Skip to content

Create options secret before bd #4284

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 7 commits into from
Nov 12, 2025
Merged

Create options secret before bd #4284

merged 7 commits into from
Nov 12, 2025
+210 −245

Conversation

@weyfonk
Copy link
Contributor

@weyfonk weyfonk commented Nov 3, 2025

In order to prevent errors triggered by a missing or outdated options secret, the bundle controller now creates/updates it before creating/updating the bundle deployment owning it.

Updating bundle controller unit tests to fit with this new logic was easier after a bit of simplification, hence the additional diff.

Supersedes #3889.

Additional Information

Checklist

- [ ] I have updated the documentation via a pull request in the
fleet-docs repository.

@weyfonk weyfonk added this to Fleet Nov 3, 2025
@weyfonk weyfonk moved this to 👀 In review in Fleet Nov 3, 2025
@weyfonk weyfonk added this to the v2.13.1 milestone Nov 3, 2025
@weyfonk weyfonk mentioned this pull request Nov 3, 2025
Closed
1 task
@weyfonk weyfonk marked this pull request as ready for review November 3, 2025 12:59
@weyfonk weyfonk requested a review from a team as a code owner November 3, 2025 12:59
@weyfonk weyfonk force-pushed the create-options-secret-before-bd branch from f32934c to faf4260 Compare November 3, 2025 14:06
0xavi0
0xavi0 approved these changes Nov 7, 2025
View reviewed changes
Copy link
Contributor

@0xavi0 0xavi0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm... just a question in case I missed something

internal/cmd/controller/reconciler/bundle_controller.go
Comment on lines +370 to +373
// reference from its creation or latest update.
if op == controllerutil.OperationResultCreated {
if err := r.ensureOwnerReferences(ctx, bd, optionsSecret); err != nil {
return r.computeResult(ctx, logger, bundleOrig, bundle, "failed to ensure owner references are set in options secret", err)
Copy link
Contributor

@0xavi0 0xavi0 Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Question: What’s the advantage of setting the owner reference when calling manageOptionsSecret? That we skip this call in here when updating?

Copy link
Contributor Author

@weyfonk weyfonk Nov 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, that's the idea:

		// If the bundle deployment already existed and has simply been updated, the secret will already bear an owner
		// reference from its creation or latest update.

If the bundle has been updated, its owner reference should already be set by manageOptionsSecret, which created or updated the secret. This is an optimisation.

On the other hand, if the bundle was created, it did then not yet exist when manageOptionsSecret was called, hence the need to ensure the owner reference is set here.

@weyfonk weyfonk mentioned this pull request Nov 12, 2025
Open
weyfonk and others added 7 commits November 12, 2025 17:48
@weyfonk
Move get call with finalizer in output to separate function
cd1479b 
Getting a bundle and returning a bundle with a finalizer now lives in a
separate function to make test cases more concise, as that logic is
called a few times.
@weyfonk
Move content creation and update to separate function
1707e56 
This should clarify, from one place, where content creation and update
calls are made from and why.
@weyfonk
Validate creation and update of options secret
de51543 
Both cases are now covered, with comments for better readability.
@weyfonk
Add comments around options secrets deletion expectation calls
a249122 
A couple of comments clarify why those expectations exist, which should
make tests easier to maintain.
@aruiz14 @weyfonk
Fix race condition creating options secret
c9e03b2
@weyfonk
Create options secret before bundle deployment
3158330 
Based on an idea from rancher#3889 by Alejandro Ruiz, the bundle controller now
creates an options secret, if such a secret is needed, before the bundle
deployment which will end up owning it.
This should prevent some errors about missing secrets.
@weyfonk
Optimise owner reference setting on options secret
484774e 
Setting an owner reference pointing to a bundle deployment on its
options secret can be done when creating or updating the secret, if the
bundle deployment already exists. This works even if the bundle
deployment is outdated, to be subsequently updated, because its UID is
immutable.
This could save the bundle controller a few separate secret update
requests when repeatedly updating multiple bundle deployments.
@weyfonk weyfonk force-pushed the create-options-secret-before-bd branch from faf4260 to 484774e Compare November 12, 2025 16:48
@weyfonk weyfonk merged commit 5c164b8 into rancher:main Nov 12, 2025
22 checks passed
@github-project-automation github-project-automation bot moved this from 👀 In review to ✅ Done in Fleet Nov 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@0xavi0 0xavi0 0xavi0 approved these changes

Assignees

@weyfonk weyfonk

Labels

area/secrets kind/bug

Projects

Fleet
Status: Done

Milestone

v2.13.1

Development

Successfully merging this pull request may close these issues.

4 participants

@weyfonk @0xavi0 @kkaempf @aruiz14