Merge remote-tracking branch 'origin/main' into tg/support-provider-id-format-of-upstream-ccm

guettli · guettli · commit 343c68d64f1b · 2025-11-13T13:53:10.000+01:00
diff --git a/hack/update-operator-dev-deployment.sh b/hack/update-operator-dev-deployment.sh
@@ -83,6 +83,14 @@ tag="$(echo -n "$tag" | tr -c 'a-zA-Z0-9_.-' '-')"
 
 image="$image_path/caph-staging:$tag"
 
+# Fail if cluster-api-operator is running
+if kubectl get pods -A | grep -q cluster-api-operator; then
+    echo "Error: cluster-api-operator is running!"
+    echo "Changes to caph deployment and its CRDs would be reverted."
+    echo "Hint: Scale down replicas of the cluster-api-operator deployment."
+    exit 1
+fi
+
 # run in background
 {
     make generate-manifests
diff --git a/main.go b/main.go
@@ -28,6 +28,7 @@ import (
 	"time"
 
 	"github.com/spf13/pflag"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
 	clientgoscheme "k8s.io/client-go/kubernetes/scheme"
@@ -37,6 +38,7 @@ import (
 	"sigs.k8s.io/cluster-api/util/record"
 	ctrl "sigs.k8s.io/controller-runtime"
 	"sigs.k8s.io/controller-runtime/pkg/cache"
+	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/controller"
 	metricsserver "sigs.k8s.io/controller-runtime/pkg/metrics/server"
 	"sigs.k8s.io/controller-runtime/pkg/webhook"
@@ -91,6 +93,20 @@ var (
 	sshAfterInstallImage               bool
 )
 
+// strictManager is a ctrl.Manager that creates controller-runtime clients that enforce strict
+// schema validation. If a CRD's schema does not match the controller's schema, unexpected behavior
+// can occur. It's better to return an error than to perform a partial update where only some fields
+// are applied.  Related:
+// https://www.reddit.com/r/kubernetes/comments/1oqnn6v/schema_mismatch_between_controller_and_crd/
+type strictManager struct {
+	ctrl.Manager
+	strictClient client.Client
+}
+
+func (m *strictManager) GetClient() client.Client {
+	return m.strictClient
+}
+
 func main() {
 	fs := pflag.CommandLine
 	fs.StringVar(&metricsAddr, "metrics-bind-address", "localhost:8080", "The address the metric endpoint binds to.")
@@ -196,12 +212,17 @@ func main() {
 		})
 	}
 
-	mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), options)
+	origManager, err := ctrl.NewManager(ctrl.GetConfigOrDie(), options)
 	if err != nil {
 		setupLog.Error(err, "unable to start manager")
 		os.Exit(1)
 	}
 
+	mgr := &strictManager{
+		Manager:      origManager,
+		strictClient: client.WithFieldValidation(origManager.GetClient(), metav1.FieldValidationStrict),
+	}
+
 	// Initialize event recorder.
 	record.InitFromRecorder(mgr.GetEventRecorderFor("hetzner-controller"))
 
