Problem
`StatefulSet.spec.volumeClaimTemplates` is immutable after creation. If a user mutates `spec.volumeClaimTemplates` on a live VinylCache (changes size, StorageClass, adds/removes a template), the reconciler's `CreateOrUpdate` call receives:
```
Forbidden: updates to statefulset spec for fields other than 'replicas', 'ordinals',
'template', 'updateStrategy', 'revisionHistoryLimit',
'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden
```
The error propagates into the Reconcile loop → phase: Error → permanent error-requeue cycle until the user either reverts the change or deletes+recreates the VinylCache. Current failure mode is noisy but diagnosable; it will show up in bug reports.
Flagged by
Final critical code review on PR #45 (#43), finding I-2.
Proposed fix
Detect the mutation at admission time in `internal/webhook/v1alpha1/vinylcache_webhook.go`:
-
Extend the validator entrypoint so `ValidateUpdate` receives both `oldObj` and `newObj`. Today it only calls `ValidateVinylCache(newObj)` and discards `oldObj`.
-
Add a new helper `ValidateVinylCacheUpdate(old, new *VinylCache) (admission.Warnings, error)` that calls `ValidateVinylCache(new)` first, then adds update-only checks.
-
Reject when `new.Spec.VolumeClaimTemplates` is not `DeepEqual` to `old.Spec.VolumeClaimTemplates`, with a clear message:
`spec.volumeClaimTemplates` is immutable after creation. To change volume templates, delete and recreate the VinylCache (PVCs are preserved via StatefulSet retention policy).
Scope
- Keep `ValidateCreate` path unchanged — create-time mutation is obviously valid.
- No change to `ValidateVinylCache` body — it stays the shared create-and-update common validation.
- Add webhook unit tests for: create allowed, update with unchanged templates allowed, update with any template-list diff rejected, nil → non-nil rejected, non-nil → nil rejected.
References
- `/home/jensens/ws/bda/cloud-vinyl/internal/webhook/v1alpha1/vinylcache_webhook.go:72-78` — current validator wiring.
- `/home/jensens/ws/bda/cloud-vinyl/internal/webhook/vinylcache_validator.go` — home of validation helpers.
- StatefulSet immutability: Kubernetes #73492, still in place as of 1.29.
Related
Problem
`StatefulSet.spec.volumeClaimTemplates` is immutable after creation. If a user mutates `spec.volumeClaimTemplates` on a live VinylCache (changes size, StorageClass, adds/removes a template), the reconciler's `CreateOrUpdate` call receives:
```
Forbidden: updates to statefulset spec for fields other than 'replicas', 'ordinals',
'template', 'updateStrategy', 'revisionHistoryLimit',
'persistentVolumeClaimRetentionPolicy' and 'minReadySeconds' are forbidden
```
The error propagates into the Reconcile loop → phase: Error → permanent error-requeue cycle until the user either reverts the change or deletes+recreates the VinylCache. Current failure mode is noisy but diagnosable; it will show up in bug reports.
Flagged by
Final critical code review on PR #45 (#43), finding I-2.
Proposed fix
Detect the mutation at admission time in `internal/webhook/v1alpha1/vinylcache_webhook.go`:
Extend the validator entrypoint so `ValidateUpdate` receives both `oldObj` and `newObj`. Today it only calls `ValidateVinylCache(newObj)` and discards `oldObj`.
Add a new helper `ValidateVinylCacheUpdate(old, new *VinylCache) (admission.Warnings, error)` that calls `ValidateVinylCache(new)` first, then adds update-only checks.
Reject when `new.Spec.VolumeClaimTemplates` is not `DeepEqual` to `old.Spec.VolumeClaimTemplates`, with a clear message:
Scope
References
Related