Metadata annotation keys are lacking K8S prefix conventions #1335
Comments
|
We have created an issue in Pivotal Tracker to manage this: https://www.pivotaltracker.com/story/show/165640281 The labels on this github issue will be updated when the story is started. |
|
Hi @gberche-orange, regarding the following:
Metadata in Cloud Controller was never intended to be used directly by the control plane, hence this part of the docs:
Given the above (I feel like it could be worded clearer, though), I feel like actually using the existing metadata for this OSBAPI interaction violates that goal. I wonder if some services-specific construct should be used instead. Tagging @zrob since he sent out the original proposal and has some more context on the product goals of metadata from that time. Also, to answer your specific question about why Annotation prefixes are different from Labels I'm not actually sure why that decision was made. To be honest, Annotations in Cloud Foundry don't support prefixes at all. It's all just one giant |
Can you please be more specific about the goal violation ? Design specs for example mention precisely the use-case that openservicebrokerapi/servicebroker#658 aims to address: Publishing user-provided information attached to resources so that 3rd party service brokers can alert on failures.
Given the metadata feature was only recently made available in CC API, and I understand CLI support is not yet available (see related cli epic, usage in the field is likely to be limited, and this might be a good time to consider such CFAR/CFCR consistency fixes that CF is aiming at. The cases where a breaking change would occur would be very rare: i.e. annotations that indeed have a prefix (i.e. contain a '/') and this prefix is not a FQDN. |
Yeah this is true, if we are going to make the field more restrictive the sooner the better. Tagging our PM @ssisil again for awareness of this request. |
|
@gberche-orange - Yes - this is something we will prioritizing. You should see something for this in one of the upcoming releases. |
Relates to: #1335 [#166526055](https://www.pivotaltracker.com/story/show/166526055) Co-authored-by: Mona Mohebbi <mmohebbi@pivotal.io> Co-authored-by: Tim Downey <tdowney@pivotal.io>
cf-gitbot
added
in progress
delivered
accepted
and removed
unscheduled
in progress
delivered
labels
|
This change shipped in capi-release 1.83.0. You restrictions on prefix/name should be what you expect, but you can read more about them in our docs: We also documented our "migration" strategy for existing data in this ADR: Most notably, we won't be attempting to migrate existing annotations that don't conform to these stricter requirements and they will continue to be readable. When a user tries to update an annotation that's non-conformant then they will get a validation error and have to make changes. |
|
great, thanks a lot @tcdowney ! I've submitted cloudfoundry/docs-cf-admin#161 to also cover annotations prefixes in doc. |
Issue
Documentation (api and user manual) and CC do not expect nor enforce that annotations conform to K8S specifications on annotations keys:
Context
Metadata design doc mentions:
The OSB API is planning to publish "public annotations" to service brokers in openservicebrokerapi/servicebroker#658 in a consistent way between K8S and CF.
The lack of consistency on annotation keys between CF and K8S makes this harder. In particular to be able to skip "private annotations" from being shared with service brokers. See related openservicebrokerapi/servicebroker#654 (comment)
Steps to Reproduce
Documentation (api and user manual) do not mention annotation key conformance to the K8S specifications
Suspecting CC code not to enforce that the annotation label keys are conformant to the K8S specifications unlike what was done for label keys in 279ea4a
Expected result
CC enforces that label keys are conformant to the K8S specifications, e.g. reject prefix that are not formatted like a DNS domain.
Also it might make sense to reserve the
cloudfoundry.orgprefix in annotations also.Annotations might be useful in the future for CF control plane for things like recording verbose audit logs (which would not be wise to store as indexed labels for performance reasons)
/CC @mattmcneeney
The text was updated successfully, but these errors were encountered: