Sig API Machinery Deep Dive – KubeCon NA 2018

Slide 1

Slide 1 text

Sig API Machinery Deep Dive Daniel Smith (Google) – Stefan Schimanski (Red Hat)

Slide 2

Slide 2 text

CR[!D] Versioning & Conversion deep dive

Slide 3

Slide 3 text

CR Conversion ● Since 1.13 as alpha: Webhook Conversion ○ similar to admission webhooks, via apiextensions.k8s.io/v1beta.ConversionReview kube-apiserver etcd GET v1 v1beta1 in-cluster webhook server ConversionRequest v1beta ⇾ v1 ConversionResponse v1 v1

Slide 4

Slide 4 text

No content

Slide 5

Slide 5 text

No content

Slide 6

Slide 6 text

No content

Slide 7

Slide 7 text

v1 v1 v1 v1 v1 v1 v2

Slide 8

Slide 8 text

0 0 1 1 0 0 0 v1 v1 v1 v1 v1 v1 v2

Slide 9

Slide 9 text

n 1 0 0 retries! 0 0 0

Slide 10

Slide 10 text

n 1 0 0 0 0 0 Plus feeding watches, per watched version 1

Slide 11

Slide 11 text

handler chain mux data flow calls back to v1 v1 v1 int int v1 int v1 int v2 v1 int int v1 hub/internal version Comparison with native types

Slide 12

Slide 12 text

@the_sttts @mbohlool Roundtrip’ability getting lossless conversion right is hard established test pattern: roundtrip test between all versions: 1. take YourResource e.g. in v1 2. fill with random values (“fuzzing”) 3. convert to e.g. v1beta1 4. convert back to v1 5. compare result with original 6. repeat Example: k8s.io/sample-apiserver/blob/master/pkg/apis/wardle/install/roundtrip_test.go

Slide 13

Slide 13 text

Roundtrip testing – how we do that in upstream use the gofuzz library + k8s.io/apimachinery/pkg/api/apitesting/roundtrip: func Funcs(codecs runtimeserializer.CodecFactory) []interface{} { return []interface{}{ func(e *audit.Event, c fuzz.Continue) { c.FuzzNoCustom(e) doAuditEventDefaulting() enforceAnyOtherTypeInvariant() } } } func TestRoundTrip(t *testing.T) { roundtrip.RoundTripTestForAPIGroup(t, Install, fuzzer.Funcs) } Example: pkg/apis/audit/fuzzer/fuzzer.go & pkg/apis/audit/install/roundtrip_test.go:

Slide 14

Slide 14 text

CRD – Outlook for 2019 and beyond

Slide 15

Slide 15 text

@the_sttts @mbohlool Outlook for 2019 and beyond ● critical issues identified for moving CRDs to GA (issue #58682): ○ generate OpenAPI spec from validation schema ➡ kubectl-side validation, kubectl explain ○ quota support ○ defaulting and pruning ○ … a number of smaller topics ● Other open, undecided topics: ○ validation schema language: alternative language, OpenAPI references, Go-types to schema ○ graceful deletion ○ validation webhook ○ arbitrary field selectors ○ protobuf encoding ○ namespace-local CRDs

Slide 16

Slide 16 text

The other big 2019 theme: Server-side Apply

Slide 17

Slide 17 text

@the_sttts @mbohlool Serverside Apply ● Plumbing: mostly done ● Pivot! ○ From x = a + (b - c) to field “managers” ● Low level operations: mostly done ● API: in progress! ○ Looks to be a big improvement over the old last-applied annotation ■ Shorter ■ Omits values ● Alpha in 1.14 ● Next steps ○ Perfect place to check general schema concerns (e.g, add discriminated unions)

Slide 18

Slide 18 text

API Machinery Q & A