KEP 1645: add labels and annotations export #4922
Conversation
MrFreezeex
commented
Oct 16, 2024
•
MrFreezeex
commented
- One-line PR description: add labels and annotations export
- Issue link: Multi-Cluster Services API #1645
- Other comments: Add new fields in the ServiceExport resources to sync labels and annotations. This approach is inspired by the GatewayAPI (https://gateway-api.sigs.k8s.io/geps/gep-1762/#labels-and-annotations) one to have dedicated fields for that and there's some explanation inline in the KEP why we might favor that.
|
Skipping CI for Draft Pull Request. |
k8s-ci-robot
added
do-not-merge/work-in-progress
k8s-ci-robot
added
kind/kep
MrFreezeex
force-pushed
the
KEP1645-sync-labels-annotations
branch
2 times, most recently
from
939b732 to
2ae4c68
Compare
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
MrFreezeex
force-pushed
the
KEP1645-sync-labels-annotations
branch
2 times, most recently
from
6b7282b to
a849f28
Compare
keps/sig-multicluster/1645-multi-cluster-services-api/README.md
Outdated
Show resolved
Hide resolved
keps/sig-multicluster/1645-multi-cluster-services-api/README.md
Outdated
Show resolved
Hide resolved
MrFreezeex
force-pushed
the
KEP1645-sync-labels-annotations
branch
from
a849f28 to
4960c5b
Compare
keps/sig-multicluster/1645-multi-cluster-services-api/README.md
Outdated
Show resolved
Hide resolved
MrFreezeex
force-pushed
the
KEP1645-sync-labels-annotations
branch
5 times, most recently
from
b33c1eb to
83d1af6
Compare
keps/sig-multicluster/1645-multi-cluster-services-api/README.md
Outdated
Show resolved
Hide resolved
Signed-off-by: Arthur Outhenin-Chalandre <arthur@cri.epita.fr>
MrFreezeex
force-pushed
the
KEP1645-sync-labels-annotations
branch
from
83d1af6 to
271740f
Compare
|
/approve @mikemorris, @JeremyOT, @lauralorenz could you take a look (after Thanksgiving week-end I imagine 😉)? |
k8s-ci-robot
added
the
approved
|
Will prioritize reviewing this and kubernetes-sigs/mcs-api/pull/85 this week. |
There was a problem hiding this comment.
/approve
This feels good to me - it's both simpler and more flexible than the "copy/filter" strategy to start, and with the tweak I suggested from "annotations or labels must not be exported from the metadata" to "values specified in spec.exportedLabels or spec.exportedAnnotations MUST take precedence" I think we have future design space if we determine the alternative UX is needed in the future.
| supported by MCS-API implementations. If supported, annotations or labels must | ||
| not be exported from the `metadata` of the `Service` or `ServiceExport` resources. |
There was a problem hiding this comment.
| supported by MCS-API implementations. If supported, annotations or labels must | |
| not be exported from the `metadata` of the `Service` or `ServiceExport` resources. | |
| supported by MCS-API implementations. If supported, values specified in | |
| `spec.exportedLabels` or `spec.exportedAnnotations` MUST take precedence over any | |
| labels or annotations which may be synced or copied from the `metadata` of the | |
| `Service` or `ServiceExport` resources. |
I think this tweak would give us design space to implement a "copy filter" strategy either globally in implementation configuration or locally via additional fields on ServiceExport if we find a need to add that in the future but without adding additional complexity now.
There was a problem hiding this comment.
I am not sure I agree with this because it is intentionally vague about what implementation should do (does precedence means merging or completely overriding?), if we find the need to change that behavior I would just edit those sentence rather than having something somewhat unclear to begin with
| @@ -1013,6 +1029,13 @@ Session affinity affects a service as a whole for a given consumer. The derived | |||
| service's session affinity will be decided according to the conflict resolution | |||
| policy. | |||
|
|
|||
| #### Labels and Annotations | |||
|
|
|||
| If supported, exporting labels and annotations would affect a `Service` as a whole | |||
There was a problem hiding this comment.
| If supported, exporting labels and annotations would affect a `Service` as a whole | |
| If supported, exporting labels and annotations would affect a service as a whole |
For consistency with the above sections which do not explicitly mention the Service resource - my reading is that a derived Service resource is an optional implementation detail which is one component of the "service as a whole".
There was a problem hiding this comment.
I see this would revert @sftim's prior suggested change in #4922 (comment)
| @@ -1229,7 +1252,7 @@ retain the flexibility of selectors. | |||
|
|
|||
| ### Export via annotation | |||
|
|
|||
| `ServiceExport` as described has no spec and seems like it could just be | |||
| `ServiceExport` initially had no spec and seemed like it could just be | |||
There was a problem hiding this comment.
Out of scope for this change, but I think the original rationale here is actually outdated - the Service resource does have a status.conditions field now https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceStatus
There was a problem hiding this comment.
This is about ServiceExport spec so I would say it should still be right?
There was a problem hiding this comment.
This section is describing why a ServiceExport resource with no spec was originally proposed at all - the ServiceExport status was intended to fill a UX gap from Service lacking a status.conditions field to message if an annotation-based API on Service to indicate an intent to export would have been successful or conflicted. It's not directly applicable to the focus of this PR though, I may update the language for historical purposes in a separate PR.
| `ServiceExport` or `Service` resources, it may be more confusing for users as it | ||
| would be the only fields present in both resources. For instance, should an |
There was a problem hiding this comment.
| `ServiceExport` or `Service` resources, it may be more confusing for users as it | |
| would be the only fields present in both resources. For instance, should an | |
| `ServiceExport` or `Service` resources, it may be more confusing for users. | |
| For instance, should an |
I didn't quite understand this, and think the point is clear without this phrase.
| and annotations in the spec of the `ServiceExport` resource, it may becomes more | ||
| straightforward that each resource have their own labels and annotations in their | ||
| metadata and that the exported labels and annotations are from the dedicated | ||
| fields in the `ServiceExport` spec. |
There was a problem hiding this comment.
| and annotations in the spec of the `ServiceExport` resource, it may becomes more | |
| straightforward that each resource have their own labels and annotations in their | |
| metadata and that the exported labels and annotations are from the dedicated | |
| fields in the `ServiceExport` spec. | |
| and annotations in the spec of the `ServiceExport` resource, we expect it will be | |
| straightforward that while each resource has their own labels and annotations in their | |
| metadata, the exported labels and annotations are from the dedicated fields in the | |
| `ServiceExport` spec. |
Minor phrasing nit.
| from the `Service` and `ServiceExport` metadata. More flexibility could also be | ||
| achieved with CEL expression on the `ServiceExport` at the cost of greater |
There was a problem hiding this comment.
| from the `Service` and `ServiceExport` metadata. More flexibility could also be | |
| achieved with CEL expression on the `ServiceExport` at the cost of greater | |
| from the `Service` and `ServiceExport` metadata. | |
| This implementation does not preclude the possibility of additionally adopting a | |
| "copy/filter" strategy (either as global configuration for a particular implementation, or | |
| granularly as additional `ServiceExport` fields) if the need arises. Such an strategy could | |
| select specific label or annotation keys to sync from the `Service` by exact name, by | |
| prefix, or further flexibility could be achieved with CEL expressions at the cost of | |
| greater |
Feel free to reject this suggestion - from the long thread above this felt like this possibility could be worth mentioning but perhaps the "exportedLabels and exportedAnnotations MUST take precedence" snippet I suggested adding above is a sufficent oblique reference without introducing confusion.
There was a problem hiding this comment.
A bit similar to the previous thread I would recommend to keep the kep consistent for all implementations regarding this for now and if the need arises we should just update it IMO or make it more loose
|
This looks good to me, thank you! /lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JeremyOT, mikemorris, MrFreezeex, skitt The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
| // ServiceExportSpec describes an exported service and extra exported information | ||
| type ServiceExportSpec struct { | ||
| // +optional | ||
| ExportedLabels map[string]string `json:"exportedLabels"` |
There was a problem hiding this comment.
| ExportedLabels map[string]string `json:"exportedLabels"` | |
| ExportedLabels map[string]string `json:"exportedLabels,omitempty"` |
There was a problem hiding this comment.
Ah yep nice catch! It's already like that in the associated PR for the CRD but the KEP should be amended indeed
