-
Notifications
You must be signed in to change notification settings - Fork 858
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Feat: support shared-resource policy #4213
Conversation
Codecov Report
@@ Coverage Diff @@
## master #4213 +/- ##
==========================================
+ Coverage 58.11% 60.30% +2.18%
==========================================
Files 327 334 +7
Lines 32130 32366 +236
==========================================
+ Hits 18672 19517 +845
+ Misses 11003 10309 -694
- Partials 2455 2540 +85
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
f69a534
to
6cfef72
Compare
f641cfd
to
50c835d
Compare
1eee997
to
87f0631
Compare
Signed-off-by: Somefive <yd219913@alibaba-inc.com>
87f0631
to
7da8752
Compare
@@ -53,3 +57,23 @@ type OverridePolicySpec struct { | |||
Components []EnvComponentPatch `json:"components,omitempty"` | |||
Selector []string `json:"selector,omitempty"` | |||
} | |||
|
|||
// SharedResourcePolicySpec defines the spec of shared-resource policy | |||
type SharedResourcePolicySpec struct { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should create the definition for this policy.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shared-resource is an advanced feature. Let's reserve the creation of the policy definition in the future. (Another Issue will be launched for this.)
Signed-off-by: Somefive yd219913@alibaba-inc.com
Description of your changes
Background
In KubeVela, by default, application owns resources.
It means that resources create by the application should only be controlled by the application that creates it.
So there are basically two requirements for application creating resources:
While dispatching resources, the application will
If "app.oam.dev/name" and "app.oam.dev/namespace" equals to the application's name and namespace, it means this resource is previously created by the same application and the dispatching operation now will become an update operation.
The two labels identify the owner of the resource.
With these checks, different applications cannot manage the same resource.
Usage
However, there are scenarios that these two requirements are not met. One of the scenarios is sharing across different Applications.
For example, each application wants to create a ConfigMap, but their ConfigMaps are the same.
To achieve that, KubeVela application could utilize the
shared-resource
policy to make it possible.create
When one resource is created as sharing resource, one special annotation
app.oam.dev/shared-by
will be added to the resource.It will record the "sharer" of the resource in time order. The application that firstly creates the resource will set its owner labels to itself.
Then it will add itself to the sharer annotation.
share
When another application comes and wants to share the resource, it will check if the resource is sharable, aka there is at least one sharer in the sharer annotation.
If it is sharable, it will add itself to the sharer annotation, but not modify the content of the resource.
delete
With this mechanism, only the owner of the resource can modify the resource (including updating and state-keeping). Other sharer can only see that resource.
When the owner of the resource is gone (application is deleted or do not use this resource anymore), it will give the owner of the application to the next sharer. If no sharer exists, it will finally delete that resource.
See the following figures for details.
Example
The above two applications will dispatch the same namespace "example".
They will create two different ConfigMap inside namespace "example" respectively.
Both application use the
shared-resource
policy and declared the namespace resource as shared.In this way, there will be no conflict for creating the same namespace.
If the
shared-resource
policy is not used, the second application will report error after it finds that the namespace "example" is managed by the first application.The namespace will only be recycled when both applications are removed.
I have:
make reviewable
to ensure this PR is ready for review.backport release-x.y
labels to auto-backport this PR if necessary.How has this code been tested
Special notes for your reviewer