openapi: reference shared parameters

[sttts]

Reducing the v2 spec size by 55%.

Shrink the OpenAPI v2 spec by more than 50%, especially for less CPU resource consumption.

Depends on kubernetes/kube-openapi#411.

The OpenAPI diff: https://gist.github.com/sttts/97df5c47d2a68084cf9f65d09f9f59f6

[Jefftree]

This looks great, some overall questions:

• Have you looked into integrating this functionality in the builder as well? If we can say reduce the size of the individual specs to be downloaded and aggregated, would that have a big impact on performance numbers? Not suggesting that we should do it, just wondering if it was something considered.
• Do clients support resolving parameters (do we need to update them + @seans3)? By definition, this new version adheres to the swagger specification, but clients may still attempt to naively try to access all the parameters.

[apelisse]

Have you looked into integrating this functionality in the builder as well? If we can say reduce the size of the individual specs to be downloaded and aggregated, would that have a big impact on performance numbers? Not suggesting that we should do it, just wondering if it was something considered.

Yeah, ideally I think that should be done much earlier in the process if possible, since this is looking at all paths and marshalling the parameters to see how they are, I'm concerned this is going to be super expensive to run on every single aggregation.

Do clients support resolving parameters (do we need to update them + @seans3)? By definition, this new version adheres to the swagger specification, but clients may still attempt to naively try to access all the parameters.

I'm pretty sure Sean's client is going to fail unfortunately, and I suspect there might be others that would fail too.

[sttts]

I'm pretty sure Sean's client is going to fail unfortunately, and I suspect there might be others that would fail too.

It's valid OpenAPI. If they fail, they should fix it. Nothing should depend on our concrete shape of the spec.

[sttts]

Have you looked into integrating this functionality in the builder as well? If we can say reduce the size of the individual specs to be downloaded and aggregated, would that have a big impact on performance numbers? Not suggesting that we should do it, just wondering if it was something considered.

I looked into the builder. Doing that in the builder is much trickier. The builder might differ between aggregated apiserver and kube-apiserver. And we would have to know the set of shared parameters very early, maybe statically via generation. It's certainly possible to push it earlier in generation, but it's a lot more complicated. Am not sure about the value vs. effort.

[apelisse]

It's valid OpenAPI. If they fail, they should fix it. Nothing should depend on our concrete shape of the spec.

I don't disagree, it shouldn't stop us from doing the right thing, but we need to consider it.

[sttts]

Also, if we support shared parameters from aggregation (today we don't, we just drop those and leave dangling references), we need unification, i.e. something similar we do for the definitions today. An aggregated apiserver can have its own ObjectMeta schema, and the code figures it out to have another definition for that special ObjectMeta. That will add another cost to the merging.

[apelisse]

@Jefftree Do we have anything useful to benchmark the aggregation loop? I think I remember you had mentioned something like this at some point?

[Jefftree]

It's valid OpenAPI. If they fail, they should fix it. Nothing should depend on our concrete shape of the spec.

I don't disagree, it shouldn't stop us from doing the right thing, but we need to consider it.

Right, we don't exactly want to be breaking clients using a GA feature so we'll have to carefully how we want to move forward.

@Jefftree Do we have anything useful to benchmark the aggregation loop? I think I remember you had mentioned something like this at some point?

I had some basic code to run our OpenAPI tests in benchmark mode. Unfortunately it had some pretty high variance because of the setup overhead all the other stuff going on in the background. I do really want to come up with a good way of benchmarking, but at the moment pprof is still the most reliable way. @sttts out of curiosity, how did you perform the benchmarks for this PR?

[sttts]

out of curiosity, how did you perform the benchmarks for this PR?

Have installed a few hundred CRDs and curl'ed /openapi/v2 and compared the size. Not super systematic. But it's pretty obvious when you look at a spec that a lot of it is just listing parameters. The measurement proved that.

[apelisse]

Yeah, I was looking at it too and it's clear that there's A LOT of parameters being repeated.

[Jefftree]

ack, for the purposes of this PR, running ./hack/update-openapi-spec.sh should suffice for displaying the delta in swagger.json for reviewers.

[cici37]

/triage accepted

[sttts]

ack, for the purposes of this PR, running ./hack/update-openapi-spec.sh should suffice for displaying the delta in swagger.json for reviewers.

pushed.

[sttts]

Rebased to test client generators and compare this PR against master. No difference in output with simple parameter expansion in #118204.

[sttts]

Yeah this will break at least the QueryParamVerifier that we use to check
if validate is available on cluster/resources.

In kubernetes/kube-openapi#415, I exclude the fieldValidation query parameter.

I am worried that this PR has been green. The apply code lacks test coverage it seems.

[sttts]

/retest

[liggitt]

/lgtm
/approve

[k8s-ci-robot]

LGTM label has been added.

Git tree hash: e83dde7a96b5e4565f04052e737708e66e936246

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: alexzielenski, liggitt, sttts

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [liggitt,sttts]
• api/OWNERS [liggitt]
• staging/src/k8s.io/api/OWNERS [liggitt]
• staging/src/k8s.io/apiextensions-apiserver/OWNERS [liggitt,sttts]
• staging/src/k8s.io/apimachinery/OWNERS [liggitt,sttts]
• staging/src/k8s.io/apiserver/OWNERS [liggitt,sttts]
• staging/src/k8s.io/cli-runtime/OWNERS [liggitt]
• staging/src/k8s.io/client-go/OWNERS [liggitt,sttts]
• staging/src/k8s.io/cloud-provider/OWNERS [liggitt]
• staging/src/k8s.io/cluster-bootstrap/OWNERS [liggitt]
• staging/src/k8s.io/code-generator/OWNERS [liggitt,sttts]
• staging/src/k8s.io/component-base/OWNERS [liggitt]
• staging/src/k8s.io/component-helpers/OWNERS [liggitt]
• staging/src/k8s.io/controller-manager/OWNERS [liggitt,sttts]
• staging/src/k8s.io/csi-translation-lib/OWNERS [liggitt]
• staging/src/k8s.io/dynamic-resource-allocation/OWNERS [liggitt]
• staging/src/k8s.io/endpointslice/OWNERS [liggitt]
• staging/src/k8s.io/kms/OWNERS [liggitt]
• staging/src/k8s.io/kube-aggregator/OWNERS [liggitt,sttts]
• staging/src/k8s.io/kube-controller-manager/OWNERS [liggitt,sttts]
• staging/src/k8s.io/kube-proxy/OWNERS [liggitt,sttts]
• staging/src/k8s.io/kube-scheduler/OWNERS [liggitt,sttts]
• staging/src/k8s.io/kubectl/OWNERS [liggitt]
• staging/src/k8s.io/kubelet/OWNERS [liggitt,sttts]
• staging/src/k8s.io/legacy-cloud-providers/OWNERS [liggitt]
• staging/src/k8s.io/metrics/OWNERS [liggitt]
• staging/src/k8s.io/pod-security-admission/OWNERS [liggitt]
• staging/src/k8s.io/sample-apiserver/OWNERS [liggitt,sttts]
• staging/src/k8s.io/sample-cli-plugin/OWNERS [liggitt]
• staging/src/k8s.io/sample-controller/OWNERS [liggitt,sttts]
• vendor/OWNERS [liggitt,sttts]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment