metropolis: first pass API for reconfiguring cluster
This implements management.ConfigureCluster. This API is based around
Protobuf FieldMasks, which is a new thing in the Metropolis codebase
(node config mutation is performed via optional fields).
Whether this is the right way to do this is to be discussed.
Alternatives considered are:
1. Always insert a full new config, providing the old one as a base. The
downside of that is the potential conflicts that will spring up the
moment we have systems regularly mutate independent parts of the
config. Additionally, this might lead to some odd behaviour when
dealing with clients that don't have support for newer versions of
the config proto.
2. Use optional fields, like in Node role code. However, this has the
downside of duplicating protos (one for the config state, one for the
mutation request). Plus, protobuf optionals are still somewhat
unusual.
3. Provide individual requests for mutating fields (like with Node
labels). This also results in a lot of boilerplate code.
4. Something akin to JSON Patch, but for protobufs, which doesn't seem
to exist.
Change-Id: I42e5eabd42076e947f4bc8399b843e0e1fd48548
Reviewed-on: https://review.monogon.dev/c/monogon/+/3591
Tested-by: Jenkins CI
Reviewed-by: Tim Windelschmidt <tim@monogon.tech>
diff --git a/metropolis/proto/api/BUILD.bazel b/metropolis/proto/api/BUILD.bazel
index f90885a..294dcb8 100644
--- a/metropolis/proto/api/BUILD.bazel
+++ b/metropolis/proto/api/BUILD.bazel
@@ -17,6 +17,7 @@
"//osbase/logtree/proto:proto_proto",
"//osbase/net/proto:net_proto_proto",
"@protobuf//:duration_proto",
+ "@protobuf//:field_mask_proto",
],
)
diff --git a/metropolis/proto/api/management.proto b/metropolis/proto/api/management.proto
index f6900df..0302a79 100644
--- a/metropolis/proto/api/management.proto
+++ b/metropolis/proto/api/management.proto
@@ -3,6 +3,7 @@
option go_package = "source.monogon.dev/metropolis/proto/api";
import "google/protobuf/duration.proto";
+import "google/protobuf/field_mask.proto";
import "osbase/logtree/proto/logtree.proto";
import "metropolis/proto/common/common.proto";
@@ -117,6 +118,12 @@
need: PERMISSION_UPDATE_NODE_LABELS
};
}
+
+ rpc ConfigureCluster(ConfigureClusterRequest) returns (ConfigureClusterResponse) {
+ option (metropolis.proto.ext.authorization) = {
+ need: PERMISSION_CONFIGURE_CLUSTER
+ };
+ }
}
message GetRegisterTicketRequest {
@@ -506,3 +513,29 @@
message UpdateNodeLabelsResponse {
}
+message ConfigureClusterRequest {
+ // Base configuration to apply the change on. If set, the server will verify
+ // that the fields in this message (referenced by update_mask) have the same
+ // value as the current configuration. If there is a difference, an error will
+ // be returned and the configuration change will be aborted.
+ //
+ // This field _should_ be set to prevent race conditions with other clients
+ // attempting to mutate the configuration.
+ common.ClusterConfiguration base_config = 1;
+
+ // New configuration to set. Only fields referenced to by update_mask will be
+ // updated.
+ common.ClusterConfiguration new_config = 2;
+
+ // Fields that should be changed from the current state (and base config state,
+ // if set) into the new config state.
+ //
+ // Currently, only the following fields can be mutated:
+ // 1. kubernetes_config.node_labels_to_synchronize
+ google.protobuf.FieldMask update_mask = 3;
+}
+
+message ConfigureClusterResponse {
+ // Resulting config as set on the server, merged from the users new_config.
+ common.ClusterConfiguration resulting_config = 1;
+}
\ No newline at end of file
diff --git a/metropolis/proto/ext/authorization.proto b/metropolis/proto/ext/authorization.proto
index e526ec3..81de8bd 100644
--- a/metropolis/proto/ext/authorization.proto
+++ b/metropolis/proto/ext/authorization.proto
@@ -30,6 +30,7 @@
PERMISSION_DELETE_NODE = 9;
PERMISSION_UPDATE_NODE_LABELS = 10;
PERMISSION_NODE_POWER_MANAGEMENT = 11;
+ PERMISSION_CONFIGURE_CLUSTER = 12;
}
// Authorization policy for an RPC method. This message/API does not have the