Merge pull request #8243 from sbueringer/pr-ssa-improve-caching

k8s-ci-robot · web-flow · commit 88c526105405 · 2023-03-09T06:04:03.000-08:00
✨ SSA: improve request caching
diff --git a/controlplane/kubeadm/internal/controllers/helpers.go b/controlplane/kubeadm/internal/controllers/helpers.go
@@ -306,7 +306,7 @@ func (r *KubeadmControlPlaneReconciler) updateExternalObject(ctx context.Context
 	// Update annotations
 	updatedObject.SetAnnotations(kcp.Spec.MachineTemplate.ObjectMeta.Annotations)
 
-	if err := ssa.Patch(ctx, r.Client, kcpManagerName, updatedObject); err != nil {
+	if err := ssa.Patch(ctx, r.Client, kcpManagerName, updatedObject, ssa.WithCachingProxy{Cache: r.ssaCache, Original: obj}); err != nil {
 		return errors.Wrapf(err, "failed to update %s", obj.GetObjectKind().GroupVersionKind().Kind)
 	}
 	return nil
diff --git a/internal/util/ssa/patch.go b/internal/util/ssa/patch.go
@@ -20,9 +20,13 @@ import (
 	"context"
 
 	"github.com/pkg/errors"
+	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/apimachinery/pkg/runtime"
 	"k8s.io/klog/v2"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/apiutil"
+
+	"sigs.k8s.io/cluster-api/internal/contract"
 )
 
 // Option is the interface for configuration that modifies Options for a patch request.
@@ -64,11 +68,18 @@ func Patch(ctx context.Context, c client.Client, fieldManager string, modified c
 		opt.ApplyToOptions(options)
 	}
 
+	// Convert the object to unstructured and filter out fields we don't
+	// want to set (e.g. metadata creationTimestamp).
+	// Note: This is necessary to avoid continuous reconciles.
+	modifiedUnstructured, err := prepareModified(c.Scheme(), modified)
+	if err != nil {
+		return err
+	}
+
 	var requestIdentifier string
-	var err error
 	if options.WithCachingProxy {
 		// Check if the request is cached.
-		requestIdentifier, err = ComputeRequestIdentifier(c.Scheme(), options.Original, modified)
+		requestIdentifier, err = ComputeRequestIdentifier(c.Scheme(), options.Original, modifiedUnstructured)
 		if err != nil {
 			return errors.Wrapf(err, "failed to apply object")
 		}
@@ -81,25 +92,63 @@ func Patch(ctx context.Context, c client.Client, fieldManager string, modified c
 		}
 	}
 
-	gvk, err := apiutil.GVKForObject(modified, c.Scheme())
+	gvk, err := apiutil.GVKForObject(modifiedUnstructured, c.Scheme())
 	if err != nil {
-		return errors.Wrapf(err, "failed to apply object: failed to get GroupVersionKind of modified object %s", klog.KObj(modified))
+		return errors.Wrapf(err, "failed to apply object: failed to get GroupVersionKind of modified object %s", klog.KObj(modifiedUnstructured))
 	}
 
 	patchOptions := []client.PatchOption{
 		client.ForceOwnership,
 		client.FieldOwner(fieldManager),
 	}
-	if err := c.Patch(ctx, modified, client.Apply, patchOptions...); err != nil {
-		return errors.Wrapf(err, "failed to apply %s %s", gvk.Kind, klog.KObj(modified))
+	if err := c.Patch(ctx, modifiedUnstructured, client.Apply, patchOptions...); err != nil {
+		return errors.Wrapf(err, "failed to apply %s %s", gvk.Kind, klog.KObj(modifiedUnstructured))
+	}
+
+	// Write back the modified object so callers can access the patched object.
+	if err := c.Scheme().Convert(modifiedUnstructured, modified, ctx); err != nil {
+		return errors.Wrapf(err, "failed to write modified object")
 	}
 
 	if options.WithCachingProxy {
 		// If the SSA call did not update the object, add the request to the cache.
-		if options.Original.GetResourceVersion() == modified.GetResourceVersion() {
+		if options.Original.GetResourceVersion() == modifiedUnstructured.GetResourceVersion() {
 			options.Cache.Add(requestIdentifier)
 		}
 	}
 
 	return nil
 }
+
+// prepareModified converts obj into an Unstructured and filters out undesired fields.
+func prepareModified(scheme *runtime.Scheme, obj client.Object) (*unstructured.Unstructured, error) {
+	u := &unstructured.Unstructured{}
+	switch obj.(type) {
+	case *unstructured.Unstructured:
+		u = obj.DeepCopyObject().(*unstructured.Unstructured)
+	default:
+		if err := scheme.Convert(obj, u, nil); err != nil {
+			return nil, errors.Wrap(err, "failed to convert object to Unstructured")
+		}
+	}
+
+	// Only keep the paths that we have opinions on.
+	FilterObject(u, &FilterObjectInput{
+		AllowedPaths: []contract.Path{
+			// apiVersion, kind, name and namespace are required field for a server side apply intent.
+			{"apiVersion"},
+			{"kind"},
+			{"metadata", "name"},
+			{"metadata", "namespace"},
+			// uid is optional for a server side apply intent but sets the expectation of an object getting created or a specific one updated.
+			{"metadata", "uid"},
+			// our controllers only have an opinion on labels, annotation, finalizers ownerReferences and spec.
+			{"metadata", "labels"},
+			{"metadata", "annotations"},
+			{"metadata", "finalizers"},
+			{"metadata", "ownerReferences"},
+			{"spec"},
+		},
+	})
+	return u, nil
+}
diff --git a/internal/util/ssa/patch_test.go b/internal/util/ssa/patch_test.go
@@ -18,11 +18,15 @@ package ssa
 
 import (
 	"testing"
+	"time"
 
 	. "github.com/onsi/gomega"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
+	"k8s.io/utils/pointer"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	clusterv1 "sigs.k8s.io/cluster-api/api/v1beta1"
 	"sigs.k8s.io/cluster-api/internal/test/builder"
 )
 
@@ -33,47 +37,135 @@ func TestPatch(t *testing.T) {
 	ns, err := env.CreateNamespace(ctx, "ssa")
 	g.Expect(err).ToNot(HaveOccurred())
 
-	// Build the test object to work with.
-	initialObject := builder.TestInfrastructureCluster(ns.Name, "obj1").WithSpecFields(map[string]interface{}{
-		"spec.controlPlaneEndpoint.host": "1.2.3.4",
-		"spec.controlPlaneEndpoint.port": int64(1234),
-		"spec.foo":                       "bar",
-	}).Build()
-
-	fieldManager := "test-manager"
-	ssaCache := NewCache()
-
-	// Create the object
-	createObject := initialObject.DeepCopy()
-	g.Expect(Patch(ctx, env.GetClient(), fieldManager, createObject)).To(Succeed())
-
-	// Update the object and verify that the request was not cached as the object was changed.
-	// Get the original object.
-	originalObject := initialObject.DeepCopy()
-	g.Expect(env.Get(ctx, client.ObjectKeyFromObject(originalObject), originalObject))
-	// Modify the object
-	modifiedObject := initialObject.DeepCopy()
-	g.Expect(unstructured.SetNestedField(modifiedObject.Object, "baz", "spec", "foo")).To(Succeed())
-	// Compute request identifier, so we can later verify that the update call was not cached.
-	requestIdentifier, err := ComputeRequestIdentifier(env.GetScheme(), originalObject, modifiedObject)
-	g.Expect(err).ToNot(HaveOccurred())
-	// Update the object
-	g.Expect(Patch(ctx, env.GetClient(), fieldManager, modifiedObject, WithCachingProxy{Cache: ssaCache, Original: originalObject})).To(Succeed())
-	// Verify that request was not cached (as it changed the object)
-	g.Expect(ssaCache.Has(requestIdentifier)).To(BeFalse())
-
-	// Repeat the same update and verify that the request was cached as the object was not changed.
-	// Get the original object.
-	originalObject = initialObject.DeepCopy()
-	g.Expect(env.Get(ctx, client.ObjectKeyFromObject(originalObject), originalObject))
-	// Modify the object
-	modifiedObject = initialObject.DeepCopy()
-	g.Expect(unstructured.SetNestedField(modifiedObject.Object, "baz", "spec", "foo")).To(Succeed())
-	// Compute request identifier, so we can later verify that the update call was cached.
-	requestIdentifier, err = ComputeRequestIdentifier(env.GetScheme(), originalObject, modifiedObject)
-	g.Expect(err).ToNot(HaveOccurred())
-	// Update the object
-	g.Expect(Patch(ctx, env.GetClient(), fieldManager, modifiedObject, WithCachingProxy{Cache: ssaCache, Original: originalObject})).To(Succeed())
-	// Verify that request was cached (as it did not change the object)
-	g.Expect(ssaCache.Has(requestIdentifier)).To(BeTrue())
+	t.Run("Test patch with unstructured", func(t *testing.T) {
+		// Build the test object to work with.
+		initialObject := builder.TestInfrastructureCluster(ns.Name, "obj1").WithSpecFields(map[string]interface{}{
+			"spec.controlPlaneEndpoint.host": "1.2.3.4",
+			"spec.controlPlaneEndpoint.port": int64(1234),
+			"spec.foo":                       "bar",
+		}).Build()
+
+		fieldManager := "test-manager"
+		ssaCache := NewCache()
+
+		// 1. Create the object
+		createObject := initialObject.DeepCopy()
+		g.Expect(Patch(ctx, env.GetClient(), fieldManager, createObject)).To(Succeed())
+
+		// 2. Update the object and verify that the request was not cached as the object was changed.
+		// Get the original object.
+		originalObject := initialObject.DeepCopy()
+		g.Expect(env.GetAPIReader().Get(ctx, client.ObjectKeyFromObject(originalObject), originalObject))
+		// Modify the object
+		modifiedObject := initialObject.DeepCopy()
+		g.Expect(unstructured.SetNestedField(modifiedObject.Object, "baz", "spec", "foo")).To(Succeed())
+		// Compute request identifier, so we can later verify that the update call was not cached.
+		modifiedUnstructured, err := prepareModified(env.Scheme(), modifiedObject)
+		g.Expect(err).ToNot(HaveOccurred())
+		requestIdentifier, err := ComputeRequestIdentifier(env.GetScheme(), originalObject, modifiedUnstructured)
+		g.Expect(err).ToNot(HaveOccurred())
+		// Update the object
+		g.Expect(Patch(ctx, env.GetClient(), fieldManager, modifiedObject, WithCachingProxy{Cache: ssaCache, Original: originalObject})).To(Succeed())
+		// Verify that request was not cached (as it changed the object)
+		g.Expect(ssaCache.Has(requestIdentifier)).To(BeFalse())
+
+		// 3. Repeat the same update and verify that the request was cached as the object was not changed.
+		// Get the original object.
+		originalObject = initialObject.DeepCopy()
+		g.Expect(env.GetAPIReader().Get(ctx, client.ObjectKeyFromObject(originalObject), originalObject))
+		// Modify the object
+		modifiedObject = initialObject.DeepCopy()
+		g.Expect(unstructured.SetNestedField(modifiedObject.Object, "baz", "spec", "foo")).To(Succeed())
+		// Compute request identifier, so we can later verify that the update call was cached.
+		modifiedUnstructured, err = prepareModified(env.Scheme(), modifiedObject)
+		g.Expect(err).ToNot(HaveOccurred())
+		requestIdentifier, err = ComputeRequestIdentifier(env.GetScheme(), originalObject, modifiedUnstructured)
+		g.Expect(err).ToNot(HaveOccurred())
+		// Update the object
+		g.Expect(Patch(ctx, env.GetClient(), fieldManager, modifiedObject, WithCachingProxy{Cache: ssaCache, Original: originalObject})).To(Succeed())
+		// Verify that request was cached (as it did not change the object)
+		g.Expect(ssaCache.Has(requestIdentifier)).To(BeTrue())
+	})
+
+	t.Run("Test patch with Machine", func(t *testing.T) {
+		// Build the test object to work with.
+		initialObject := &clusterv1.Machine{
+			TypeMeta: metav1.TypeMeta{
+				APIVersion: clusterv1.GroupVersion.String(),
+				Kind:       "Machine",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      "machine-1",
+				Namespace: ns.Name,
+				Labels: map[string]string{
+					"label": "labelValue",
+				},
+				Annotations: map[string]string{
+					"annotation": "annotationValue",
+				},
+			},
+			Spec: clusterv1.MachineSpec{
+				ClusterName:      "cluster-1",
+				Version:          pointer.String("v1.25.0"),
+				NodeDrainTimeout: &metav1.Duration{Duration: 10 * time.Second},
+				Bootstrap: clusterv1.Bootstrap{
+					DataSecretName: pointer.String("data-secret"),
+				},
+			},
+		}
+		fieldManager := "test-manager"
+		ssaCache := NewCache()
+
+		// 1. Create the object
+		createObject := initialObject.DeepCopy()
+		g.Expect(Patch(ctx, env.GetClient(), fieldManager, createObject)).To(Succeed())
+		// Note: We have to patch the status here to explicitly set these two status fields.
+		// If we don't do it the Machine defaulting webhook will try to set the two fields to false.
+		// For an unknown reason this will happen with the 2nd update call (3.) below and not before.
+		// This means that this call would unexpectedly not cache the object because the resourceVersion
+		// is changed because the fields are set.
+		// It's unclear why those status fields are not already set during create (1.) or the first update (2.)
+		// (the webhook is returning patches for the two fields in those requests as well).
+		// To further investigate this behavior it would be necessary to debug the kube-apiserver.
+		// Fortunately, in reality this is not an issue as the fields will be set sooner or later and then
+		// the requests are cached.
+		createObjectWithStatus := createObject.DeepCopy()
+		createObjectWithStatus.Status.BootstrapReady = false
+		createObjectWithStatus.Status.InfrastructureReady = false
+		g.Expect(env.Status().Patch(ctx, createObjectWithStatus, client.MergeFrom(createObject)))
+
+		// 2. Update the object and verify that the request was not cached as the object was changed.
+		// Get the original object.
+		originalObject := initialObject.DeepCopy()
+		g.Expect(env.GetAPIReader().Get(ctx, client.ObjectKeyFromObject(originalObject), originalObject))
+		// Modify the object
+		modifiedObject := initialObject.DeepCopy()
+		modifiedObject.Spec.NodeDrainTimeout = &metav1.Duration{Duration: 5 * time.Second}
+		// Compute request identifier, so we can later verify that the update call was not cached.
+		modifiedUnstructured, err := prepareModified(env.Scheme(), modifiedObject)
+		g.Expect(err).ToNot(HaveOccurred())
+		requestIdentifier, err := ComputeRequestIdentifier(env.GetScheme(), originalObject, modifiedUnstructured)
+		g.Expect(err).ToNot(HaveOccurred())
+		// Update the object
+		g.Expect(Patch(ctx, env.GetClient(), fieldManager, modifiedObject, WithCachingProxy{Cache: ssaCache, Original: originalObject})).To(Succeed())
+		// Verify that request was not cached (as it changed the object)
+		g.Expect(ssaCache.Has(requestIdentifier)).To(BeFalse())
+
+		// 3. Repeat the same update and verify that the request was cached as the object was not changed.
+		// Get the original object.
+		originalObject = initialObject.DeepCopy()
+		g.Expect(env.GetAPIReader().Get(ctx, client.ObjectKeyFromObject(originalObject), originalObject))
+		// Modify the object
+		modifiedObject = initialObject.DeepCopy()
+		modifiedObject.Spec.NodeDrainTimeout = &metav1.Duration{Duration: 5 * time.Second}
+		// Compute request identifier, so we can later verify that the update call was cached.
+		modifiedUnstructured, err = prepareModified(env.Scheme(), modifiedObject)
+		g.Expect(err).ToNot(HaveOccurred())
+		requestIdentifier, err = ComputeRequestIdentifier(env.GetScheme(), originalObject, modifiedUnstructured)
+		g.Expect(err).ToNot(HaveOccurred())
+		// Update the object
+		g.Expect(Patch(ctx, env.GetClient(), fieldManager, modifiedObject, WithCachingProxy{Cache: ssaCache, Original: originalObject})).To(Succeed())
+		// Verify that request was cached (as it did not change the object)
+		g.Expect(ssaCache.Has(requestIdentifier)).To(BeTrue())
+	})
 }

Original file line number	Diff line number	Diff line change
`@@ -306,7 +306,7 @@ func (r *KubeadmControlPlaneReconciler) updateExternalObject(ctx context.Context`
`306`	`306`	`// Update annotations`
`307`	`307`	`updatedObject.SetAnnotations(kcp.Spec.MachineTemplate.ObjectMeta.Annotations)`
`308`	`308`
`309`		`- if err := ssa.Patch(ctx, r.Client, kcpManagerName, updatedObject); err != nil {`
	`309`	`+ if err := ssa.Patch(ctx, r.Client, kcpManagerName, updatedObject, ssa.WithCachingProxy{Cache: r.ssaCache, Original: obj}); err != nil {`
`310`	`310`	`return errors.Wrapf(err, "failed to update %s", obj.GetObjectKind().GroupVersionKind().Kind)`
`311`	`311`	`}`
`312`	`312`	`return nil`