fix: reconcileVersionUpgrade creates UpgradePolicy in seam-tenant-{cluster}#28
Merged
Conversation
When a drift-k8s-version-{cluster} DriftSignal arrives (emitted by
KubernetesVersionDriftLoop on the tenant conductor), create a corrective
UpgradePolicy (type=kubernetes, targetKubernetesVersion=spec.kubernetesVersion)
in seam-tenant-{cluster}. UpgradePolicyReconciler picks it up and submits
a kube-upgrade executor Job to bring the cluster back to declared state.
Routing: InfrastructureTalosCluster signals are now distinguished by name
prefix -- drift-k8s-version-* routes to handleKubernetesVersionDrift,
all others continue to handleTalosVersionDrift.
1 unit test: TestDriftSignalReconciler_K8sVersionDrift_CreatesUpgradePolicy.
All 7 DriftSignal unit tests pass.
…paths reconcileVersionUpgrade now derives UpgradePolicy type from which version fields are set: talosVersion only -> UpgradeTypeTalos (existing), kubernetesVersion only -> UpgradeTypeKubernetes, both -> UpgradeTypeStack. Two new unit tests: TestTalosCluster_VersionUpgrade_KubernetesOnly_CreatesKubePolicy and TestTalosCluster_VersionUpgrade_Stack_CreatesBothVersions. All 8 version upgrade tests pass.
…uster}
The UpgradePolicy was created in tc.Namespace (seam-system for imported
clusters). Conductor's stackUpgradeHandler reads the UpgradePolicy from
tenantNamespace(clusterRef) = seam-tenant-{cluster}, so the executor Job
looked in the wrong namespace and could not find the policy.
Fix: create UpgradePolicy in seam-tenant-{tc.Name} where the
platform-executor SA, talosconfig Secret, and Conductor executor all
already live. Closes STACK-UPGRADE-UP-NAMESPACE; STACK-UPGRADE-MGMT-SA
and STACK-UPGRADE-TALOSCONFIG-SCOPE are superseded.
Tests: update all UpgradePolicy namespace lookups to seam-tenant-ccs-mgmt.
… under seam.ontai.dev Defines TalosCluster under api/seam/v1alpha1 (seam.ontai.dev/v1alpha1). Removes the dead InfrastructureTalosCluster stub from api/v1alpha1. Adds seam.ontai.dev_talosclusters.yaml CRD manifest. Updates main.go, reconciler, and all consumer tests to the new type. Also adds CRD manifests for day-2 types produced during session 25.
…nder seam.ontai.dev
Replace seam-core -> seam in go.mod replace/require. Update all Go import paths from github.com/ontai-dev/seam-core/ to github.com/ontai-dev/seam/. Add seam-sdk replace + require. Update runnerconfig_cr.go type aliases to use post-MIGRATION-3.8 names (RunnerConfig, RunnerConfigSpec, RunnerConfigStatus).
Replace ../seam-core with ../seam following the seam-core -> seam filesystem rename. Module path github.com/ontai-dev/seam was already updated in Phase 4; this aligns the local path pointer.
…ontai.dev Update rbacPolicyGVK, rbacProfileGVK and APIGroups arrays from security.ontai.dev to guardian.ontai.dev in taloscluster_helpers.go and associated tests.
…names - Replace testdata/crds/infrastructure.ontai.dev_infrastructurerunnerconfigs.yaml with seam.ontai.dev_runnerconfigs.yaml (current seam CRD, same group/kind) - Comments: InfrastructureTalosCluster -> TalosCluster, InfrastructureTalosClusterOperationResult -> ClusterLog, seam-core -> seam (module/repo references, not schema doc names) All 3 platform test packages pass (unit, integration/capi, integration/day2).
Fresh documentation from current codebase. seam-core references replaced with seam. wrapper references replaced with dispatcher. TalosCluster and ClusterLog ownership under seam.ontai.dev clarified. platform.ontai.dev day-2 CRD catalog updated to match current Go types.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
reconcileVersionUpgradewas creating the UpgradePolicy intc.Namespace(seam-systemfor imported clusters)stackUpgradeHandlerreads the UpgradePolicy fromtenantNamespace(clusterRef)=seam-tenant-{cluster}-- namespace mismatch caused executor Job failure"seam-tenant-" + tc.Namewhere theplatform-executorSA, talosconfig Secret, and all conductor executor infrastructure already liveCloses
STACK-UPGRADE-UP-NAMESPACE(backlog)STACK-UPGRADE-MGMT-SA(superseded -- SA already exists in tenant ns)STACK-UPGRADE-TALOSCONFIG-SCOPE(superseded -- talosconfig already there)Test plan
seam-tenant-ccs-dev, executor Job runs in that namespace, conductor reads policy successfully