Support strategic merge patch for TemplateManagement Objects

[Schnitzel]

Working with the TemplateManagement Object will include a lot of enabling of templatechains in namespaces, which itself can be done with kubectl patch.

Assuming the provided TemplateManagement with a single Chain enabled in the target Namespace:

apiVersion: hmc.mirantis.com/v1alpha1
kind: TemplateManagement
metadata:
  name: hmc
spec:
  accessRules:
    - clusterTemplateChains:
        - demo-aws-hosted-cp-0.0.1
      targetNamespaces:
        list:
          - blue

and the following green-patch1.yaml:

spec:
  accessRules:
    - clusterTemplateChains:
        - demo-aws-hosted-cp-0.0.2
      targetNamespaces:
        list:
          - green

and then running

kubectl patch TemplateManagement  hmc --type=strategic --patch-file green-patch1.yaml

I would expect the hmc TemplateManagement object to look like this:

apiVersion: hmc.mirantis.com/v1alpha1
kind: TemplateManagement
metadata:
  name: hmc
spec:
  accessRules:
    - clusterTemplateChains:
        - demo-aws-hosted-cp-0.0.1
      targetNamespaces:
        list:
          - blue
    - clusterTemplateChains:
        - demo-aws-hosted-cp-0.0.2
      targetNamespaces:
        list:
          - green

but unfortunately it fails with:

error: application/strategic-merge-patch+json is not supported by hmc.mirantis.com/v1alpha1, Kind=TemplateManagement: the body of the request was in an unknown format - accepted media types include: application/json-patch+json, application/merge-patch+json, application/apply-patch+yaml

the other patch strategies unfortunately cause the existing accessRules to be overwriten and not merged together.
I can workaround this with some yq magic, but it would be great if we can support this with kubectl out of the box

[eromanova]

I’m not certain that implementing the strategic merge patch for our TemplateManagement CRD is feasible. The official Kubernetes documentation states that strategic merge patching is not supported for custom resources. For reference:

• Kubernetes official documentation on kubectl patch
• GitHub issue discussion on custom resources and strategic merge patch

Additionally, for a strategic merge patch to work, the resource struct should include a field (e.g., name) to uniquely identify array elements during the merge (via patchMergeKey). In our TemplateManagement spec, we don’t have such a field that can be used as a key for merging array elements.

I’m not sure we need to introduce these API changes for our use case. Instead, I suggest using a JSON patch as an alternative. Below is an example of a JSON patch file (patch.json) that adds a new rule to the accessRules array:

[
  {
    "op": "add",
    "path": "/spec/accessRules/-",
    "value": {
      "targetNamespaces": {
         "list": ["green"]
      },
      "clusterTemplateChains": ["demo-aws-hosted-cp-0.0.2"]
    }
  }
]

To apply the patch, run the following command:
kubectl patch templatemanagement hmc --type=json -p "$(cat patch.json)"

The result will be:

spec:
  accessRules:
  - clusterTemplateChains:
    - demo-aws-hosted-cp-0.0.1
    targetNamespaces:
      list:
      - brue
  - clusterTemplateChains:
    - demo-aws-hosted-cp-0.0.2
    targetNamespaces:
      list:
      - green

Alternatively, you can edit the TemplateManagement resource directly using the kubectl edit command.

Please, feel free to reopen the issue if you have any disagreements.