Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Empty updates to GCP during SQLInstance reconciliation #4207

Open
3 tasks done
knp-sap opened this issue Mar 28, 2025 · 3 comments · May be fixed by #4227
Open
3 tasks done

Empty updates to GCP during SQLInstance reconciliation #4207

knp-sap opened this issue Mar 28, 2025 · 3 comments · May be fixed by #4227
Labels
bug Something isn't working

Comments

@knp-sap
Copy link

knp-sap commented Mar 28, 2025

Checklist

Bug Description

Updating to Config Connector 1.129.2 causes empty updates to be sent to GCP during each reconciliation of SQLInstance, interfering with the daily scheduled backups and preventing them from being taken.

Additional Diagnostic Information

With the update, all SQLInstance types are reconciled using the new direct controller (instead of the legacy Terraform-based controller).

Kubernetes Cluster Version

v1.31.6

Config Connector Version

1.129.2

Config Connector Mode

cluster mode

Log Output

No response

Steps to reproduce the issue

Update Config Connector from 1.128.0 to 1.129.2 and then watch the operations of the SQL Instance in GCP.

YAML snippets

apiVersion: sql.cnrm.cloud.google.com/v1beta1
kind: SQLInstance
metadata:
  annotations:
    cnrm.cloud.google.com/deletion-policy: abandon
    cnrm.cloud.google.com/management-conflict-prevention-policy: none
    cnrm.cloud.google.com/mutable-but-unreadable-fields: '{}'
    cnrm.cloud.google.com/observed-secret-versions: '{}'
    cnrm.cloud.google.com/project-id: "test"
    cnrm.cloud.google.com/state-into-spec: absent
  finalizers:
  - cnrm.cloud.google.com/finalizer
  - cnrm.cloud.google.com/deletion-defender
  name: test
  namespace: test
spec:
  databaseVersion: POSTGRES_13
  region: europe-west3
  resourceID: test
  settings:
    availabilityType: REGIONAL
    backupConfiguration:
      backupRetentionSettings:
        retainedBackups: 30
      enabled: true
      pointInTimeRecoveryEnabled: true
    databaseFlags:
    - name: temp_file_limit
      value: "3145728"
    deletionProtectionEnabled: true
    diskSize: 10
    insightsConfig:
      queryInsightsEnabled: true
    ipConfiguration:
      requireSsl: true
    tier: db-g1-small
@knp-sap knp-sap added the bug Something isn't working label Mar 28, 2025
@jingyih jingyih linked a pull request Apr 1, 2025 that will close this issue
Open
@jingyih
Copy link
Collaborator

jingyih commented Apr 1, 2025

I actually tried to reproduce this in #4227. I used the same yaml configuration but I am not seeing any unexpected diff. In other words, no update call was made to the GCP API during the test.

@yuwenma
Copy link
Collaborator

yuwenma commented Apr 1, 2025

Thank you for your report, @knp-sap.

We have collaborated with Google Cloud SQL team. We expect this issue (reset enablement of SQL backups) would be fixed after Cloud Next (currently it is code freeze). We will keep updating this thread once the rollout fix is done.

@yuwenma
Copy link
Collaborator

yuwenma commented Apr 2, 2025

One thing worths noticing about the SQLInstance periodic (empty) updates: Since 1.129, the SQLInstance no longer relies on mutable-but-unreadable annotation (this exposes the encrypted password in k8s annotation) but always calls the updates in each reconciliation. This is a trade-off of temporarily considering the password as short-lived sensitive field than exposing it further. This is something we want to improve, and here's a full plan. I saw your SQLInstance does not use the roopassword, but if you have any thoughts, please feel free to share in #4230 as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: fix permanent diff in SQLInstance backupConfiguration jingyih/k8s-config-connector
3 participants
@yuwenma @jingyih @knp-sap