Adding documentation on recommended labels and annotations #8703
Conversation
This content was developed as part of the App Def WG
k8s-ci-robot
added
cncf-cla: yes
|
Deploy preview for kubernetes-io-master-staging ready! Built with commit 4294dda https://deploy-preview-8703--kubernetes-io-master-staging.netlify.com |
| | `app.kubernetes.io/part-of` | The name of a higher level application this one is part of | `wordpress` | string | | ||
| | `app.kubernetes.io/managed-by` | The tool being used to manage the operation of an application | `helm` | string | | ||
|
|
||
| To illustrative these labels in action consider the following StatefulSet object |
There was a problem hiding this comment.
Replace lines 47-48 with:
To illustrate these labels in action, consider the following StatefulSet object:
| | `app.kubernetes.io/version` | The current version of the application (e.g., a semantic version, revision hash, etc.) | `5.7.21` | string | | ||
| | `app.kubernetes.io/component` | The component within the architecture | `database` | string | | ||
| | `app.kubernetes.io/part-of` | The name of a higher level application this one is part of | `wordpress` | string | | ||
| | `app.kubernetes.io/managed-by` | The tool being used to manage the operation of an application | `helm` | string | |
There was a problem hiding this comment.
I think there was still some discussion in the other PR on whether or not managed-by should be a label or annotation. Did that discussion get resolved out of band somewhere?
There was a problem hiding this comment.
The separation between label/annotation was made answering this question:
- Is a tool or user may want to filter / query by the label XYZ
If yes = labels
if no = annotation
I don't know... I tend to say yes for managed-by,
- Tool: show me all resources I've deployed
managed-by: meand associated toapp: wordpress
There was a problem hiding this comment.
I agree with @ant31 on this. Labels can be queried and the tool managing something is worth querying.
| used. | ||
|
|
||
| ## Labels | ||
|
|
There was a problem hiding this comment.
Need a note about where to apply those labels (everywhere).
e.g.
In order to take full advantage of using those labels, they should be applied similarly on every resources kind.
There was a problem hiding this comment.
Done. I tweaked the language.
| ``` | ||
|
|
||
| ## Annotations | ||
|
|
There was a problem hiding this comment.
I'd remove the annotations from the first iteration, it overlaps with the 'ApplicationCRD', which seems a better approach (IMO) to hold metadata around an application (usage/website/maintainers...) so I'd wait a bit more.
We may keep the section as place-holder and explain why we are not proposing any annotation yet and point to the AppCrd repo.
There was a problem hiding this comment.
After the discussion we had in the App Def WG on this I've gone ahead and removed annotations.
|
|
||
| | Key | Description | Example | Type | | ||
| | ----------------------------------- | --------------------- | -------- | ---- | | ||
| | `app.kubernetes.io/name` | The name of the application | `mysql` | string | |
There was a problem hiding this comment.
app.kubernetes.io/app seems redundant, doesn't it? app is in there twice. name says that it's the name of the app.
|
I actually wonder - In the context of CRDs, did the discussion distinguish between the controller and the actual workloads it manages? I.e. KubeVirt has infra which watches CRs (controller), and launches pods 8workloads) for them. To which part of those should the labels be applied? Also: Will the "Application CRD" also be continued to be discussed? |
|
@fabiand this the goal of label 'managed-by'. The resource created by the operator will then be: Does it answer your use case?
Yes, this proposal doesn't overlap and goals are different. |
There was a problem hiding this comment.
@mattfarina Great start, thanks for re-opening this. ✨ Some edits for tighter language/style consistency.
| --- | ||
|
|
||
| {{% capture overview %}} | ||
| Many tools can be used to visualize and manage Kubernetes objects. The tools used |
There was a problem hiding this comment.
Replace this paragraph (lines 7-10) with:
You can visualize and manage Kubernetes objects with more tools than kubectl and the dashboard. A common set of labels and annotation allows tools to work interoperably, describing objects in a common manner that all tools can understand.
| between tools, a common set of labels and annotation allows objects to be described | ||
| in a common manner that all tools can understand. | ||
|
|
||
| In addition to supporting tooling, the recommended labels and annotations describe |
There was a problem hiding this comment.
Replace lines 12-14 with:
In addition to supporting tooling, the recommended labels and annotations describe applications in a way that can be queried.
| {{% /capture %}} | ||
|
|
||
| {{% capture body %}} | ||
| The recommended object metadata is broken apart so that some of it is labels while |
There was a problem hiding this comment.
Replaces lines 18-21 with:
The recommended object metadata is broken apart into labels and annotations. Labels are shorter: you can include them when querying the Kubernetes API. Annotations are for longer data that's not meant to be queried.
There was a problem hiding this comment.
I removed this section since we reduced document scope to just labels.
| queried. | ||
|
|
||
| The metadata is organized around the concept of an Application. Kubernetes is not | ||
| a Platform as a Service and doesn't have or enforce a formal notion of an application. |
There was a problem hiding this comment.
Replace:
a Platform as a Service and
with:
a platform as a service (PaaS) and
| the Kubernetes API. Annotations allow for longer data that's not meant to be | ||
| queried. | ||
|
|
||
| The metadata is organized around the concept of an Application. Kubernetes is not |
There was a problem hiding this comment.
Replace line 23 with:
The metadata is organized around the concept of an _application_. Kubernetes is not
So:
The metadata is organized around the concept of an application. Kubernetes is not
| Note, these are recommended labels and annotations. They aid the use of managing | ||
| applications but are not required for any core tooling to work. | ||
|
|
||
| One common theme you'll notice about the labels and annotations is that they |
There was a problem hiding this comment.
Replaces lines 31-35 with:
> Shared labels and annotations share a common prefix: `app.kubernetes.io`. Labels and annotations without a prefix are private to users. The shared prefix ensures that shared labels do not interfere with custom user labels.
So:
Shared labels and annotations share a common prefix:
app.kubernetes.io. Labels and annotations without a prefix are private to users. The shared prefix ensures that shared labels do not interfere with custom user labels.
| | `app.kubernetes.io/part-of` | The name of a higher level application this one is part of | `wordpress` | string | | ||
| | `app.kubernetes.io/managed-by` | The tool being used to manage the operation of an application | `helm` | string | | ||
|
|
||
| To illustrative these labels in action consider the following StatefulSet object |
There was a problem hiding this comment.
Replace lines 47-48 with:
To illustrate these labels in action, consider the following StatefulSet object:
| | `app.kubernetes.io/usage` | The location of an applications usage information (e.g., details for how it's being run by an organization). A preference is given to version specific information | `https://example.com/foo/1.2/` | URL | | ||
| | `app.kubernetes.io/website` | A website to find out more information about the application in general | `https://wordpress.org` | URL | | ||
|
|
||
| To illustrative these annotations in action consider the following StatefulSet object |
There was a problem hiding this comment.
Replace lines 69-70 with:
To illustrate these annotations in action, consider the following StatefulSet object:
There was a problem hiding this comment.
This was removed since the annotations were removed all together.
| ... | ||
| ``` | ||
|
|
||
| MySQL is exposed as a `StatefulSet` with metadata for both it and the larger application it is apart of: |
There was a problem hiding this comment.
Replace with:
MySQL is exposed as a `StatefulSet` with metadata for both it and the larger application it belongs to:
So:
MySQL is exposed as a
StatefulSetwith metadata for both it and the larger application it belongs to:
|
|
||
| ### Web Application With A Database | ||
|
|
||
| A slightly more complicated application may be a web application and a database. For this example we consider WordPress using a MySQL database. To add to the metadata complexity Helm is used to install the application. The following snippets illustrate the start of objects used to deploy this application. |
There was a problem hiding this comment.
Replace with:
Consider a slightly more complicated application: a web application (WordPress) using a database (MySQL), installed using Helm. The following snippets illustrate the start of objects used to deploy this application.
|
@fabiand The application CRD/controller will continue as discussed. Everything on the workloads API (deployments, jobs, etc) should have these labels. When it comes to CRDs, it would make sense if they are part of an application. |
|
@zacharysarah I responded to all of your editorial comments. Please let me know if there is anything else I need to do. @ant31 @garethr @prydonius @kow3ns can one of you give this a technical review. |
|
How would I select everything that is part of an application? If I were to delete, export all the resources the application wordpress (in the example for application with database), what query would I need to run? Would it need to be multiple queries? Would leave the database in the example (mysql) out. |
|
@jorgemoralespou it would be: |
|
@ant31 then maybe the examples need to be updated. If you look into the examples already documented, those labels are not on the Deployment and the service for "wordpress" so that query would not select them. |
|
@jorgemoralespou can you comment on the PR where it should be added ? Is adding a section with query exampels could help ? 1. List all resources related to wordpress:
$ kubectl get all -l=app.kubernetes.io/part-of=wordpress
2. List all resources associated to the mysql database of wordpress
$ kubectl get all -l app.kubernetes.io/part-of=wordpress,app.kubernetes.io/name=mysql
3. List all resources deployed by the operator/tool
$ kubectl get all -l app.kubernetes.io/managed-by=olm
4. Find all stateful/database resources
$ kubectl get all -l app.kubernetes.io/component=database |
|
@ant31 A section with queries would definitely help, but my concern is more with a flaw in the design you're laying out, than a flaw in documentation.
With any of the queries you've expressed before I can either get part of the resources in the query or more resources than I would possibly want. I hope this explains my concern. In our use of labeling for apps/components, we always label every component with app=NAME_OF_APP and then every component with component=NAME_OF_COMPONENT so we can either select one or all with one single query. |
In the documentation, none of them are marked as optional. It's still an opt-in for each tool, an organization to follow them or not.
This is the label
What is missing ? |
|
@ant31 In the document example, the wordpress core component is defined as this: So, given your answer:
Will not select these resources. If the labels are not optional (I might have that from the previous PR that lead to this one) and are expected on every resource, all of them, then please use all the labels in all the examples, as otherwise will be confusing. If the labels are not mandatory for every resource, then document minimal set of labels to properly identify every piece in a multi component application. |
|
@jorgemoralespou I think a few things are important about this:
It would be nice to have one release grouping name for an instance of an application that all assets can have as a label. The reason I'm not pushing for that, yet, is because I would like to work out how to couple that to the application CRD as the recommended name to use. Then the circle can be complete. If we do it outside the application CRD we will have other problems to solve such as name uniqueness and tool interoperability around handing/generating unique names. Can we put off the unique label until the application CRD is beta and ready for people to start using it? |
Yes, thanks! @ant31 @mattfarina |
|
@mattfarina thanks for your reply, but you got me even more confused. When you say:
I've always thought that kubernetes provided two different "identifying" aspects to the resources. On one side, labels, which per the documentation are "Labels are intended to be used to specify identifying attributes of objects that are meaningful and relevant to users, but do not directly imply semantics to the core system", and then annotations, that are also documented as "annotations to attach arbitrary non-identifying metadata to objects. Clients such as tools and libraries can retrieve this metadata". So, not sure how this match with your statement above. Then you continue with:
No matter how many times I read this document/proposal, I can not really glimpse this statement you mention. If this is the intent, this should be clearly documented to prevent misunderstanding. And then you say:
Reading that github repo's documentation, I'm even more lost, as even though it defines an application CRD, then it uses the labels here proposed as selector. So, if I combine both examples then things would not work, as in the CRD you identify an instance of an application using the label "app.kubernetes.io/name" while here this label has different values as it does identify the component name (part of an application). Maybe I'm overcomplicating things, but as they are documented, both proposals can not work together IMHO. Just take my comments as a casual user, I'm in no way a k8s developer, and you guys here probably know much more and better. I hope not to be making noise, but to help make things consistent, as this is key for us, where we consider apps a fundamental concept, as we're developers. Cheers, |
|
@jorgemoralespou thank you for your feedback. We're going to discuss this PR during next sig-apps meeting (Monday 25th June, 6pm CET).
Most controllers are based on matching labels, the Label entity is core to kubernetes concepts. Nearly nothing is working without using labels. But no label key/value is hard-coded or required, it's all based on matchSelector.
This why this recommendation is toward tools and not users.
The AppCRD is using matchLabels, it's possible to use any label. The CRD doesn't default nor force to use the labels recommended here. |
|
@ant31 I don't want to sound like a troll, I just keep discussing this to try to make sure it'll solve what you intend. Also because I can't attend sig-apps, I'll be on the air. Anyways. My point, and why I complained, is that in the examples you provide, there's no way I can select with just one single selector all the components of an app. And as such, the CRD as it uses a single LabelSelector it will not be able to model my app, and I will need to include an extra label, that I can set on all the resources (not the ones you define here) to be able to create my app resource. Taking the example from the CRD, current implementation, and the examples in this proposal: This would select only the wordpress svc and deployment in your example for a web application with a database. There's no way, with the examples you're using that I could create my application CRD. Could you just provide me with the complete definition of the 4 resources there(mysql svc, mysql statfulset, wordpress svc and wordpress deployment) that could be selected with an application CRD like the above? |
| labels: | ||
| app.kubernetes.io/name: wordpress | ||
| app.kubernetes.io/version: "4.9.4" | ||
| app.kubernetes.io/managed-by: helm |
There was a problem hiding this comment.
Recommend adding labels:
app.kubernetes.io/component: server
app.kubernetes.io/part-of: wordpress
| labels: | ||
| app.kubernetes.io/name: wordpress | ||
| app.kubernetes.io/version: "4.9.4" | ||
| app.kubernetes.io/managed-by: helm |
There was a problem hiding this comment.
Recommend adding labels:
app.kubernetes.io/component: server
app.kubernetes.io/part-of: wordpress
I've already agreed with this point, #8703 (comment), if the examples are not complete, let's update/comment on them
then we're going back to the examples are missing some labels:
So yes, examples could be completed to cover more query usecases. But even without updating them, we are not enforcing to use any of those labels. User can chose to pick one, 2, 5 or none. It depends on everyone usecase: why would I need 'part-of' If I'm deploying a standalone stateless application ? To be clear, no problem is being solve here, it's only a consensus around label keys name that are already largely in used by the community. By pushing this convention we are improving the interroperability of application and UX in general. |
|
@jorgemoralespou I added a section on instance name vs name as well as the instance field we had discussed in SIG Apps. Does this help? @ant31 @garethr @prydonius can you take a look at the changes? |
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: zacharysarah The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
added
the
approved
This is a continuation of the PR at #7695 that was closed due to structure changes. This includes those changes as well as some feedback.
cc: @heckj @garethr @prydonius @errordeveloper @bgrant0607 @pwittrock @dlorenc @ant31 @erictune @jbeda @demobox @chenopis @Bradamant3 @zacharysarah