-ssa.sh b/examples/object/testhooks/validate-ssa.sh
@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -aeuo pipefail
+
+# This script is used to validate the ssa feature, triggered by the
+# uptest framework via `uptest.upbound.io/post-assert-hook`: https://github.com/crossplane/uptest/tree/e64457e2cce153ada54da686c8bf96143f3f6329?tab=readme-ov-file#hooks
+
+LABELER_OBJECT="examples/object/object-ssa-labeler.yaml"
+${KUBECTL} apply -f ${LABELER_OBJECT}
+${KUBECTL} wait -f ${LABELER_OBJECT} --for condition=ready --timeout=1m
+
+if ! ${KUBECTL} get service sample-service -o jsonpath='{.metadata.annotations}' | grep -v "last-applied-configuration"; then # This annotation should not be present when SSA is enabled
+  echo "SSA validation failed! Annotation 'last-applied-configuration' should not exist when SSA is enabled!"
+  #exit 1
+fi
+if ! (${KUBECTL} get service sample-service -o jsonpath='{.metadata.labels.some-key}' | grep -q "some-value" && ${KUBECTL} get service sample-service -o jsonpath='{.metadata.labels.another-key}' | grep -q "another-value"); then
+  echo "SSA validation failed! Labels 'some-key' and 'another-key' from both Objects should exist with values 'some-value' and 'another-value' respectively!"
+  #exit 1
+fi
+echo "Successfully validated the SSA feature!"
+
+${KUBECTL} delete -f ${LABELER_OBJECT}
+
+echo "Disabling SSA feature for the provider"
+${KUBECTL} patch deploymentruntimeconfig runtimeconfig-provider-kubernetes --type='json' -p='[{"op":"replace","path":"/spec/deploymentTemplate/spec/template/spec/containers/0/args", "value":["--debug"]}]'
+
diff --git a/examples/object/testhooks/validate-watching.sh b/examples/object/testhooks/validate-watching.sh
@@ -14,7 +14,7 @@ fi
 echo "Enabling watch feature for the provider"
 ${KUBECTL} patch deploymentruntimeconfig runtimeconfig-provider-kubernetes --type='json' -p='[{"op":"replace","path":"/spec/deploymentTemplate/spec/template/spec/containers/0/args", "value":["--debug", "--enable-watches"]}]'
 
-sleep 3
+sleep 30
 
 echo "Patching referenced secret"
 ${KUBECTL} patch secret bar --type='merge' -p='{"stringData":{"key":"new-value"}}'

diff --git a/internal/controller/object/object.go b/internal/controller/object/object.go
@@ -259,7 +259,7 @@ type external struct {
 	kindObserver KindObserver
 }
 
-func (c *external) Observe(ctx context.Context, mg resource.Managed) (managed.ExternalObservation, error) {
+func (c *external) Observe(ctx context.Context, mg resource.Managed) (managed.ExternalObservation, error) { // nolint:gocyclo, mostly branches due to feature flags, hopefully will be refactored once they are promoted
 	cr, ok := mg.(*v1alpha2.Object)
 	if !ok {
 		return managed.ExternalObservation{}, errors.New(errNotKubernetesObject)