Skip to content

fix(module): avoid queue blocking on invalid module config in CSE#2243

Closed
LopatinDmitr wants to merge 2 commits intorelease-1.0-csefrom
fix/cse/hooks
Closed

fix(module): avoid queue blocking on invalid module config in CSE#2243
LopatinDmitr wants to merge 2 commits intorelease-1.0-csefrom
fix/cse/hooks

Conversation

@LopatinDmitr
Copy link
Copy Markdown
Contributor

@LopatinDmitr LopatinDmitr commented Apr 20, 2026
edited
Loading

Description

Make virtualization module config validation tolerate empty or incomplete spec.settings and ensure hooks that patch values only reconcile when a valid copied module config exists.

This change keeps validate-module-config as the single source of truth for config validity:

  • valid settings are copied into virtualization.internal.moduleConfig
  • invalid settings are not copied
  • the previous valid copied config is preserved
  • validation errors are reported through virtualization.internal.moduleConfigValidation

Hooks and templates that depend on module config now use the copied internal config contract consistently.

Why do we need it, and what problem does it solve?

During installation the ModuleConfig/virtualization object may appear before the validating webhook is ready, so an empty or incomplete spec.settings can temporarily exist in the cluster.

Previously this could lead to two failure modes:

  1. validate-module-config could panic while accessing missing required settings.
  2. Hooks that patch values could continue reconciling from an invalid state, return invalid values patches, and block the module queue when Deckhouse validated them against OpenAPI.

With this change, config validation errors are reported cleanly through readiness, invalid settings never overwrite the copied internal config, and hooks that patch values only run when a valid copied config is available.

What is the expected result?

  1. Create or keep ModuleConfig/virtualization with empty or incomplete spec.settings.
  2. Verify validate-module-config does not panic and stores a validation error.
  3. Verify invalid module settings are not copied into virtualization.internal.moduleConfig.
  4. Verify the previous valid copied config is preserved if a new invalid config is applied.
  5. Verify hooks that patch values do not reconcile until a valid copied config exists, and continue to use the previous valid copied config if it already exists.
  6. Verify the module reports a clear readiness error for the invalid config.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: module
type: fix
summary: Make virtualization hooks use only valid copied module config and avoid queue blocking on invalid module settings.
impact_level: low

@LopatinDmitr LopatinDmitr changed the base branch from main to release-1.0-cse April 20, 2026 12:26
diafour
diafour reviewed Apr 20, 2026
View reviewed changes
Comment thread templates/_helpers.tpl Outdated
diafour
diafour reviewed Apr 20, 2026
View reviewed changes
Comment thread images/hooks/pkg/hooks/validate-module-config/hook.go Outdated
@LopatinDmitr LopatinDmitr changed the title fix(module): handle empty module config settings fix(module): skip hooks until module config is valid Apr 20, 2026
@LopatinDmitr LopatinDmitr force-pushed the fix/cse/hooks branch 6 times, most recently from b2ec7fc to 5ca7467 Compare April 20, 2026 17:20
@LopatinDmitr LopatinDmitr requested a review from diafour April 20, 2026 17:21
@LopatinDmitr
fix(module): avoid queue blocking on invalid module config
ef357dc 
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr LopatinDmitr changed the title fix(module): skip hooks until module config is valid fix(module): avoid queue blocking on invalid module config Apr 20, 2026
@LopatinDmitr LopatinDmitr changed the title fix(module): avoid queue blocking on invalid module config fix(module): avoid queue blocking on invalid module config in CSE Apr 20, 2026
@LopatinDmitr LopatinDmitr self-assigned this Apr 21, 2026
@LopatinDmitr LopatinDmitr force-pushed the fix/cse/hooks branch 3 times, most recently from d63a4b2 to 9e6d545 Compare April 21, 2026 13:17
@LopatinDmitr
after review
e2b60b4 
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@universal-itengineer universal-itengineer Awaiting requested review from universal-itengineer universal-itengineer is a code owner

@nevermarine nevermarine Awaiting requested review from nevermarine nevermarine is a code owner

@Isteb4k Isteb4k Awaiting requested review from Isteb4k Isteb4k is a code owner

@diafour diafour Awaiting requested review from diafour

Assignees

@LopatinDmitr LopatinDmitr

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LopatinDmitr @diafour