New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Register RuntimeClass CRD in nodelifecycle controller #67924
Conversation
/assign @mikedanese @caesarxuchao |
b885315
to
051f314
Compare
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: tallclair If they are not already assigned, you can assign the PR to them by writing The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
/retest |
The code is fine, but I got a few high-level questions.
|
It doesn't, particularly. I chose the node-lifecycle controller as the closest fit from the existing controllers. It didn't seem worth adding a new controller component just to install the CRD. We may introduce a control-plane component in the future, in which case it would make sense to move the CRD registration to that component instead. WDYT?
What happens to existing resources if the CRD is deleted? What happens to the instances cached in informers? A pod that doesn't reference a RuntimeClass (or the empty "" runtime class) is always allowed. In general, I'm OK with this for alpha, but it's something to think about for beta.
RBAC rules are additive / allow only, so I don't think there's anything we can do there. There is a broader open question around how we want to deal with this for core components. Again, I think for alpha, it's OK to ignore it.
Interesting. What happens to the existing instances if the the schema changes? Since it's a CRD, my hunch is that leaving it in place will be preferable, and it will just be ignored by the core components at that point, but I'll defer to the experts. I'll follow up on this. |
After investigating, I think doing this through an addon is preferable. See the alternative approach in #68161 |
Automatic merge from submit-queue (batch tested with PRs 68161, 68023, 67909, 67955, 67731). If you want to cherry-pick this change to another branch, please follow the instructions here: https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md. Register RuntimeClass CRD as an addon **What this PR does / why we need it**: Register the RuntimeClass CRD when the RuntimeClass feature gate is enabled. This is done in through the addon manager. This is an alternative approach to #67924 **Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*: For kubernetes/enhancements#585 **Release note**: Covered by #67737 ```release-note NONE ``` /sig node /kind feature /priority important-soon /milestone v1.12
What this PR does / why we need it:
Register the RuntimeClass CRD when the RuntimeClass feature gate is enabled. This is done in the node lifecycle controller as a convenient peripherally related component.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged):For kubernetes/enhancements#585
Release note:
Covered by #67737
/sig node
/kind feature
/priority important-soon
/milestone v1.12