Skip to content

fix(module): avoid queue blocking on invalid module config#2246

Open
LopatinDmitr wants to merge 7 commits intomainfrom
fix/module/hooks-with-invalid-mc
Open

fix(module): avoid queue blocking on invalid module config#2246
LopatinDmitr wants to merge 7 commits intomainfrom
fix/module/hooks-with-invalid-mc

Conversation

@LopatinDmitr
Copy link
Copy Markdown
Contributor

@LopatinDmitr LopatinDmitr commented Apr 20, 2026

Description

Make virtualization module config validation tolerate empty or incomplete spec.settings and ensure hooks that patch values only reconcile when a valid copied module config exists.

This change keeps validate-module-config as the single source of truth for config validity:

  • valid settings are copied into virtualization.internal.moduleConfig
  • invalid settings are not copied
  • the previous valid copied config is preserved
  • validation errors are reported through virtualization.internal.moduleConfigValidation

Hooks and templates that depend on module config now use the copied internal config contract consistently.

Why do we need it, and what problem does it solve?

During installation the ModuleConfig/virtualization object may appear before the validating webhook is ready, so an empty or incomplete spec.settings can temporarily exist in the cluster.

Previously this could lead to two failure modes:

  1. validate-module-config could panic while accessing missing required settings.
  2. Hooks that patch values could continue reconciling from an invalid state, return invalid values patches, and block the module queue when Deckhouse validated them against OpenAPI.

With this change, config validation errors are reported cleanly through readiness, invalid settings never overwrite the copied internal config, and hooks that patch values only run when a valid copied config is available.

What is the expected result?

  1. Create or keep ModuleConfig/virtualization with empty or incomplete spec.settings.
  2. Verify validate-module-config does not panic and stores a validation error.
  3. Verify invalid module settings are not copied into virtualization.internal.moduleConfig.
  4. Verify the previous valid copied config is preserved if a new invalid config is applied.
  5. Verify hooks that patch values do not reconcile until a valid copied config exists, and continue to use the previous valid copied config if it already exists.
  6. Verify the module reports a clear readiness error for the invalid config.

Checklist

  • The code is covered by unit tests.
  • e2e tests passed.
  • Documentation updated according to the changes.
  • Changes were tested in the Kubernetes cluster manually.

Changelog entries

section: module
type: fix
summary: Make virtualization hooks use only valid copied module config and avoid queue blocking on invalid module settings.

Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr LopatinDmitr force-pushed the fix/module/hooks-with-invalid-mc branch from 08d1f3f to 1277d66 Compare April 20, 2026 19:50
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr LopatinDmitr force-pushed the fix/module/hooks-with-invalid-mc branch from 66d3766 to 6141369 Compare April 21, 2026 15:31
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
@LopatinDmitr LopatinDmitr requested a review from diafour April 22, 2026 09:12
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
Signed-off-by: Dmitry Lopatin <dmitry.lopatin@flant.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant