Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Migration Design: Rename Bundle to ClusterBundle #485

Open
wants to merge 9 commits into
base: main
Choose a base branch
from

Conversation

erikgb
Copy link
Contributor

@erikgb erikgb commented Nov 24, 2024

Proposal on how to implement #63.

The proposed solution is based on input from "the greater community". 🥇

@cert-manager-prow
Copy link
Contributor

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

@cert-manager-prow cert-manager-prow bot added do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 24, 2024
@erikgb erikgb force-pushed the cluster-bundle-design branch 2 times, most recently from e3e7033 to 0db10c1 Compare November 24, 2024 16:38
@cert-manager-prow cert-manager-prow bot added size/L Denotes a PR that changes 100-499 lines, ignoring generated files. and removed size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 24, 2024
@erikgb
Copy link
Contributor Author

erikgb commented Nov 24, 2024

/hold

We want to discuss this proposal in our next bi-weekly meeting and allow some time to add missing details.

@cert-manager-prow cert-manager-prow bot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Nov 24, 2024
@erikgb erikgb marked this pull request as ready for review November 24, 2024 16:39
@cert-manager-prow cert-manager-prow bot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Nov 24, 2024
@damsien
Copy link

damsien commented Nov 24, 2024

The design looks good to me 👍
I wanted to open a discussion about the migration path because trust-manager uses helm chart to manage installation & upgrades.

Suppose that an user is currently using the version X. We introduce the version X+1 and then Y. After a few weeks, the user do an helm repo udpate and sees that the version Y is available. If he directly upgrade to the version Y, he will skip the patch and all of its Bundles will not be served and unusable.

@erikgb
Copy link
Contributor Author

erikgb commented Nov 24, 2024

Thanks for reviewing @damsien! ❤️

Suppose that an user is currently using the version X. We introduce the version X+1 and then Y. After a few weeks, the user do an helm repo udpate and sees that the version Y is available. If he directly upgrade to the version Y, he will skip the patch and all of its Bundles will not be served and unusable.

That's why I named it version Y, and not version X+2. 😉 You are addressing a real risk, and we should allow some time (maybe many releases) for users to migrate from Bundle to ClusterBundle. And clearly document the required upgrade path.

Copy link

@evankanderson evankanderson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since I suggested a bunch of the ideas here, I've added a few thoughts/comments, but feel free to ignore any input that's not helpful -- it's your project, not mine. 😁

design/20241124-rename-bunde-to-clusterbundle.md Outdated Show resolved Hide resolved
design/20241124-rename-bunde-to-clusterbundle.md Outdated Show resolved Hide resolved
design/20241124-rename-bunde-to-clusterbundle.md Outdated Show resolved Hide resolved
Copy link
Member

@SgtCoDFish SgtCoDFish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think this is brilliantly written and it does fill me with confidence to see this written down! The link to the chat on k8s slack was enlightening too, thanks for that!

General comment: if we implemented this design as written, the only reason for someone to migrate to ClusterBundle is because we (the maintainers) are saying they have to migrate.

There's no new features or anything to draw people to the new name, it's just a thing we changed. That doesn't mean we can't make this change (or that this is a bad change generally), but I think it's better if there's a reason for people to want to migrate, not just a reason they have migrate.

I wrote in one of my review comments about us adding ClusterBundle and making no effort to migrate (yet). If we did that - and started only adding new features to ClusterBundle - eventually, there'd be a reason that people would want to migrate. I think that's worth considering at least? But I wouldn't block progress over this, and this design is great either way!

What do you think? (sorry that's a lot of words)

design/20241124-rename-bunde-to-clusterbundle.md Outdated Show resolved Hide resolved
design/20241124-rename-bunde-to-clusterbundle.md Outdated Show resolved Hide resolved
@erikgb
Copy link
Contributor Author

erikgb commented Nov 25, 2024

There's no new features or anything to draw people to the new name, it's just a thing we changed. That doesn't mean we can't make this change (or that this is a bad change generally), but I think it's better if there's a reason for people to want to migrate, not just a reason they have migrate.

This is addressed by the motivation IMO. Doing this rename will allow us more flexibility in adding new (and already requested) features. In particular a new namespace-scoped Bundle resource. We should also improve the API while migrating, which will, at least IMO, reduce complexity significantly - both in code and testing. And simplicity is always a good platform for adding new features.

If the proposed API changes during migration is accepted, we will provide one new feature:

  • Support for multiple target keys of the same type/format

Copy link
Member

@SgtCoDFish SgtCoDFish left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

I don't see any reason we couldn't proceed with this personally, thanks for the effort on this Erik!

@cert-manager-prow cert-manager-prow bot added the lgtm Indicates that a PR is ready to be merged. label Nov 26, 2024
@cert-manager-prow
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: SgtCoDFish

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@cert-manager-prow cert-manager-prow bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 26, 2024
erikgb and others added 8 commits November 26, 2024 20:28
Co-authored-by: Evan Anderson <[email protected]>
Signed-off-by: Erik Godding Boye <[email protected]>
Signed-off-by: Erik Godding Boye <[email protected]>
Co-authored-by: Ashley Davis <[email protected]>
Signed-off-by: Erik Godding Boye <[email protected]>
Signed-off-by: Erik Godding Boye <[email protected]>
@erikgb erikgb force-pushed the cluster-bundle-design branch from 5a570ee to 6b04cd9 Compare November 26, 2024 19:33
@cert-manager-prow cert-manager-prow bot removed the lgtm Indicates that a PR is ready to be merged. label Nov 26, 2024
@cert-manager-prow
Copy link
Contributor

New changes are detected. LGTM label has been removed.

@ThatsMrTalbot
Copy link
Contributor

Could you add an example YAML of how the new spec will look?

@erikgb
Copy link
Contributor Author

erikgb commented Nov 29, 2024

Could you add an example YAML of how the new spec will look?

It makes to add an example of how we could improve the API when migrating to ClusterBundle. At the same time, this design is mainly a proposal on how to migrate from Bundle to ClusterBundle. The API improvements are not mandatory, but just a very attractive optional thing to do at the same time. 😉


### Risks and Mitigations

#### Target configmaps/secrets are accidentally deleted
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are two conflicting goals here:

  • we do not want to break the behavior when deleting the Bundle resource
  • we want to support users who remove the Bundle resource and start using the ClusterBundle instead.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

An alternative approach here would be to add owner references and document how to remove those owner references when you want to start using the ClusterBundle as the new "source of truth".

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If "owner references" are too complex, we can also implement our own garbage collector (eg. using labels).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do you consider this as "conflicting goals"? I did not mention "do not want to break the behavior when deleting the Bundle resource" as a goal specifically, did I? 🤔 Considering the alpha state of Bundle API, I don't see a big harm in potentially orphaning some resources that can easily be deleted by the user as a workaround. The alternative could be a lot more destructive.

As a user, I don't want my ClusterBundle to be deleted when the corresponding Bundle is deleted. Maybe I am missing your point. Please clarify!

Since the APIs should be quite similar, this should be a simple controller.

- `Bundle` `.spec` should be copied (and eventually slightly converted) into `ClusterBundle` `.spec`
- `Bundle` `.status` should be updated from `ClusterBundle` `.status`
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we should also add a clear message in the Bundle .status stating that using the Bundle is deprecated.
Also, the validation webhook should throw a warning explaining that the Bundle resources are deprecated.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

CRDs supports deprecating APIs/versions, and we can tailor the warning message. Isn't this enough?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Im pretty sure the CRD deprecation warning tells you every time you run kubectl against it, we can test this though to make sure thats true with all the commands (describe, get, apply). If that is the case then I think a CRD deprecation warning is enough

- configMap:
name: my-ca
key: ca.crt
target:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've often thought that instead of having spec.target.configMap and spec.target.secret we should just have spec.targets which is an array of object references including apiVersion and kind.

This makes supporting future sources much easier, say for example if we wanted to add a plugin system like cert-manager has.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Interesting! Could you draw an example? 😊

Copy link
Contributor

@ThatsMrTalbot ThatsMrTalbot Nov 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤦 I was thinking of sources not targets, for example:

apiVersion: trust-manager.io/v1alpha1
kind: ClusterBundle
metadata:
  name: my-bundle
spec:
  sources:
  # Using apiVersion/kind means we can utilise this same array for 
  # any future "extensions"/"plugins".
  #
  # Loading from other sources could be a valuable feature and this API change
  # would enable that option in the future.
  - apiVersion: v1
    kind: ConfigMap
    name: my-ca
    key: ca.crt
  ...

In my head it would mean that AWS for example could release an operator that exposes the AWSPrivateCABundleSource that a user creates to reference their private ca. Then by referencing that AWSPrivateCABundleSource object in a bundle we pick up the CA.

That kind of support would be added in the longer term, not this piece of work, but the API change could enable that future.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good input, thanks! I suggest moving the detailed API changes discussion to #242. I have also opened #486, which will be modified to change the initially unserved ClusterBundle - after it's introduced.

For this design, I suggest we agree that we should consider changing the API. And not exactly what we want to change. Are you ok with this approach?

### Goals

- `Bundle` resource is renamed to `ClusterBundle`
- `ClusterBundle` is created in the new `trust-manager.io` API group
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

to trust-manager.io from cert-manager.io?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, from trust.cert-manager.io to trust-manager.io - as a grown-up. 😉

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. dco-signoff: yes Indicates that all commits in the pull request have the valid DCO sign-off message. do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants