[Federation][kubefed] Annotate all Federation API objects with the federation name and (if applicable) the cluster name. #42683
Conversation
|
Hi @perotinus. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
the
cncf-cla: yes
|
This change is |
k8s-github-robot
added
size/L
perotinus
changed the title
k8s-github-robot
added
release-note
perotinus
force-pushed
the
annotations
branch
4 times, most recently
from
1644d67
to
08ef331
Compare
k8s-github-robot
added
the
needs-rebase
pkg/kubectl/cluster.go
Outdated
| @@ -30,6 +31,8 @@ import ( | |||
| type ClusterGeneratorV1Beta1 struct { | |||
| // Name of the cluster context (required) | |||
| Name string | |||
| // Name of the federation this cluster is joining (required) | |||
There was a problem hiding this comment.
Adding a new required param breaks existing scripts. Is this really required?
I dont see any value of adding this annotation on cluster objects. Running kubectl get clusters <cluster-name> -o yaml will not give me a reusable yaml file that I can use with another federation.
IIUC the original issue was because we store some federation objects in host cluster and since the host cluster can be hosting multiple federation objects it makes sense to add these annotation there.
Cluster objects are already stored in federation control plane, so skip the annotation for clusters?
There was a problem hiding this comment.
Hmm. Do you mean that you can't use an old version of kubefed with a newer federation? Or vice versa? Can you give an example of what would fail that we need to continue supporting?
On a side note, do we have a grid for which versions of kubefed, the FCP, the host cluster Kubernetes version and the joined cluster versions we need to support, in new federation and upgrade cases? I know that we want to maintain backwards compatibility, but I'm not sure I really understand what sort of compatibility we're trying to maintain.
Adding the annotation does give you the ability to get all objects related to a particular federation, rather than having to get all the annotated objects and then the cluster objects separately.
That all said, I'm happy to remove the cluster annotations. I just want to make sure I understand the benefit.
There was a problem hiding this comment.
On a side note, do we have a grid for which versions of kubefed, the FCP, the host cluster Kubernetes version and the joined cluster versions we need to support, in new federation and upgrade cases? I know that we want to maintain backwards compatibility, but I'm not sure I really understand what sort of compatibility we're trying to maintain.
We have neither concretely defined nor documented that right now. I guess that will be one of the important work items in taking federation to GA.
But having said that, I think @nikhiljindal's comment holds. I did not think about that before.
Adding the annotation does give you the ability to get all objects related to a particular federation, rather than having to get all the annotated objects and then the cluster objects separately.
You need to do that anyway. You need to get all the annotated objects from the host cluster and then separately get the cluster objects from the federation API server irrespective of the annotations. Even if your objects are annotated, I believe you still need to get each type of object separately and filter for objects that contain the annotation you care about. Our API machinery does not allow getting objects with a given annotation across different API types.
@nikhiljindal, having said all that, I don't think adding the annotation here is that dangerous. This required param is an internal detail and @perotinus is making it mandatory to establish the contract between the provider and the client. The client here is the kubefed join implementation. Users who run the kubefed join command don't have to care about this. So it is not going to break them. It is just that the implementation of kubefed join should provide these annotation values which it does.
There was a problem hiding this comment.
To clarify, the code here is kubectl and not kubefed. We have defined policies for kubectl version skew support that we cant break.
There was a problem hiding this comment.
Ah, I see. kubectl vs kubefed makes a big difference.
@nikhiljindal @madhusudancs Are we agreed on removing the annotation from the cluster objects, and so reverting the changes to the ClusterGenerator?
There was a problem hiding this comment.
Ah, I see. kubectl vs kubefed makes a big difference.
FWIW, we do need to be strict about not breaking kubefed as well (now that its beta)
@nikhiljindal @madhusudancs Are we agreed on removing the annotation from the cluster objects, and so reverting the changes to the ClusterGenerator?
Yes I dont see much advantage of adding the annotation but to be clear, reverting the change in ClusterGenerator and adding annotation to cluster object when its created via kubefed are different independent points. kubefed should not be using ClusterGenerator. Its providing the yaml I believe.
There was a problem hiding this comment.
kubefed should not be using ClusterGenerator? That seems like a separate issue. Is it being tracked somewhere?
I'll revert all of the code that adds the annotation to the cluster objects later today unless someone objects. We can always add it back later.
There was a problem hiding this comment.
Just to close this discussion, I am summarizing our offline discussion here:
To clarify, the code here is kubectl and not kubefed. We have defined policies for kubectl version skew support that we cant break.
ClusterGenerator is not kubectl code, it is kubefed code in the sense that kubefed is the only client. It sits in kubectl package to reuse some of the machinery there.
FWIW, we do need to be strict about not breaking kubefed as well (now that its beta)
Agreed. But this doesn't break kubefed too. It is just changing the internal detail.
kubefed should not be using ClusterGenerator. Its providing the yaml I believe.
kubefed is using ClusterGenerator. In fact, it is the only consumer of that interface. It uses the kubectl generator machinery to simplify a number of other things (read: reinvent the wheel).
But we decided to remove the annotation from cluster object because it is unnecessary code.
|
@k8s-bot ok to test lgtm except adding the annotations to cluster objects and specifically breaking |
grodrigues3
added
needs-ok-to-test
k8s-github-robot
removed
the
needs-rebase
|
@madhusudancs @nikhiljindal This should be good to review now; I've removed all of the code that added the annotations to the cluster object. |
|
Hmm. That looks like a flaky test. Can someone rerun the tests? |
|
@k8s-bot non-cri e2e test this |
…deration name and (if applicable) the cluster name.
|
@madhusudancs @nikhiljindal Can someone give this another review pass? |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: nikhiljindal, perotinus
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
|
@perotinus I have a few minor nits. Since this PR is already LGTM'ed and approved, please feel free to make address those comments in a separate PR. Reviewed 2 of 12 files at r1, 7 of 10 files at r2. federation/apis/federation/annotations.go, line 2 at r2 (raw file):
federation/apis/federation/annotations.go, line 20 at r2 (raw file):
This comment needs some clarification. "... that a federation control plane component is associated with ..." federation/apis/federation/annotations.go, line 21 at r2 (raw file):
"It must be applied to all the API types that represent that federation control plane components in the host cluster" or something like that. Comments from Reviewable |
|
@k8s-bot test this [submit-queue is verifying that this PR is safe to merge] |
|
Automatic merge from submit-queue |
Automatic merge from submit-queue (batch tested with PRs 44607, 44472, 44482) [Federation] Fix the comments on FederationNameAnnotation Follow-up for minor issues raised in #42683 ```release-note NONE ```
Address part of #42324.