New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adoption design #2067
Adoption design #2067
Conversation
52d6b4a
to
8588011
Compare
I'm honestly pretty torn on this one. @sakthi-vetrivel curious about your thoughts on this as well. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If would have a vote on this I'd vote for option 1. That's what I would expect from a controller and I guess the whole point of a "smart guess for deletion policy" is to match what a user would expect.
I think it makes it more homogenous across all resources in a set of resources you apply and also doesn't leave room for surprises. I don't think we have to protect the users from deletion, because it is equivalent to ARM templates or SDKs as you said. Since there's no UI involved there's not going to be a "are you sure you want to delete?" pop-up, but someone intentionally calls the delete API endpoint. In my opinion it's the same whether I call the ARM API, use the SDK or cal a k8s API endpoint to delete a resource.
docs/hugo/content/architecture-decision-records/ADR-2022-02-Adoption-Policy.md
Outdated
Show resolved
Hide resolved
docs/hugo/content/architecture-decision-records/ADR-2022-02-Adoption-Policy.md
Outdated
Show resolved
Hide resolved
> In the case of ACK and the user experience of resource deletion, I posit that the behaviour of our interface has | ||
> no surprises and is actually hard to misuse. It doesn't have surprises because our interface to delete a resource | ||
> is to call kubectl delete on that resource. This is as non-surprising as it gets. It is hard to misuse because | ||
> calling kubectl delete is an explicit action the user has to take and it's not a confusing verb or semantic. | ||
> "delete" means to remove the resource. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fully agree with this.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I fully agree that there's no ambiguity that kubectl delete
means remove the resource from the cluster.
That said, I do think that different users will have different expectations about whether deletion from the cluster necessarily requires deletion from Azure as a natural consequence.
docs/hugo/content/architecture-decision-records/ADR-2022-02-Adoption-Policy.md
Outdated
Show resolved
Hide resolved
This is related to #1465 |
docs/hugo/content/architecture-decision-records/ADR-2022-02-Adoption-Policy.md
Outdated
Show resolved
Hide resolved
docs/hugo/content/architecture-decision-records/ADR-2022-02-Adoption-Policy.md
Outdated
Show resolved
Hide resolved
docs/hugo/content/architecture-decision-records/ADR-2022-02-Adoption-Policy.md
Outdated
Show resolved
Hide resolved
docs/hugo/content/architecture-decision-records/ADR-2022-02-Adoption-Policy.md
Outdated
Show resolved
Hide resolved
> In the case of ACK and the user experience of resource deletion, I posit that the behaviour of our interface has | ||
> no surprises and is actually hard to misuse. It doesn't have surprises because our interface to delete a resource | ||
> is to call kubectl delete on that resource. This is as non-surprising as it gets. It is hard to misuse because | ||
> calling kubectl delete is an explicit action the user has to take and it's not a confusing verb or semantic. | ||
> "delete" means to remove the resource. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I fully agree that there's no ambiguity that kubectl delete
means remove the resource from the cluster.
That said, I do think that different users will have different expectations about whether deletion from the cluster necessarily requires deletion from Azure as a natural consequence.
docs/hugo/content/architecture-decision-records/ADR-2022-02-Adoption-Policy.md
Outdated
Show resolved
Hide resolved
docs/hugo/content/architecture-decision-records/ADR-2022-02-Adoption-Policy.md
Outdated
Show resolved
Hide resolved
8588011
to
9320c3c
Compare
**Disadvantages:** | ||
- Possibility of collision between user specified `reconcile-policy` and the `reconcile-policy` written by the operator because | ||
of `reconcile-policy-if-exists`. | ||
- We can mitigate this issue by rejecting some configurations with a webhook, although we have to be careful how we craft |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would something like reconcile-policy: skip
, reconcile-policy-if-not-exists: manage
be possible to express using this method? What would happen in that case for a resource that does not already exist?
(Asking generally, I don't think we'd do something like that in CAPZ)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great question. I've expanded the disadvantages section to talk about two types of possible mitigation here (up from 1).
The second option is to allow both and have reconcile-policy-if-exists
always overwrite reconcile-policy
. The only downside I see to this is that it could cause some gitops flows issue as we might overwrite the annotation they provided with the annotation in reconcile-policy-if-exists
, causing their checked-in spec to differ from the active spec (annotation mismatch). It's a minor issue but at the same time I am not clear on what exact scenarios users would really want to set both in practice, for example your example scenario feels pretty contrived. One that seems possibly valid is: reconcile-policy: detach-on-delete
and reconcile-policy-if-exists: skip
...
I've updated the decision section to lean in the direction of the first option (webhook prevention) as we can always expand it later but we can't undo letting users set both if we do it now, but I'm open to other opinions on that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with your conclusions.
2e4ebf4
to
00960e0
Compare
Codecov Report
@@ Coverage Diff @@
## main #2067 +/- ##
==========================================
- Coverage 54.48% 54.48% -0.01%
==========================================
Files 1228 1228
Lines 542444 542444
==========================================
- Hits 295552 295534 -18
- Misses 198530 198544 +14
- Partials 48362 48366 +4 see 8 files with indirect coverage changes Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. |
83de00e
to
e02bbec
Compare
e02bbec
to
9537ae7
Compare
/ok-to-test sha=9537ae7 |
1 similar comment
/ok-to-test sha=9537ae7 |
A design for how the operator will "adopt" resources that existed in Azure before they were created in Kubernetes.