Add finalizing virtualworkspace #3615
Conversation
kcp-ci-bot
added
do-not-merge/work-in-progress
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
kcp-ci-bot
added
do-not-merge/needs-kind
…rName This is required so we can use the LogicalClusterFinalizer as a custom string type like we do it with LogicalClusterInitializer On-behalf-of: SAP <[email protected]> Signed-off-by: Simon Bein <[email protected]>
On-behalf-of: SAP <[email protected]> Signed-off-by: Simon Bein <[email protected]>
…urls" This reverts commit 623580d.
On-behalf-of: SAP <[email protected]> Signed-off-by: Simon Bein <[email protected]>
SimonTheLeg
force-pushed
the
finalizing-workspace
branch
from
564fb45 to
0eb0bc1
Compare
kcp-ci-bot
removed
the
needs-rebase
SimonTheLeg
force-pushed
the
finalizing-workspace
branch
4 times, most recently
from
0400091 to
d46891c
Compare
kcp-ci-bot
added
release-note
SimonTheLeg
changed the title
kcp-ci-bot
removed
the
do-not-merge/work-in-progress
|
Getting the ball rolling on the discussion items:
|
SimonTheLeg
force-pushed
the
finalizing-workspace
branch
from
0dc7d81 to
c2ecefe
Compare
On-behalf-of: SAP <[email protected]> Signed-off-by: Simon Bein <[email protected]>
SimonTheLeg
force-pushed
the
finalizing-workspace
branch
from
c2ecefe to
73b07b0
Compare
|
/test pull-kcp-test-e2e-shared |
Im somehow tempted to say - let's use the same behaviour - patch status. Feels like the finalisers field should be protected from user modification here. And If we agree otherwise, I would make the same change to both virtual workspaces to have consistent behaviour.
+1 on having proxy. In my head consistent sysmte beahaviour is above trying to be smart :) |
| } | ||
|
|
||
| // add finalizers from the status as hashed labels | ||
| finalizerKeys := sets.New[string]() |
There was a problem hiding this comment.
is. the hashed thing here due to . in the name?
There was a problem hiding this comment.
Main motivation was to keep it consistent with how initializers do it (see code block directly above this one).
I think the idea behind this was:
kcp/sdk/apis/tenancy/initialization/utils.go
Lines 87 to 89 in 459fa3b
| // LogicalClusterFinalizerName attached to the owner of the LogicalCluster resource (usually a Workspace) so that we can control | ||
| // deletion of LogicalCluster resources. | ||
| LogicalClusterFinalizer = "core.kcp.io/logicalcluster" | ||
| LogicalClusterFinalizerName = "core.kcp.io/logicalcluster" |
There was a problem hiding this comment.
This could be separate PR and diff for this would be way way smaller.
There was a problem hiding this comment.
for next time. lets leave it for now.
| withoutRootPathPrefix := strings.TrimPrefix(urlPath, rootPathPrefix) | ||
|
|
||
| // Incoming requests to this virtual workspace will look like: | ||
| // /services/finalizingworkspace/<finalizer>/clusters/<something>/apis/workload.kcp.io/v1alpha1/synctargets |
There was a problem hiding this comment.
can we remove synctarget from example? :D
There was a problem hiding this comment.
Ah good old copy pasting stuff. will change it :D
| // - request finalization by a specific controller | ||
| // | ||
| // That is, a request for | ||
| // GET /services/finalizingworkspaces/<finalizer>/clusters/*/apis/core.kcp.io/v1alpha1/logicalclusters |
There was a problem hiding this comment.
This would change if we go proxy way? I mean we would get access to the logical cluster via similar url?
There was a problem hiding this comment.
Not directly. Initializers use 3 distinct virtual workspaces under the hood to handle this:
- handles all the LIST requests (aka get
clusters/*) - handles GET/PATCH requests to a single Logicalcluster (aka update
clusters/asdfasdfa). I think this mainly exists so we can restrict which fields of a LogicalCluster a user can edit, because with 3., I think you can just do about anything you want with the objects - handles all other requests and proxies them straight through to kcp
But I agree that maybe this doc.go is written a bit misleading. I just copy pasted it from initializers and never looked back 😅. I'll update it to be a bit more precise once I have built virtualworkspace 3.
Let's leave this comment open for now.
|
|
||
| // HasDeletionTimestamp returns whether a runtime.object has a deletion timestamp | ||
| // wrapping the meta.Objects deletiontimestamp functionality. | ||
| var HasDeletionTimestamp ObjectFilterFunc = func(ctx context.Context, obj runtime.Object) bool { |
There was a problem hiding this comment.
Oh yeah that is a good point, there is no big value in exposing this and it is only a helper func for WithDeletionTimestamp
On-behalf-of: SAP <[email protected]> Signed-off-by: Simon Bein <[email protected]>
SimonTheLeg
force-pushed
the
finalizing-workspace
branch
from
73b07b0 to
593e6e6
Compare
- pkg/virtual/finalizingworkspaces - sdk/apis/tenancyfinalization - test/e2e/virtual/finalizingworkspaces On-behalf-of: SAP <[email protected]> Signed-off-by: Simon Bein <[email protected]>
On-behalf-of: SAP <[email protected]> Signed-off-by: Simon Bein <[email protected]>
|
@SimonTheLeg: The following tests failed, say
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
4 participants
This PR adds the finalizing virtual workspace and surrounding logic. Similiar to initializers, Workspacetypes can specify having a finalizer or inherit finalizers via extends.With. These finalizers get added to the Logicalclusters and need to be removed before a logicalcluster can be fully deleted. A virtual workspace is being provided which gives access to all Logicalclusters which have the corresponding finalizer. This allows end-users to write operators with custom cleanup logic.
More details can be obtained from the docs update in this PR.
Open discussions / TODOs
metadata.finalizers, as this has the most k8s native feel. This is also how it is implemented at the moment. This is slightly different to how initializers work, since for initializers you would remove it fromstatus.initializers. Back then we decided that for finalizers we prefer themetadata.finalizersapproach due to ease of use. However while working on this some new facts have come to light, which make me wonder if we want to stick with this approach: The main factor is that we cannot directly use regular finalizers (e.g. "root:myworkspacetype"), as the colon:character is not allowed in themetadata.finalizersfield. We therefore always have to convert these. Currently we simply replace the colon character with a dot (https://github.com/SimonTheLeg/kcp/blob/d46891c8d2111ce3d1e94891ab4bfcc9137d4d46/sdk/apis/tenancy/finalization/utils.go#L71-L73). However for end-users I think this is rather confusing, because they would also need to do this conversion. As a result I am wondering if it would not be better if we keep this implementation detail hidden; Essentially build it exactly like we do it for initializers and have people patch the status there and then our controller would update the metadata.finalizers field. What do you prefer?Summary
What Type of PR Is This?
/kind feature
Release Notes