Improvements to CRD webhook conversion KEP #2484
Conversation
k8s-ci-robot
added
size/S
k8s-ci-robot
added
cncf-cla: yes
| // These three fields should not be set for first item in Versions list | ||
| Schema *JSONSchemaProp | ||
| Subresources *CustomResourceSubresources | ||
| AdditionalPrinterColumns []CustomResourceColumnDefinition | ||
| } | ||
|
|
||
| Type CustomResourceConversion struct { | ||
| // Conversion strategy, either "nop” or "webhook”. If webhook is set, Webhook field is required. | ||
| // Conversion strategy, either "None” or "Webhook”. If Webhook is set, Webhook field is required. |
There was a problem hiding this comment.
third "webhook" is lower-case
| @@ -225,7 +230,7 @@ error on server: conversion from stored version v1 to requested version v2 for s | |||
| ``` | |||
|
|
|||
|
|
|||
| For operations that need more than one conversion (e.g. LIST), no partial result will be returned. Instead the whole operation will fail the same way with detailed error messages. To help debugging these kind of operations, the UID of the first failing conversion will also be included in the error message. | |||
| For operations that need more than one conversion (e.g. LIST), no partial result will be returned. Instead the whole operation will fail the same way with detailed error messages. Also the webhook will recieve the whole list to convert instead of items one by one. | |||
There was a problem hiding this comment.
receive
This sounds strange now to have LIST as example for multiple calls and for one call for a list.
There was a problem hiding this comment.
fixed. Where do we have LIST as an example of multiple calls? It needs multiple conversion but it will be done with a single http call.
mbohlool
force-pushed
the
crd_conversion_kep
branch
from
d9ef19d to
ee1c967
Compare
k8s-ci-robot
added
size/M
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
mbohlool
force-pushed
the
crd_conversion_kep
branch
from
ee1c967 to
c46ce6e
Compare
| // Optional, and correspond to the first version in the versions list | ||
|
|
||
|
|
||
| // These fields are optional and correspond to the first version in the versions list |
| @@ -178,20 +178,27 @@ type ConversionRequest struct { | |||
| UID types.UID | |||
| // The version to convert given object to. E.g. "stable.example.com/v1" | |||
| APIVersion string | |||
| // Object is the CRD object to be converted. | |||
| // Object is the CRD object or list of objects to be converted. | |||
There was a problem hiding this comment.
This is the custom CustomResourceList type or a generic List?
There was a problem hiding this comment.
Object will not be a CRD object, right? It will be of the type described in the CRD?
Also +1 to being explicit about the list type
There was a problem hiding this comment.
nit: CR not CRD. Will fix that.
The list is a UnstructuredList (not sure what CustomResourceList is but I assume that is what you meant).
| Object runtime.RawExtension | ||
| // IsList indicates that this is a List operation and Object contains a list of items. | ||
| IsList bool |
There was a problem hiding this comment.
Why is this necessary?
Another way to represent would be to have List []runtime.RawExtension and require that exactly one of object or list be set.
There was a problem hiding this comment.
List has its own meta data. Do we care let conversion webhook to modify that? right now the webhook is responsible for any change to that meta data (specifically changing the APIVersion). If we pass a list of objects, then the caller(APIServer) not the webhook is responsible for any list metadata changes.
There was a problem hiding this comment.
I don't see why the actual list object should be exposed to the conversion hook. Conversion is by list item by definition. @lavalamp's slice suggestion would make the interface obvious. We could even drop the Object field and just have an Objects instead.
There was a problem hiding this comment.
+1 for unifying the interface to something like objects []runtime.RawExtension, treating single and multi-item conversion requests consistently.
| // ConvertedObject is the converted version of request.Object. | ||
| ConvertedObject runtime.RawExtension | ||
| // ConvertedObject is the converted version of request.Object if the Result field is nil. | ||
| // +optional |
There was a problem hiding this comment.
Probably worth being explicit about what to do for lists.
| @@ -225,7 +232,7 @@ error on server: conversion from stored version v1 to requested version v2 for s | |||
| ``` | |||
|
|
|||
|
|
|||
| For operations that need more than one conversion (e.g. LIST), no partial result will be returned. Instead the whole operation will fail the same way with detailed error messages. To help debugging these kind of operations, the UID of the first failing conversion will also be included in the error message. | |||
| For operations that need more than one conversion (e.g. LIST), no partial result will be returned. Instead the whole operation will fail the same way with detailed error message. Also the webhook will receive the whole list to convert instead of items one by one. | |||
There was a problem hiding this comment.
Is it actually easy to always group items in a list like this, given our stack?
I think we shouldn't promise the entire list in one call. We will probably wish to call it in multiple batches, to avoid causing the webhook to need super high memory usage if for no other reason.
There was a problem hiding this comment.
refer to the other comment about list metadata. We pass a list item and implementation is strightforward right now. Even with current design and implementation, we can divide List object (UnstructuredList) into smaller valid List items and send them to webhook. We promise here that we send an UnstructuredList to the webhook. The webhook is not aware of the actual user request and we do not promise we send that whole user requested objects in one call.
| } | ||
| ``` | ||
|
|
||
| If the conversion is failed, the webhook should fail the HTTP request with a proper error code and message that will be used to create a status error for the original API caller. | ||
| If the conversion is failed, the webhook is prefered to fill up the Result field of the response with a proper error code and message instead of returning failure HTTP codes. |
There was a problem hiding this comment.
Perhaps: "Instead of returning failure HTTP status codes, the preferred way for a webhook to indicate a conversion failure is to fill the result field of the response with an error code and message. Non-200 status return codes will be taken to mean there was a problem with the webhook rather than a problem with the object to be converted."
There was a problem hiding this comment.
Fixed that in the implementation and will fix it here too.
mbohlool
force-pushed
the
crd_conversion_kep
branch
from
c46ce6e to
0c1b0a8
Compare
|
/kind kep |
|
@mbohlool: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-rebase
|
obsoleted by #2737, I thought |
|
REMINDER: KEPs are moving to k/enhancements on November 30. Please attempt to merge this KEP before then to signal consensus. Any questions regarding this move should be directed to that thread and not asked on GitHub. |
|
KEPs have moved to k/enhancements. Any questions regarding this move should be directed to that thread and not asked on GitHub. |
|
@justaugustus: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
A follow up to #2420 to address @lavalamp comments. @sttts @deads2k @erictune please let me know if you have any comment on the KEP and I can address them here or in a new PR.
/assign @lavalamp
/sig api-machinery