Make clarifications and add detail to API document #40
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
| it has received a `Broker` resource and successfully called the backing CF | ||
| broker's catalog endpoint. | ||
|
|
||
| *TODO: Make explicit the relationship between service classes and plans* |
There was a problem hiding this comment.
does this mean that plans will be separate resources (e.g. ServicePlan)?
There was a problem hiding this comment.
Not necessarily. It only means that we did not have an agreement on it and need to discuss as a group. I have my own opinions but we need to agree as a group.
There was a problem hiding this comment.
@pmorie yes, I'm ok that this remains a TODO
| endpoint for the application to use the `Instance` via | ||
| 2. The name of a Kubernetes `Secret` resource to hold credentials necessary to | ||
| use the service | ||
| 3. The name and spec of a Kubernetes `ServiceInjectionPolicy` to create |
There was a problem hiding this comment.
There's no section for ServiceInjectionPolicy in this doc. Although we've talked about it, let's leave this point out or create a section for it here.
Since this resource and its admission controller must both exist, and neither are yet available, I'd prefer that we do the former.
There was a problem hiding this comment.
@arschles Yeah, the ServiceInjectionPolicy is going to be worked out in the main repo. I haven't made the proposal yet -- I will tag you in when I do.
There was a problem hiding this comment.
I had remembered this being a point of agreement in the F2F, but I am happy to remove it for now and add it in a follow-up PR.
pmorie
force-pushed
the
api-clarification
branch
from
a97c99d
to
a7323ed
Compare
|
@arschles I have removed the |
|
|
||
| ## `Instance` | ||
| *TODO: codify how asynchronous responses are handled in the controller* |
|
LGTM |
|
|
||
| 1. Make a request against a given CF service broker's catalog endpoint | ||
| An administrator to creates an instance of the `Broker` resource to indicate |
|
|
||
| 1. Make a request against a given CF service broker's catalog endpoint | ||
| An administrator to creates an instance of the `Broker` resource to indicate | ||
| their intent to consume that broker in the service catalog. |
There was a problem hiding this comment.
instead of consume, I wonder if something that says about intent to make the Service Classes provided by that broker available in the service catalog would be clearer?
their intent to make Service Classes provided by that broker available in the service catalog
There was a problem hiding this comment.
Yeah, that is a good idea.
| controller receives an `ADD` watch event for a new `Broker`, it contacts the | ||
| broker to determine what service classes the broker offers: | ||
|
|
||
| 1. Makes a request against a given CF service broker's catalog endpoint |
There was a problem hiding this comment.
Maybe explain what CF is before using it? Or somewhere put a link to the Open Service Broker API?
https://github.com/openservicebrokerapi/servicebroker/blob/master/spec.md
There was a problem hiding this comment.
How about just s/CF service broker/broker/
|
|
||
| 1. *The `Broker` that caused the `ServiceClass` was deleted* | ||
| 1. *The `ServiceClass` itself was deleted* | ||
| 1. The controller calls the provision endpoint on the broker |
There was a problem hiding this comment.
Just like above you explicitly called the GET /v2/... maybe say here:
PUT /v2/service_instances/:instance_id
There was a problem hiding this comment.
Yeah, I was planning on adding that level of detail in the next pass, if you are okay with that. We can add it now if you feel strongly.
|
|
||
| *TODO: what happens when an `Instance` resource is deleted?* | ||
| A `Binding` represents the binding between an application and an `Instance` of a |
There was a problem hiding this comment.
Consider adding a TODO to clarify what an application is in this context?
| 1. The name of a Kubernetes core `Service` resource to provide a stable | ||
| endpoint for the application to use the `Instance` via | ||
| 2. The name of a Kubernetes `Secret` resource to hold credentials necessary to | ||
| use the service |
There was a problem hiding this comment.
TODO for ConfigMap / Injection Policy, or whatever it was called?
| 1. The controller calls the binding endpoint on the broker | ||
| 2. The broker returns a response containing credentials and coordinates for | ||
| the binding | ||
| 3. The controller creates a Kubernetes `Service` with the given name with the |
There was a problem hiding this comment.
TODO, I think there's other conditions here to keep track of the state (this is the discussion we had yesterday). If the object keeps state of the provisioning lifecycle. Like, after creating the binding, or something like that so that they don't get lost if things crash.
There was a problem hiding this comment.
I do agree additional design and clarity on the specifics of API conditions is needed.
pmorie
force-pushed
the
api-clarification
branch
from
a7323ed
to
6819d6e
Compare
|
@vaikas-google made some fixes, PTAL |
|
LGTM |
| intent to make the service classes provided by that broker available in the | ||
| catalog. | ||
|
|
||
| The catalog controller has a watch on the `Broker` resource. When the |
There was a problem hiding this comment.
"catalog controller" not "service catalog controller"? Are we intending to have two controllers?
There was a problem hiding this comment.
Just me being imprecise. One controller.
|
|
||
| A `ServiceClass` represents an offering in the service catalog. A | ||
| `ServiceClass` is not usable directly; an `Instance` of a `ServiceClass` must be | ||
| created to be consumed by an application. | ||
|
|
||
| This resource is created by the service catalog's controller event loop after |
There was a problem hiding this comment.
ok for now, but I'm not a fan of repeating stuff since its asking for things to get out of sync. So we shouldn't repeat what was stated in the previous section.
There was a problem hiding this comment.
I'm not a fan of repeating stuff either, but I want each thing to have an unambiguous statement of what it is associated with it in this manner.
|
|
||
| The service catalog controller has a watch on the `Instance` resource and | ||
| receives an `ADD` watch event. The controller then attempts to provision a new | ||
| instance: |
There was a problem hiding this comment.
should probably say:
...to provisions a new instance of the service via the corresponding service broker.
Otherwise it sounds like the controller is creating what the consumer just created.
| `Instance` created, it calls the provision endpoint on the backing CF service | ||
| broker and writes `provisioned` into a `status` field of the | ||
| `Instance`. | ||
| A `Binding` represents the binding between an application and an `Instance` of a |
There was a problem hiding this comment.
perhaps "... represents a "used by" relationship between... "
or "... represents a link between ..."
just trying to avoid using the word "bind" again.
| 1. The name of a Kubernetes core `Service` resource to provide a stable | ||
| endpoint for the application to use the `Instance` via | ||
| 2. The name of a Kubernetes `Secret` resource to hold credentials necessary to | ||
| use the service |
There was a problem hiding this comment.
Perhaps add something like:
If these values are not provided then the name of the service instance will be used by default.
pmorie
force-pushed
the
api-clarification
branch
from
6819d6e
to
070b4e0
Compare
|
Thanks for the feedback, @duglin -- incorporated in latest push, PTAL. |
|
LGTM |
|
|
||
| This resource is created by an administrator to instruct the service catalog's | ||
| controller event loop to do the following: | ||
| A `Broker` represents an entity that provides service classes for use in the |
|
|
||
| The service catalog controller has a watch on the `Broker` resource. When the | ||
| controller receives an `ADD` watch event for a new `Broker`, it contacts the | ||
| broker to determine what service classes the broker offers: |
There was a problem hiding this comment.
How about adding this bit: "... it contacts the specified backing broker to determine ..."? I fear that without the "specified backing broker" language, the difference between Broker and broker will be confused.
| an instance of a service class. The `Instance` has a reference to the | ||
| `ServiceClass` to provision an instance of. | ||
|
|
||
| The service catalog controller has a watch on the `Instance` resource and |
There was a problem hiding this comment.
I think we should make the watch more explicit: "...has a watch on Instance resources..."
| to be discussed later) | ||
| 1. Updates the `Binding`'s status section with the fully qualified path to the | ||
| aforementioned secret | ||
| The service catalog controller has a watch on the `Binding` resource. When the |
There was a problem hiding this comment.
same here RE being explicit about the watch: "... has a watch on Binding resources ..."
refine preparing for and running e2e. Save off key artifacts
… (CRDs) solution (#2630) * Add basic validation to crds * Add webhook skeleton, remove api-server from chart, add webhoook server in chart, move PrepareForCreate login into webhook handler (#2) * Add webhook skeleton, remove api-server from chart, add webhoook server in chart, move PrepareForCreate login into webhook handler * Add logger and GVK matcher * Add test coverage for webhook (#6) * Add Status entry initialization in binding and instance controller (#5) * Change fs to label selector (#9) * Fix removing finalizer after switching to CRD /status sub-resource (#8) * Add tests to webhooks (#11) * Replace changevalidator with webhook (#14) * Replace default service plan with webhook (#10) * Add tests to webhooks - fix * Rewrite defaultServicePlan feature to webhook * Replace plugins by webhook (#16) * Replace ServiceBinding plugin by webhook * Replace Broker plugins by webhook * Adjust webhooks to multi validation handlers * Service Catalog going towards to CRDs (#18) * Migrate registry/strategy Updates to webhooks (#17) * Use Update instead of updateReference method (#19) * Replace tableconvertor with APC (#20) * Fix svcat tests after the rebase with the upstream master branch * Pre delete jobs - remove CRD after delete helm release (#21) * Apply fixes after executing `make verify` * Create docs about webhook implementation (#24) * Change the securePort for the webhook server because colidates with old api-server * Change import paths to kubernetes-sigs, and rebase with master * Apply fixes after rebase Fixes: * makefile targets, * instance deprovision operation * entries under additionalPrinterColumns in crds.yaml * unit tests after rebase * Update documentation (#40) * Update docs * Fix vendor after rebase with k8s 1.15 bump * Apply changes after review - remove the contrib/hack/crd folder - remove reference to Kyma project - rebase with current master - restore the image in chart - extract CRDs defintion to dedicated folder
Builds upon #31 to clarify and further elaborate on messages flow and API server / controller interactions.