Add helpers for StatefulSet container merging, raw ConfigMaps, and preserved Secrets#678
Open
lmiccini wants to merge 1 commit intoopenstack-k8s-operators:mainfrom
Open
Add helpers for StatefulSet container merging, raw ConfigMaps, and preserved Secrets#678lmiccini wants to merge 1 commit intoopenstack-k8s-operators:mainfrom
lmiccini wants to merge 1 commit intoopenstack-k8s-operators:mainfrom
Conversation
…eserved Secrets Three new utilities to reduce boilerplate in operator controllers: - statefulset.MergeContainersByName: merges container specs by name, preserving server-defaulted fields (TerminationMessagePath, ImagePullPolicy, StartupProbe, WorkingDir, etc.) to avoid unnecessary reconcile loops and pod restarts during operator migration. StatefulSet.CreateOrPatch now uses this instead of full Template replacement. - configmap.CreateOrPatchRawConfigMap: creates/patches a ConfigMap from raw map[string]string data without template rendering machinery. - secret.CreateOrPatchSecretPreserve: creates a Secret on first call and preserves existing Data on subsequent reconciles, useful for generated credentials that should not be rotated. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
lmiccini
force-pushed
the
drop_clusterop
branch
from
ea81823 to
df50ac7
Compare
stuggi
reviewed
Mar 27, 2026
| configMap.Labels = util.MergeStringMaps(configMap.Labels, lbls) | ||
| configMap.Data = data | ||
|
|
||
| err := controllerutil.SetControllerReference(obj, configMap, h.GetScheme()) |
Contributor
There was a problem hiding this comment.
maybe we also allow to skip setting owner ref if needed, by passing a SkipSetOwner
| } | ||
|
|
||
| op, err := controllerutil.CreateOrPatch(ctx, h.GetClient(), configMap, func() error { | ||
| configMap.Labels = util.MergeStringMaps(configMap.Labels, lbls) |
Contributor
There was a problem hiding this comment.
probably good to also pass annotations, we might need it for b/r, depending on the consumer/use case
Comment on lines
+210
to
+213
| name string, | ||
| namespace string, | ||
| data map[string]string, | ||
| lbls map[string]string, |
Contributor
There was a problem hiding this comment.
see my comments on the secret func
| ctx context.Context, | ||
| h *helper.Helper, | ||
| obj client.Object, | ||
| secret *corev1.Secret, |
Contributor
There was a problem hiding this comment.
here we pass a secret, in above CM case, we pass name, namespace, data, lb. should we also pass a cm for CreateOrPatchRawConfigMap ?
| s.StringData = secret.StringData | ||
| } | ||
|
|
||
| err := controllerutil.SetControllerReference(obj, s, h.GetScheme()) |
Contributor
There was a problem hiding this comment.
same as above should also allow via a param to skip setting controller ref
| // (e.g. TerminationMessagePath, ImagePullPolicy) and avoid | ||
| // unnecessary reconcile loops. Fall back to full replacement if | ||
| // container sets don't match by name. | ||
| if !MergeContainersByName( |
Contributor
There was a problem hiding this comment.
why are we returning a bool, instead of just doing the merge?
func MergeContainersByName(existing, desired []corev1.Container) {
...
}
// No if statement needed. The function updates the existing object's memory.
MergeContainersByName(
statefulset.Spec.Template.Spec.Containers,
s.statefulset.Spec.Template.Spec.Containers,
)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Three new utilities to reduce boilerplate in operator controllers:
statefulset.MergeContainersByName: merges container specs by name, preserving server-defaulted fields (TerminationMessagePath, ImagePullPolicy, etc.) to avoid unnecessary reconcile loops. StatefulSet.CreateOrPatch now uses this instead of full Template replacement.
configmap.CreateOrPatchRawConfigMap: creates/patches a ConfigMap from raw map[string]string data without template rendering machinery.
secret.CreateOrPatchSecretPreserve: creates a Secret on first call and preserves existing Data on subsequent reconciles, useful for generated credentials that should not be rotated.