Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support generic resource references in name reference tracking #3418

Open
yhrn opened this issue Jan 5, 2021 · 20 comments
Open

Support generic resource references in name reference tracking #3418

yhrn opened this issue Jan 5, 2021 · 20 comments
Assignees
@natasha41575
Labels
area/api issues for api module kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.

Comments

@yhrn
Copy link
Contributor

yhrn commented Jan 5, 2021
edited

Is your feature request related to a problem? Please describe.

We are working a lot with Google Config Connector and many of the CRDs include references to other resources. In some cases the type of the reference target is implied and in these cases Kustomize's name reference transformer can easily be configured to understand the reference and support prefixing/suffixing. However, for some cases a CR can reference an arbitrary resource by specifying apiVersion/kind in addition to the name, e.g. an IAMPolicyMember which can reference any of ~100 different resource kinds, there seems to be no clean way of configuring name transformation. See below for an example:

apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMPolicyMember
metadata:
  name: iampolicymember-sample-pubsubadmin
spec:
  member: serviceAccount:iampolicymember-dep-pubsub@some-project.iam.gserviceaccount.com
  role: roles/editor
  resourceRef:
    apiVersion: pubsub.cnrm.cloud.google.com/v1beta1
    kind: PubSubTopic
    name: iampolicymember-dep-pubsubadmin

Describe the solution you'd like

It would be great if nameReference supported picking up the target kind/apiVersion/group/version via the field specs instead.
@Shell32-Natsu Shell32-Natsu added area/api issues for api module kind/feature Categorizes issue or PR as related to a new feature. triage/under-consideration labels Jan 5, 2021
@Shell32-Natsu
Copy link
Contributor

@natasha41575 Is this related to #3280?

@natasha41575
Copy link
Contributor

@Shell32-Natsu tangentially related to #3280 only in that they both deal with refactoring the name reference transformer. Apart from that I don't think the solutions overlap

@yhrn
Copy link
Contributor Author

yhrn commented Jan 7, 2021
edited

One more thing to consider here if we're talking refactoring is that currently the namespace of a reference has to be handled by a separate namespace transformer. I think this happens to work in most cases because typically name transformations are applied the same way across all resources in a Kustomization but it feels a bit fragile.

It would feel more natural if there was a reference transformer that understood referencing via the complete set of attributes needed to identify an object; name, namespace, kind and group. I'm not sure if version is really relevant for identifying an object but references typically use apiVersion which drags it in anyway so it probably needs to be dealt with somehow.

@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 7, 2021
@yhrn
Copy link
Contributor Author

yhrn commented Apr 12, 2021

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Apr 12, 2021
@yhrn
Copy link
Contributor Author

yhrn commented Apr 12, 2021
edited

Sorry if I appear to be nagging but I'm not sure how the triage process works here. Is this something you would consider adding? It's a pretty important use case for us and I think it would make Kustomize a much more powerful tool when used together with Google Config Connector resources and probably other similar products for other cloud vendors.

@Shell32-Natsu Shell32-Natsu added the help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. label Apr 12, 2021
@Shell32-Natsu
Copy link
Contributor

@yhrn I apologize for the situation. We are in an extremely short of hands. Our resources are mainly focusing on fixing bugs and refactoring to re-integrate with kubectl. We hope we can eventually add more new features like this.

@yhrn
Copy link
Contributor Author

yhrn commented Apr 12, 2021

@Shell32-Natsu thanks for the response and I understand. But I take it that you agree that the functionality would make sense then.

@Shell32-Natsu
Copy link
Contributor

@monopole Could you please take a look if you have time?

@yhrn yhrn mentioned this issue May 18, 2021
Closed
@monopole monopole self-assigned this May 27, 2021
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 25, 2021
@yhrn
Copy link
Contributor Author

yhrn commented Aug 25, 2021

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 25, 2021
@natasha41575 natasha41575 added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed help wanted Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines. triage/under-consideration labels Sep 20, 2021
@KnVerey KnVerey mentioned this issue Nov 12, 2021
Closed
@KnVerey
Copy link
Contributor

KnVerey commented Nov 12, 2021

Note that the problem of generic resource reference support is not exclusive to CRDs, as some built-in types contain generic references. See #4254 for an example of how this is currently causing a problem.

/retitle Support generic resource references in name reference tracking

@k8s-ci-robot k8s-ci-robot changed the title Support CRDs with generic resource references Support generic resource references in name reference tracking Nov 12, 2021
@KnVerey KnVerey mentioned this issue Dec 22, 2021
Closed
@KnVerey KnVerey added the kind/bug Categorizes issue or PR as related to a bug. label Dec 22, 2021
@natasha41575
Copy link
Contributor

/lifecycle frozen

@k8s-ci-robot k8s-ci-robot added the lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. label Jan 6, 2022
@Serializator Serializator mentioned this issue Jan 10, 2022
Closed
@natasha41575 natasha41575 removed the kind/bug Categorizes issue or PR as related to a bug. label Jan 11, 2022
@natasha41575
Copy link
Contributor

I am working on a design proposal to resolve this issue - it will be submitted as a KEP when it is ready. Thank you for your patience, I know it's been a really long wait for this feature.

@natasha41575 natasha41575 mentioned this issue Jan 12, 2022
Open
@KnVerey KnVerey mentioned this issue Jan 26, 2022
Closed
@KnVerey KnVerey mentioned this issue Feb 4, 2022
Open
@apelisse
Copy link

I am working on a design proposal to resolve this issue - it will be submitted as a KEP when it is ready. Thank you for your patience, I know it's been a really long wait for this feature.

Please keep me in the loop, I've seen various efforts related to this and would love to see one succeed.

@natasha41575
Copy link
Contributor

natasha41575 commented Feb 11, 2022
edited

@apelisse There are still various discussions going on internally, and I was thinking about somehow supporting this feature through the openapi field (which is where we currently support custom merge keys). I remember at one point seeing a document - possibly authored by you - regarding including object references in the openapi data served by the apiserver. Has there been any news on that effort?

@k8s-triage-robot
Copy link

This issue has not been updated in over 1 year, and should be re-triaged.

You can:

  • Confirm that this issue is still relevant with /triage accepted (org members only)
  • Close this issue with /close

For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/

/remove-triage accepted

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. and removed triage/accepted Indicates an issue or PR is ready to be actively worked on. labels Feb 11, 2023
@apelisse
Copy link

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Feb 14, 2023
@davinkevin
Copy link

I do a +1 on this issue, especially for the part about role described in #4254.

It's very annoying to have this bug, because we want to use the suffix but we also have deployment & others named the same as configMap/Secret… and this is where the bug appears.

Thank you for your work, really hope to see the fix soon for this part 😇

@k8s-triage-robot
Copy link

This issue has not been updated in over 1 year, and should be re-triaged.

You can:

  • Confirm that this issue is still relevant with /triage accepted (org members only)
  • Close this issue with /close

For more details on the triage process, see https://www.kubernetes.dev/docs/guide/issue-triage/

/remove-triage accepted

@k8s-ci-robot k8s-ci-robot added needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. and removed triage/accepted Indicates an issue or PR is ready to be actively worked on. labels May 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@natasha41575 natasha41575

Labels
area/api issues for api module kind/feature Categorizes issue or PR as related to a new feature. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@apelisse @davinkevin @monopole @yhrn @KnVerey @Shell32-Natsu @natasha41575 @k8s-ci-robot @fejta-bot @k8s-triage-robot