Document the crossplane.io/external-create-... annotations #688
Conversation
These annotations were introduced in crossplane/crossplane-runtime#283. Per crossplane/crossplane#3037 folks find these annotations hard to reason about. That's understandable, because they're doing a lot of subtle things. This section ended up super long, but I think this is an area where folks really need to understand what's happening in order to make good decisions when Crossplane refuses to proceed. Signed-off-by: Nic Cope <nicc@rk0n.org>
✅ Deploy Preview for crossplane ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
|
@plumbis PTAL. I started addressing feedback and ended up with a fairly extensive refactoring. |
Signed-off-by: Nic Cope <nicc@rk0n.org>
| @@ -635,21 +635,145 @@ my-rds-instance True True my-custom-name 11m | |||
|
|
|||
| ### Creation annotations | |||
|
|
|||
| Providers create new managed resources with the | |||
| `crossplane.io/external-create-pending` annotation. | |||
| In some rare situations a provider can forget that it created a resource. When | |||
There was a problem hiding this comment.
I don't like the use of "rare" (subjective) or "forget" (anthropomorphic) .
Rare sounds non-deterministic. It may require a specific sequence but the sequence is known and should be described. It may be rare in general but when you are hitting all the time hearing it's "rare" is very frustrating.
There was a problem hiding this comment.
Point taken. Reworded to avoid "rare" and "forgot".
That said, I would prefer if folks did not read this section and think "Crossplane's going to leak my resources all the time, I shouldn't trust it".
| If the provider can't find a managed resource in an external system, it thinks | ||
| the resource doesn't exist. When the provider thinks a resource doesn't exist | ||
| it creates the resource. |
There was a problem hiding this comment.
| If the provider can't find a managed resource in an external system, it thinks | |
| the resource doesn't exist. When the provider thinks a resource doesn't exist | |
| it creates the resource. | |
| If the provider finds a managed resource with a | |
| {{<hover label="creation" line="7">}}crossplane.io/external-name{{</hover>}} | |
| annotation and doesn't find an external resource with a matching name, the | |
| provider creates a new external resource. |
Feel free to rework, but I think this should be "dumbed down" a bit and be more explicit.
- What is the provider looking for in the external system?
- How does that get connected to an MR?
- Avoid "think"
There was a problem hiding this comment.
Reworked, PTAL.
I prefer not to mention external-name again explicitly here. It feels repetitive - how the provider looks up the MR - which is what the sentence immediately prior says.
"If the provider finds an MR with..." reads strangely to me too - MRs always have this annotation.
Signed-off-by: Nic Cope <nicc@rk0n.org>
Signed-off-by: Nic Cope <nicc@rk0n.org>
Signed-off-by: Nic Cope <nicc@rk0n.org>
Signed-off-by: Nic Cope <nicc@rk0n.org>
Signed-off-by: Nic Cope <nicc@rk0n.org>
Signed-off-by: Nic Cope <nicc@rk0n.org>
Signed-off-by: Nic Cope <nicc@rk0n.org>
Signed-off-by: Nic Cope <nicc@rk0n.org>
Signed-off-by: Nic Cope <nicc@rk0n.org>
There was a problem hiding this comment.
Thanks a lot for this write-up @negz 💯
Level triggered systems are very interesting 😄
One of my favorite presentations about this is from thockin (avoiding at-ing him here): https://speakerdeck.com/thockin/kubernetes-what-is-reconciliation
With that comes to mind, that how many Crossplane controllers are able to attach (in general, approximately) labels, annotations, or similar to their managed data in the external provider, such that they can (at least in theory), find and point out all of these leaked resources, as they can see that they are indeed owned by "me" (through that label or annotation in the external system), but there is no external-name reference to them in Kube?
This indeed, would require controllers to have some kind of "identity", however, which is probably a big challenge itself (such that two controllers in two different clusters could distinguish their managed objects in the external system).
| `crossplane.io/external-create-failed` annotation after making the external API | ||
| call and receiving a response. | ||
| {{<hint "tip">}} | ||
| Crossplane calls resources that a provider creates but doesn't manage _leaked |
There was a problem hiding this comment.
| Crossplane calls resources that a provider creates but doesn't manage _leaked | |
| Crossplane calls resources that a provider created but lost track of and therefore doesn't manage _leaked |
There was a problem hiding this comment.
trying to word in such a way so that readers would understand instantly that this is an error case, without using the word "error", "exception" or "rare"
|
|
||
| When the external system generates the resource's name, the provider attempts to | ||
| save it to the managed resource's `crossplane.io/external-name` annotation. If | ||
| it doesn't, it _leaks_ the resource. |
There was a problem hiding this comment.
| it doesn't, it _leaks_ the resource. | |
| it cannot (after multiple retries), it _leaks_ the resource. |
| Each time a provider reconciles a managed resource it checks the resource's | ||
| creation annotations. If the provider sees a create pending time that's more | ||
| recent than the most recent create succeeded or create failed time, it knows | ||
| that it might have leaked a resource. |
There was a problem hiding this comment.
Are there any other common cases where this would happen than when someone went to the AWS UI and removed a reconciled bucket manually, and then Crossplane tried to recreate it, but failed to save the new name in the annotations?
@luxas We considered this. It's a non-zero amount of controllers. However given:
I'm skeptical there's value in exploring that path. Or at least it's deep into diminishing returns. At best we (Crossplane core) could offer some interface an |
|
Thanks folks! We've spent a lot of time this week wordsmithing one this week. I like where it's at right now and I need to move on to other things, so I'm going to merge it as-is. 🙂 |
These annotations were introduced in crossplane/crossplane-runtime#283.
Per crossplane/crossplane#3037 folks find these annotations hard to reason about. That's understandable, because they're doing a lot of subtle things.
This section ended up super long, but I think this is an area where folks really need to understand what's happening in order to make good decisions when Crossplane refuses to proceed.