CRD Conversion API Changes #67795
CRD Conversion API Changes #67795
Conversation
k8s-ci-robot
added
sig/api-machinery
|
/retest |
|
/sig architecture we need sign off from them too, right? |
k8s-ci-robot
added
the
sig/architecture
| // - `Webhook`: API Server will call to an external webhook to do the conversion. Additional information is needed for this option. | ||
| Strategy ConversionStrategyType | ||
|
|
||
| // Additional information for external conversion if strategy is set to external |
| // - `Webhook`: API Server will call to an external webhook to do the conversion. Additional information is needed for this option. | ||
| Strategy ConversionStrategyType `json:"strategy" protobuf:"bytes,1,name=strategy"` | ||
|
|
||
| // Additional information for external conversion if strategy is set to external |
There was a problem hiding this comment.
If strategy is Webhook, must contain instructions for how to call the webhook.
| // ConvertedObject is the converted version of request.Object if the Result is nil. | ||
| // +optional | ||
| ConvertedObject runtime.RawExtension `json:"convertedObject" protobuf:"bytes,2,name=convertedObject"` | ||
| // Result contains extra details into why a conversion request was failed. If it is not nil, it means |
There was a problem hiding this comment.
it's not a pointer. It can't be nil.
There was a problem hiding this comment.
please make it a pointer & optional
There was a problem hiding this comment.
runtime.RawExtension can be nil (having nil value). The optional runtime.RawExtension is not a pointer in other APIs (at least the ones I checked like WatchEvent or AdmissionRequest)
|
|
||
| const ( | ||
| // NopConverter is a converter that only sets apiversion of the CR and leave everything else unchanged. | ||
| NopConverter ConversionStrategyType = "None" |
There was a problem hiding this comment.
RenameConverter? "Nop" is maybe a little obscure, and anyway, no abbreviations in the API with few exceptions.
NoChangeConverter? RepackageConverter? NullConverter?
There was a problem hiding this comment.
ah I see the name isn't going to be in the docs, so it matters less. In that case, let's make it match "None" even though NoneConverter sounds a bit weird?
|
|
||
| // CustomResourceConversion describes how to convert different versions of a CR. | ||
| type CustomResourceConversion struct { | ||
| // Strategy specifies the conversion strategy. Allowed values are: |
There was a problem hiding this comment.
strategy -- match json field name.
| // - `Webhook`: API Server will call to an external webhook to do the conversion. Additional information is needed for this option. | ||
| Strategy ConversionStrategyType `json:"strategy" protobuf:"bytes,1,name=strategy"` | ||
|
|
||
| // Additional information for external conversion if strategy is set to external |
There was a problem hiding this comment.
If strategy is Webhook, must contain instructions for how to call the webhook.
| } | ||
|
|
||
| // CustomResourceConversionWebhook describes how to call a conversion webhook. | ||
| type CustomResourceConversionWebhook struct { |
There was a problem hiding this comment.
What is the purpose of this layer of indirection?
| Response *ConversionResponse `json:"response,omitempty" protobuf:"bytes,2,opt,name=response"` | ||
| } | ||
|
|
||
| // ConversionRequest describes a conversion request parameters. |
| // +optional | ||
| UID types.UID `json:"uid,omitempty" protobuf:"bytes,1,opt,name=uid"` | ||
| // The version to convert given object to. E.g. "stable.example.com/v1" | ||
| APIVersion string `json:"apiVersion" protobuf:"bytes,2,name=apiVersion"` |
There was a problem hiding this comment.
Please separate it out into separate group and kind fields--friends don't make friends parse strings ;)
Please name it so it's clear it's the desired version, not the version of the thing that is being sent.
There was a problem hiding this comment.
There is no need to parse the string (as an example, look at my example converter webhook in the main PR test/images folder). I find it more clear to use the whole APIVersion in switch cases of the conversion.
There was a problem hiding this comment.
Also the field in the CR is APIVersion in the same form (e.g. stable.example.com/v1). If we separate it out then our friends need to merge strings which is not horrible but why? :)
Probably looking at these two code samples make it easier to argue that APIVersion make more sense:
There was a problem hiding this comment.
OK, no need to split it if it is always used together (I still think in an absolute sense it's better for it to be passed around as a pair, but fixing only one spot is maybe worse than leaving it like this).
However I still think it should be named more clearly, like "DesiredAPIVersion", "DestinationAPIVersion", or something like that. ("Target" is not good as it's ambiguous.)
| // Object is the CRD object to be converted. | ||
| Object runtime.RawExtension `json:"object" protobuf:"bytes,3,name=object"` | ||
| // IsList indicates that this is a List operation and Object contains a list of items. | ||
| IsList bool `json:"isList" protobuf:"varint,4,name=isList"` |
There was a problem hiding this comment.
I haven't looked back at the KEP, so maybe you answered this there, but why not just make Object into Objects []runtime.RawExtension? Then the webhook always gets a list, and apiserver can pack as many or few objects into the list as it wants.
There was a problem hiding this comment.
I have a more detailed answer for this in the main PR, but briefly, this will allow the webhook to change list metas.
There was a problem hiding this comment.
why do we want the conversion webhook to inspect/change anything under listmeta? I can't think of a reason conversion of individual objects should care about resourceVersion or continue tokens for the containing list
There was a problem hiding this comment.
Agreed. Will make this a array.
| // ConvertedObject is the converted version of request.Object if the Result is nil. | ||
| // +optional | ||
| ConvertedObject runtime.RawExtension `json:"convertedObject" protobuf:"bytes,2,name=convertedObject"` | ||
| // Result contains extra details into why a conversion request was failed. If it is not nil, it means |
There was a problem hiding this comment.
please make it a pointer & optional
mbohlool
force-pushed
the
crd_conversion_api_changes
branch
from
1f6a9a2 to
d337746
Compare
|
/retest |
2 similar comments
|
/retest |
|
/retest |
staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/types.go
Show resolved
Hide resolved
| UID types.UID `json:"uid,omitempty" protobuf:"bytes,1,opt,name=uid"` | ||
| // ConvertedObjects is the list of converted version of request.Objects if the Result is successful otherwise empty. | ||
| ConvertedObjects []runtime.RawExtension `json:"convertedObjects" protobuf:"bytes,2,rep,name=convertedObjects"` | ||
| // Result contains the result of conversion with extra details if the conversion failed. Result.Status determines if |
There was a problem hiding this comment.
Is this field optional? What should it be set to for successful conversions? Unsuccessful ones? What will happen with the reason / message fields?
There was a problem hiding this comment.
Added comment to explain that.
| // otherwise identical (parallel requests, requests when earlier requests did not modify etc) | ||
| // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request. | ||
| // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging. | ||
| // +optional |
|
This LGTM with the few minor changes I mentioned. |
mbohlool
force-pushed
the
crd_conversion_api_changes
branch
2 times, most recently
from
2422154 to
1a8aae1
Compare
staging/src/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1beta1/types.go
Outdated
Show resolved
Hide resolved
mbohlool
force-pushed
the
crd_conversion_api_changes
branch
2 times, most recently
from
5ae3346 to
f77fd9f
Compare
mbohlool
force-pushed
the
crd_conversion_api_changes
branch
from
f77fd9f to
0e2024f
Compare
|
/approve looks like verify script is failing on generated file |
k8s-ci-robot
added
the
lgtm
mbohlool
force-pushed
the
crd_conversion_api_changes
branch
from
0e2024f to
96241de
Compare
k8s-ci-robot
removed
the
lgtm
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
/approve We should get the api types here owned by the api reviewers/approvers. |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: lavalamp, liggitt, mbohlool The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
|
mbohlool
force-pushed
the
crd_conversion_api_changes
branch
from
96241de to
e27096c
Compare
k8s-ci-robot
removed
the
lgtm
|
New changes are detected. LGTM label has been removed. |
|
/test pull-kubernetes-e2e-gce-100-performance |
mbohlool
added
the
lgtm
k8s-ci-robot
added
release-note-none
|
set an empty release note, make sure we include release notes in the implementation PR |
This is the API changes section of Custom Resource Conversion feature (kubernetes/community#2420) extracted from main implementation PR #67006 for the purpose of a separate API review.
@deads2k @lavalamp @sttts @kubernetes/sig-api-machinery-api-reviews