in pkg/validations/upgradevalidations/immutable_fields.go [15:110]
func ValidateImmutableFields(ctx context.Context, k validations.KubectlClient, cluster *types.Cluster, spec *cluster.Spec, provider providers.Provider) error {
prevSpec, err := k.GetEksaCluster(ctx, cluster, spec.Cluster.Name)
if err != nil {
return err
}
if prevSpec.Name != spec.Cluster.Name {
return fmt.Errorf("cluster name is immutable. previous name %s, new name %s", prevSpec.Name, spec.Cluster.Name)
}
if prevSpec.Namespace != spec.Cluster.Namespace {
if !(prevSpec.Namespace == "default" && spec.Cluster.Namespace == "") {
return fmt.Errorf("cluster namespace is immutable")
}
}
oSpec := prevSpec.Spec
nSpec := spec.Cluster.Spec
if !nSpec.DatacenterRef.Equal(&oSpec.DatacenterRef) {
return fmt.Errorf("spec.dataCenterRef.name is immutable")
}
if err := ValidateGitOpsImmutableFields(ctx, k, cluster, spec, prevSpec); err != nil {
return err
}
if !nSpec.ControlPlaneConfiguration.Endpoint.Equal(oSpec.ControlPlaneConfiguration.Endpoint, nSpec.DatacenterRef.Kind) {
return fmt.Errorf("spec.controlPlaneConfiguration.endpoint is immutable")
}
/* compare all clusterNetwork fields individually, since we do allow updating updating fields for configuring plugins such as CiliumConfig through the cli*/
if !nSpec.ClusterNetwork.Pods.Equal(&oSpec.ClusterNetwork.Pods) {
return fmt.Errorf("spec.clusterNetwork.Pods is immutable")
}
if !nSpec.ClusterNetwork.Services.Equal(&oSpec.ClusterNetwork.Services) {
return fmt.Errorf("spec.clusterNetwork.Services is immutable")
}
if !nSpec.ClusterNetwork.DNS.Equal(&oSpec.ClusterNetwork.DNS) {
return fmt.Errorf("spec.clusterNetwork.DNS is immutable")
}
if !v1alpha1.CNIPluginSame(nSpec.ClusterNetwork, oSpec.ClusterNetwork) {
return fmt.Errorf("spec.clusterNetwork.CNI/CNIConfig is immutable")
}
// We don't want users to be able to toggle off SkipUpgrade until we've understood the
// implications so we are temporarily disallowing it.
oCNI := prevSpec.Spec.ClusterNetwork.CNIConfig
nCNI := spec.Cluster.Spec.ClusterNetwork.CNIConfig
if oCNI != nil && oCNI.Cilium != nil && !oCNI.Cilium.IsManaged() && nCNI.Cilium.IsManaged() {
return fmt.Errorf("spec.clusterNetwork.cniConfig.cilium.skipUpgrade cannot be toggled off")
}
if !nSpec.ProxyConfiguration.Equal(oSpec.ProxyConfiguration) {
return fmt.Errorf("spec.proxyConfiguration is immutable")
}
oldETCD := oSpec.ExternalEtcdConfiguration
newETCD := nSpec.ExternalEtcdConfiguration
if oldETCD != nil && newETCD == nil || oldETCD == nil && newETCD != nil {
return errors.New("adding or removing external etcd during upgrade is not supported")
}
oldAWSIamConfigRef := &v1alpha1.Ref{}
for _, oIdentityProvider := range oSpec.IdentityProviderRefs {
switch oIdentityProvider.Kind {
case v1alpha1.AWSIamConfigKind:
oIdentityProvider := oIdentityProvider // new variable scoped to the for loop Ref: https://github.com/golang/go/wiki/CommonMistakes#using-reference-to-loop-iterator-variable
oldAWSIamConfigRef = &oIdentityProvider
}
}
for _, nIdentityProvider := range nSpec.IdentityProviderRefs {
switch nIdentityProvider.Kind {
case v1alpha1.AWSIamConfigKind:
newAWSIamConfigRef := &nIdentityProvider
prevAwsIam, err := k.GetEksaAWSIamConfig(ctx, nIdentityProvider.Name, cluster.KubeconfigFile, spec.Cluster.Namespace)
if err != nil {
return err
}
if !prevAwsIam.Spec.Equal(&spec.AWSIamConfig.Spec) || !oldAWSIamConfigRef.Equal(newAWSIamConfigRef) {
return fmt.Errorf("aws iam identity provider is immutable")
}
}
}
if spec.Cluster.IsSelfManaged() != prevSpec.IsSelfManaged() {
return fmt.Errorf("management flag is immutable")
}
if oSpec.ManagementCluster.Name != nSpec.ManagementCluster.Name {
return fmt.Errorf("management cluster name is immutable")
}
return provider.ValidateNewSpec(ctx, cluster, spec)
}