-
Notifications
You must be signed in to change notification settings - Fork 38.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Large CRDs go over size limits (e.g. those with embedded podspecs) #82292
Comments
/sig api-machinery |
/cc |
@sttts we can probably lessen the CRD size by supporting |
/assign @liggitt |
/cc |
/assign |
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
/remove-lifecycle stale |
The It doesn't seem like it would help with the problem where descriptions are simply too long, but where you want to include the rest of the Since As a hack, verbose descriptions could be by convention replaced with short links, like this: apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
# ...
spec:
versions:
- name: v1beta1
schema:
openAPIV3Schema:
properties:
# ...
spec:
properties:
replicas:
description: |-
How many replicas. See http://bitly.com/w34kjkj. But, this isn't ideal for tools that need to further process the CRD like docs generators or the API Server itself when it converts them to |
The biggest
Generally, even with long descriptions, you don't start to hit the limit till you include other types, from what I've seen. Mainly, most folks haven't hit limits till they've involved core types and flattening (which increases duplication since re-used types aren't deduped, even inside the same CRD). |
Here is some data on the sizes of CRDs in the wild.
This data is from October of last year and covers 5606 different group/kinds. |
At the time I gathered that data, one of the largest CRDs was prometheus.monitoring.coreos.com, at a side of 199408 Bytes. Today it has grown to 346389 Bytes. |
Some other large CRDs are listed, and all use pod templates or parts of pod templates:
|
Here is a possible workaround, which would be much simpler than introducing references, and could tide users over until SSA is widely available. It would be a comment tag that controller-gen would recognize and it would recursively strip comments from a message. So you would do something like:
|
Here is a size distribution for CRDs that don't include pod templates or volume templates.
Here is the largest of those ( 171823B in my dataset, has grown to 270142B since ): |
The Strimzi Kafkas CRD, as of 0.22.1 (https://github.com/strimzi/strimzi-kafka-operator/releases) is 1,231,093 bytes. They're also, IIUC, generated from Java, so Go comment based solutions won't help. |
Over in KubeBuilder land, we've started to see issues around very large validation blocks going over size limits. Thus far, it's mainly just been the client-size-apply-induced annotation limit, but I worry that when we start getting multiple versions we might go over the 1M limit. For instance, see kubernetes-sigs/kubebuilder#962, which has single-version 700k CRD, due to the large validation schema.
So far, we've mostly been able to solve the issues by partially or fully truncating the field descriptions, but this seems suboptimal, since you're basically saying "you don't get API docs now".
From what I've seen so far, the issues are usually hit with things like PodSpec (e.g. we hit the client-side-apply annotation limit with our conversion of CronJob in our tutorial when we introduced a new version).
Worst comes to worst, we can add more pruning in controller-tools/kubebuilder, but I was wondering if some folks had better ideas or more discussion upstream.
Refs (#62872) could help alleviate this a bit in the case of multiple podspecs, but don't solve the problem entirely (unless we get cross-object refs, which have previously been rejected).
Increasing the object size avoids the issue we haven't hit yet, but won't solve the client-side-apply annotation limit issue. Practically even though SSA will get here eventually, folks are going to be using pre-SSA kubectls for a while, I expect.
TL;DR: Pod spec validation makes CRDs large, any suggestions?
/sig api-machinery
The text was updated successfully, but these errors were encountered: