-
Notifications
You must be signed in to change notification settings - Fork 911
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use server-side apply #4047
Comments
Note that there is a proof-of-concept implementation in crossplane/crossplane-runtime#358 |
As we start to move more and more resources into production with Crossplane this issue is quickly becoming a very big problem. We are often faced with a situation where the only good way to make a change to a composition is to delete the claims, otherwise any fields or data that we’ve removed never goes away. Orphaning the resources is a nerve-wracking and error-prone thing to do in production. I’m hoping this issue can get prioritized higher. |
@blakebarnett server-side apply is only a target for XP 1.15 at the moment. |
A few thoughts on tackling this:
|
Another thought: I'm guilty of doing something I ask other folks not to do here - leading with the solution and not the problem. So, to be clear, we shouldn't use SSA just for the sake of using SSA. The broad-strokes problems we want to address are:
The reason I pointed to SSA as a potential solution here is because on the surface "the API server figures it all out for you" seems nice. 😄 If client-side code is better that's totally fine. |
PR adding Server Side Apply to provider kubernetes as an alpha feature: crossplane-contrib/provider-kubernetes#134 It uses a slightly different implementation for APIServerSideApplicator than what is proposed here which aims backward compatibility with the existing applicators. It leverages the NewUnstructuredExtractor to extract fields managed by provider-kubernetes in order to decide whether an update is needed or not. |
I ended up using server-side apply to implement the new
After playing around with this, I opted to not use the |
It seems like it would be pretty feasible to update anything that uses Per kubernetes-sigs/controller-runtime#347 (comment) it seems like SSA is currently not possible with 'real' structured types (e.g. |
Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as |
/fresh this is ongoing 😁 |
Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as |
This docs entry provides the current status of server side apply support within the crossplane ecosystem: TL;DR: full server side apply from
|
Recalling that we have #5656 to further track the maturity of the SSA feature out of alpha and to Beta, I'm going to go ahead and close this issue as the initial feature is done (as outlined in the previous comment 😉). |
What problem are you facing?
Most core Crossplane reconcilers use an
Applicator
to create and update resources in the API server. For example, we use anApplicator
to keep claims synced with XRs, and to create or update an XR's composed resources.An
Applicator
provides similar "upsert" semantics tokubectl apply
. It allows you to simply "apply" your desired state - theApplicator
then figures out whether the desired state affects a resource that already exists and if so how it should update it. When we began the Crossplane project the API server and Go Kubernetes client tooling did not support this - you had to eitherCreate
a new resource, orGet
, mutate, and thenUpdate
an existing resource.There are currently two implementations of the
Applicator
interface:Both implementations simply call the underlying Kubernetes client's
Create
method if the relevant resource doesn't exist. Where they differ is what they do to update existing resources.The
APIPatchingApplicator
uses the underlying client'sPatch
method. It creates a JSON merge patch where the patch is simply the entire new, desired resource. This has a few downsides:The
APIUpdatingApplicator
uses the underlying client'sUpdate
method. It circumvents the typical read, mutate, update approach by simply passing the new desired state toUpdate
. Typically theUpdate
method guards against this by using the passed resource'smeta.resourceVersion
as a form of eventual consistency. It expects to be passed a resource version equal to the latest version passed in the API server, to ensure clients don't accidentally revert state by writing an update based on a stale read. This is the major issue with theAPIUpdatingApplicator
- it manually sets the resource version to the latest read from the API server even if the state its passing is from an older version. This leads to theAPIUpdatingApplicator
unintentionally reverting changes made by other controllers.Currently neither
Applicator
works for all situations. This results in us picking the least-bad option for a particular use case. We suspect these applicators may be the cause of several issues in Crossplane, including:Related issues
mergeOptions
are written from the perspective of Go code, not YAML #2581How could Crossplane help solve your problem?
Some time ago the Kubernetes API server introduced server-side-apply. This functionality intends to do the same thing as our
Applicator
types, deferring the "hard work" of figuring out how to make an update to the API server. Clients simply send their desired state. The API server supports more advanced merge semantics for arrays of objects, and also tracks ownership of fields to better support multiple controllers reconciling a single resource.I believe it would be worth our while to use server-side-apply. Ideally we could deprecate our bespoke
Applicator
implementations entirely.The text was updated successfully, but these errors were encountered: