The metadata.generation of a Custom Resource is always incremented

[caesarxuchao]

The old behavior is that the metadata.generation never changes if the user doesn't participate the spec/status convention. See the release note for the new behavior.

We changed when the `metadata.generation` of a custom resource (CR) increments.

If the CR participates the spec/status convention, the metadata.generation of the CR increments when there is any change, except for the changes to the metadata or the changes to the status.

If the CR does not participate the spec/status convention, the metadata.generation of the CR increments when there is any change to the CR, except for changes to the metadata.

A CR is considered to participate the spec/status convention if and only if the "CustomResourceSubresources" feature gate is turned on and the CRD has `.spec.subresources.status={}`.

/assign @nikhita @mbohlool
/sig api-machinery

[neolit123]

/kind bug

[nikhita]

A CR can have the .status field, while opted-out of the /status endpoint. User would expect the metadata.generation to auto-increment.

My understanding is that .metadata.generation should be incremented only when the user specifically says that they want to follow spec/status conventions - which means they need to explicitly set the .subresources.status field in the CRD and opt-in to /status. Enabling the feature gate does not guarantee a status subresource because it could also mean that they only want to enable /scale.

Related: #58778 (comment)

[caesarxuchao]

I almost forgot I had this early involvement in the 58778 :)

I think our disagreement is what signals the CR is following the spec/status convention. I think a CR that has a top level spec and status field is ready to follow the spec/status convention. But the current code assumes that's not enough. The current code assumes the signal is the enablement of the /status subresource.

Taking one step back, what's wrong if the generation is always auto-incremented, even if the CR doesn't follow the spec/status convention? The field isn't writable by users anyway.

[enisoc]

@caesarxuchao Do you have a use case in mind for wanting generation to increment even if the CRD author did not explicitly opt into the full spec/status convention (by enabling /status subresource)?

We intentionally chose not to infer that the CRD author wants to use the spec/status convention just because they have fields named spec and/or status. That would make it impossible to use those field names without participating in the convention, which would be a backwards-incompatible change.

Or are you just saying it's a confusing UX that you have to turn on a subresource to opt into the spec/status convention? If that's the case, perhaps there could be a separate field to enable generation for spec without enabling the /status subresource, with validation that you can't have the subresource without having generation too. I'm not aware of a strong use case for wanting those things separately, though.

[caesarxuchao]

Maybe users just want to see how many times the spec has been changed.

The explanation in the second paragraph makes sense.

It's a confusing UX that I have to turn on a subresource to make apiserver manages my generation. Adding a specific field to turn on generation management is better than the status quo. But why is it bad to always let the apiserver manage the generation field as long as the CR has the spec field?

[nikhita]

I almost forgot I had this early involvement in the 58778 :)

:)

If that's the case, perhaps there could be a separate field to enable generation for spec without enabling the /status subresource, with validation that you can't have the subresource without having generation too.

IMHO adding a new field is too much complexity for this.

But why is it bad to always let the apiserver manage the generation field as long as the CR has the spec field?

Thinking about this more, this makes sense but I still have one concern.

The current behaviour is to increment the generation if the user opts in to /status i.e. they opt-in to spec and status conventions. We did this because the general expectation is that metadata.generation will be useful in a controller with a corresponding status.observedGeneration (which implies that the user should also opt-in to status). This is also what #58778 (comment) said.

But metadata.generation is technically a "per object sequence number" (taking the terminology from #7328). The sequence number of an object should not depend on the presence of status.observedGeneration. It should increment with every spec change, irrespective of whether it will prove useful.

This means that we just require the user to opt-in to spec conventions. Opting in to status conventions should not be a requirement. .spec holds special meaning for both /status and /scale. So, if one of these is enabled, I think we should increment generation.

My only concern is that just enabling the feature without opting in to /status or /scale doesn't guarantee that I want to follow spec conventions. Right now, enabling the feature gate does not hold much meaning unless the user specifically opts-in to either one of the subresources.

That would make it impossible to use those field names without participating in the convention, which would be a backwards-incompatible change.

With this change, we redefine the feature gate to also mean that .spec will participate in the spec conventions. I'm concerned that it will be a backwards-incompatible change.

(But this doesn't really help your use case :/)

[nikhita]

/area custom-resources

[caesarxuchao]

My only concern is that just enabling the feature without opting in to /status or /scale doesn't guarantee that I want to follow spec conventions.

I agree that the CustomResourceSubresource feature flag doesn't imply if user wants to follow the spec conventions. I updated the code to always increment generation as long as spec is changed, no matter if the CustomResourceSubresource feature flag is enabled, and no matter if /status is installed. This unconditional increment is similar to PrepareForCreate, where the apiserver always sets generation to 1.

RE. backwards compatibility, I think unconditional increment is ok, because I can't find any reason why a user would depend on .generation always being 1.

[caesarxuchao]

/retest

[enisoc]

I could buy that it makes sense to always increment generation, but if the user does not explicitly opt into spec/status convention, I argue we should increment if anything changes, rather than treating a duck-typed spec field specially.

The API reference defines generation as:

A sequence number representing a specific generation of the desired state. [emphasis added]

If a resource does not participate in the spec/status convention, which for backwards compatibility we have to assume if they do not explicitly opt in, then the default meaning of "desired state" is the entire object.

The only reason we treat spec specially is because, in the spec/status convention, status is set aside as a part of the object that does not represent desired state. If there's no status, there's nothing special about spec; the entire object is desired state. That's why it makes sense to tie "ignore status when incrementing generation" together with "turn on the /status subresource that only touches status", and "prevent status modification via the main resource".

[caesarxuchao]

@enisoc, I agree with your reasoning in #69059 (comment).

However, I'm concerned with UX. The effect of crd.spec.subresources.status becomes very subtle. It decides the meaning of generation. Maybe my view is biased, this is how I came across this issue: I was experimenting with CR, I created it with .spec and .status. I didn't need a /status subresource initially. I would be surprised if changes to .status caused metadata.generation to increment. It's actually more surprising than the current behavior. OTOH, introducing crd.spec.follow-spec-convention sounds overly complicated.

[enisoc]

I created it with .spec and .status. I didn't need a /status subresource initially.

Even if you didn't need it, or if a hypothetical user doesn't know they need it, we wanted to force you to have a /status subresource before taking any action that would imply you have spec/status support in your custom resource.

One of our design goals was to treat "spec/status convention" as a holistic set of behaviors, which includes a /status subresource and special treatment of metadata.generation (modifying the default assumption that the whole object is part of "desired state"). We wanted to discourage people from opting in to only bits and pieces of the overall convention.

In retrospect, maybe we should have made it controlled by a top-level field like spec.useSpecStatus instead of burying it in spec.subresources.status, but I still would not want people to think they are participating in spec/status ("I magically got the special metadata.generation behavior, so I guess I'm good") without having a /status subresource.

I would be surprised if changes to .status caused metadata.generation to increment.

You're much more familiar with the inner workings of core controllers, though. If I try to imagine I'm a typical user, and I see this is how metadata.generation is defined:

A sequence number representing a specific generation of the desired state.

I would argue that typical user would be surprised if certain fields were treated specially by default. There's no mention in that definition of spec or status. Why isn't generation incrementing when I update my top-level .image field?

[smarterclayton]

We don’t require that all objects have spec and status, nor do we require that status be paired with spec, but we very strongly suggest both.

However, we do not bump generation when metadata is changed, so neither labels and annotations can be input to generation, even though in practice many controllers may rely on that action.

I would probably be inclined to have generation be bumped on CRDs be bumped when any non metadata field is updated, and if status is defined, any non-metadata, non-status field is updated.

[caesarxuchao]

@enisoc PTAL. The new behavior is close to what you and Clayton described. Thanks.

[caesarxuchao]

/retest

[caesarxuchao]

/retest

[caesarxuchao]

The failed integration test has nothing to do with this PR:

I1012 17:48:16.994] apps.sh:515: FAIL!
I1012 17:48:16.994] Get pods -l "tier=frontend" {{range.items}}{{(index .spec.containers 0).name}}:{{end}}
I1012 17:48:16.994]   Expected: php-redis:php-redis:php-redis:
I1012 17:48:16.995]   Got:  

I'll retry later.

[caesarxuchao]

@enisoc I updated the code to what you suggested, PTAL. Thanks.

[enisoc]

/lgtm

[enisoc]

Nit: The bool var doesn't seem necessary anymore. Can't you just put this block under if !DeepEqual?

[caesarxuchao]

Done. Mind applying the lgtm again? Thanks.

[enisoc]

/lgtm

[caesarxuchao]

/retest

[sttts]

no need for a deepcopy here. Do a shallow-copy of the top-level map instead.

[caesarxuchao]

Done.

[sttts]

wow, two 5 line helpers for expressions that are one-liners: map[string]interface{}{"generation": int64(1)}.

[caesarxuchao]

I would trade 15 long one-liners with 2 five-line helpers :)

[sttts]

Looks good overall. Some nits.

[nikhita]

Lgtm from my side. Can't tag because GH is down.

[nikhita]

/lgtm

[nikhita]

@sttts can you approve?

[caesarxuchao]

@sttts can you approve? Thanks.

[sttts]

/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: caesarxuchao, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• staging/src/k8s.io/apiextensions-apiserver/OWNERS [sttts]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[nikhita]

/retest