Skip to content

Config overrides: use apiVersion instead of group for easier UX #489

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
frobware wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Config overrides: use apiVersion instead of group for easier UX #489

frobware wants to merge 5 commits into from

Conversation

@frobware
Copy link
Contributor

@frobware frobware commented Jan 5, 2026

This is an experiment building on @andreaskaris's work in #475.

After reviewing the override functionality, I wanted to explore a couple of changes that I think make the feature easier to use and more robust.

What changed

1. Replace group with apiVersion in the override spec

The original implementation required users to specify:

- kind: DaemonSet
  group: apps
  namespace: bpfman
  name: bpfman-daemon
  unmanaged: true

This means users need to remember API group names (apps, storage.k8s.io, empty string for core resources, etc.) and mentally split apiVersion into group/version.

The new approach uses apiVersion directly:

- apiVersion: apps/v1
  kind: DaemonSet
  namespace: bpfman
  name: bpfman-daemon
  unmanaged: true

This is the same format users see in kubectl get -o yaml output, so they can copy/paste directly. No need to remember that ConfigMaps have an empty group or that DaemonSets live in apps.

2. Use scheme-based GVK resolution

The original implementation matched overrides using resource.GetObjectKind().GroupVersionKind(). This is fragile because many objects constructed in code don't have their TypeMeta populated - it's only reliably set when objects are decoded from the API server.

The PR had already worked around this by manually adding TypeMeta to the ConfigMap:

cm := &corev1.ConfigMap{
    TypeMeta: metav1.TypeMeta{
        Kind:       "ConfigMap",
        APIVersion: "v1",
    },
    // ...
}

The new approach uses the controller's scheme to resolve GVK:

gvks, _, err := scheme.ObjectKinds(resource)

This works reliably for all objects regardless of how they were constructed, so we can remove the manual TypeMeta workaround.

Testing

I've tested this on a kind cluster:

  1. Added an override for the DaemonSet
  2. Verified the operator logs show "Skipping unmanaged resource (override in place)"
  3. Modified the DaemonSet spec - changes persisted (operator skipped it)
  4. Deleted the DaemonSet while unmanaged - it stayed deleted
  5. Removed the override - operator recreated the DaemonSet

The escape hatch semantics work as expected: complete hands-off while unmanaged, operator resumes control when the override is removed.

Summary

These changes are subjective improvements for UX and robustness. The core override functionality from #475 is unchanged - this just makes it easier to configure and removes a potential source of silent matching failures.

Happy to discuss if there are concerns or alternative approaches.

@andreaskaris
Implement component override functionality for Config resource
0b2c900 
This commit adds the ability to mark components as unmanaged in the
bpfman-operator, preventing the operator from creating or updating
specific objects. The implementation includes:

- Added ComponentOverride struct to Config API with fields for
kind, group, namespace, name, and unmanaged flag
- Modified assureResource function to check for overrides and skip
management of unmanaged components
- Implemented isOverridden helper function to match objects against
override specifications
- Added tests to verify override functionality works correctly
across all component types

Signed-off-by: Andreas Karis <ak.karis@gmail.com>
@andreaskaris
Config Overrides: auto-generated code
da2975e 
Signed-off-by: Andreas Karis <ak.karis@gmail.com>
@andreaskaris
Config Overrides: auto-generated bundle
8f6b916 
Signed-off-by: Andreas Karis <ak.karis@gmail.com>
@frobware frobware mentioned this pull request Jan 5, 2026
Open
@frobware
Replace Group with APIVersion in ComponentOverride
39dfd65 
Change the override selector from requiring a separate group field to
using apiVersion, which matches the format users see in kubectl output.
This makes overrides easier to configure by allowing direct copy/paste
from manifests.

The implementation now uses scheme-based GVK resolution instead of
relying on the object's TypeMeta, which may not be populated for
objects constructed in code. This ensures reliable matching regardless
of how the object was created.

Also fix typos and improve documentation to clarify that overrides are
a debug/escape hatch feature for advanced users.

Signed-off-by: Andrew McDermott <amcdermo@redhat.com>
@frobware
Regenerate CRD and bundle manifests
7d6c080 
Regenerated using make generate manifests bundle after APIVersion
changes to ComponentOverride.

Signed-off-by: Andrew McDermott <amcdermo@redhat.com>
@frobware frobware force-pushed the overrides-apiversion-improvements branch from 88dfade to 7d6c080 Compare January 5, 2026 13:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@frobware @andreaskaris