Skip to content

Track CustomContainerImages and prevent minor updates w/o images updates #1569

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 7, 2025
Merged

Track CustomContainerImages and prevent minor updates w/o images updates #1569

merged 1 commit into from
Oct 7, 2025

Conversation

@dprince
Copy link
Contributor

@dprince dprince commented Aug 18, 2025
edited by openshift-ci bot
Loading

Add tracking and validation to ensure CustomContainerImages are updated when changing targetVersion during minor updates:

  • Add TrackedCustomImages field to OpenStackVersionStatus to track CustomContainerImages used for each version
  • Implement validation webhook logic to prevent targetVersion updates when CustomContainerImages remain unchanged from previous version
  • Add helper functions for deep comparison of CustomContainerImages
  • Update controller to automatically track CustomContainerImages for each processed target version
  • Generate updated CRD manifests with new tracking field

This prevents inconsistent deployments where users update the target version but forget to update associated custom container images, ensuring proper version tracking and validation during minor updates.

Co-Authored-By: Claude [email protected]

Jira: OSPRH-19183

@openshift-ci openshift-ci bot requested review from abays and rebtoor August 18, 2025 16:22
@dprince
Copy link
Contributor Author

dprince commented Aug 18, 2025

letting CI run before I mark as draft. This is missing code to allow the user to override the restriction if they want to, essentially forcing the change regardless of the warning if they wish

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Aug 18, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/3226a8e13a484ce28308f2ef50e3fec7

✔️ openstack-k8s-operators-content-provider SUCCESS in 3h 17m 27s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 09m 26s
cifmw-crc-podified-edpm-baremetal FAILURE in 1h 45m 52s
✔️ adoption-standalone-to-crc-ceph-provider SUCCESS in 3h 01m 51s
✔️ openstack-operator-tempest-multinode SUCCESS in 1h 24m 51s

@dprince dprince marked this pull request as draft August 19, 2025 00:13
@dprince dprince force-pushed the tracked_custom_images branch from a760b91 to d5224a3 Compare August 19, 2025 12:23
@dprince dprince marked this pull request as ready for review August 19, 2025 12:23
@openshift-ci openshift-ci bot requested review from fultonj and stuggi August 19, 2025 12:24
@dprince dprince force-pushed the tracked_custom_images branch from d5224a3 to a4cbd4c Compare August 19, 2025 12:31
stuggi
stuggi reviewed Aug 19, 2025
View reviewed changes
@dprince dprince force-pushed the tracked_custom_images branch 2 times, most recently from dc96ab3 to 7730fca Compare August 28, 2025 23:37
abays
abays reviewed Sep 16, 2025
View reviewed changes
@dprince dprince force-pushed the tracked_custom_images branch from 7730fca to 2a416d7 Compare September 16, 2025 19:27
@dprince
Copy link
Contributor Author

dprince commented Sep 16, 2025

@abays @stuggi I did have a question on this. Should we perhaps remove the new annotation if set once the minor update completes. This would force the administrator to manually re-apply the annotation for each minor update to override the behavior

@softwarefactory-project-zuul
Copy link

softwarefactory-project-zuul bot commented Sep 16, 2025

Build failed (check pipeline). Post recheck (without leading slash)
to rerun all jobs. Make sure the failure cause has been resolved before
you rerun jobs.

https://softwarefactory-project.io/zuul/t/rdoproject.org/buildset/332b4e1f7f764474aa85e40e1132f0ba

openstack-k8s-operators-content-provider POST_FAILURE in 3h 24m 09s
✔️ podified-multinode-edpm-deployment-crc SUCCESS in 1h 16m 06s
✔️ cifmw-crc-podified-edpm-baremetal SUCCESS in 1h 37m 20s
adoption-standalone-to-crc-ceph-provider POST_FAILURE in 3h 09m 30s
✔️ openstack-operator-tempest-multinode SUCCESS in 1h 36m 31s

@stuggi
Copy link
Contributor

stuggi commented Sep 17, 2025

@abays @stuggi I did have a question on this. Should we perhaps remove the new annotation if set once the minor update completes. This would force the administrator to manually re-apply the annotation for each minor update to override the behavior

for safety mechanism I think that makes sense. We'd have to document that behavior in minor updates doc.

@dprince
Track CustomContainerImages and prevent minor updates without image c…
e97685d 
…hanges

Add tracking and validation to ensure CustomContainerImages are updated
when changing targetVersion during minor updates:

 - Add TrackedCustomImages field to OpenStackVersionStatus to track
   CustomContainerImages used for each version
 - Implement validation webhook logic to prevent targetVersion updates
   when CustomContainerImages remain unchanged from previous version
 - Add helper functions for deep comparison of CustomContainerImages
 - Update controller to automatically track CustomContainerImages
   for each processed target version
 - Generate updated CRD manifests with new tracking field

This prevents inconsistent deployments where users update the target
version but forget to update associated custom container images,
ensuring proper version tracking and validation during minor updates.

Users can skip all validations related to this commit by
setting the core.openstack.org/skip-custom-images-validation
metadata annotations.

Co-Authored-By: Claude <[email protected]>

Jira: OSPRH-19183
@dprince dprince force-pushed the tracked_custom_images branch from 2a416d7 to e97685d Compare September 17, 2025 15:50
stuggi
stuggi reviewed Sep 19, 2025
View reviewed changes
controllers/core/openstackversion_controller.go
instance.Status.DeployedVersion = &instance.Spec.TargetVersion

// Remove skip-custom-images-validation annotation after minor update completion
if instance.Annotations != nil {
Copy link
Contributor

@stuggi stuggi Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Won't this remove the annotation on any reconcile when the ctlplane is ready, not just when a minor update finished? Like I do the minor update, it finishes, after that I want to re-add the condition. Maybe we should do it above after the dataplane got the minor update?


instance.Status.Conditions.MarkTrue(
			corev1beta1.OpenStackVersionMinorUpdateDataplane,
			corev1beta1.OpenStackVersionMinorUpdateReadyMessage)

Copy link
Contributor Author

@dprince dprince Sep 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it would only remove the annotation if targetVersion != availableVersion. My intention with the annotation is that you would set it only when enabling a minor update. If we move it above after the dataplane gets update it is possible someone could set the annotation at anytime and it would persist until the next minor update and then it would skip the check blindly.

Copy link
Contributor

@stuggi stuggi Oct 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

right, thanks for clarification

stuggi
stuggi approved these changes Oct 1, 2025
View reviewed changes
Copy link
Contributor

@stuggi stuggi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@openshift-ci openshift-ci bot added the lgtm label Oct 1, 2025
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Oct 1, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: dprince, stuggi

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@stuggi
Copy link
Contributor

stuggi commented Oct 2, 2025

/retest

1 similar comment
@stuggi
Copy link
Contributor

stuggi commented Oct 3, 2025

/retest

@stuggi
Copy link
Contributor

stuggi commented Oct 6, 2025

/retest

1 similar comment
@stuggi
Copy link
Contributor

stuggi commented Oct 7, 2025

/retest

@openshift-merge-bot openshift-merge-bot bot merged commit 70a918b into openstack-k8s-operators:main Oct 7, 2025
9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@abays abays abays left review comments

@stuggi stuggi stuggi approved these changes

@rebtoor rebtoor Awaiting requested review from rebtoor

@fultonj fultonj Awaiting requested review from fultonj

Assignees

@stuggi stuggi

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dprince @stuggi @abays