Adding a propsal for changing the KRO instance and resource labels #639
Conversation
barney-s
force-pushed
the
labels-proposal
branch
from
b2f9271 to
c6397ab
Compare
- Based on proposal: kubernetes-sigs#639 - Move to new labels and remove old labels - Add new testcase for nested RGD and update existing testcase labels - Have separate instance labellers for different reconcile paths. This is needed when we have RGD2 instance in RGD1 resources. Today both paths use the same label resulting in conflict. path 1: RGD2.instance created as part of an RGD1 instance reconciliation path 2: RGD2.instance reconciled by RGD2 reconciler
- Based on proposal: kubernetes-sigs#639 - Move to new labels and remove old labels - Add new testcase for nested RGD and update existing testcase labels - Have separate instance labellers for different reconcile paths. This is needed when we have RGD2 instance in RGD1 resources. Today both paths use the same label resulting in conflict. path 1: RGD2.instance created as part of an RGD1 instance reconciliation path 2: RGD2.instance reconciled by RGD2 reconciler
- Based on proposal: kubernetes-sigs#639 - Move to new labels - Add deprecate TODO for old labels - Add new testcase for nested RGD and update existing testcase labels - Have separate instance labellers for different reconcile paths. This is needed when we have RGD2 instance in RGD1 resources. Today both paths use the same label resulting in conflict. path 1: RGD2.instance created as part of an RGD1 instance reconciliation path 2: RGD2.instance reconciled by RGD2 reconciler
- Based on proposal: kubernetes-sigs#639 - Move to new labels - Add deprecate TODO for old labels - Add new testcase for nested RGD and update existing testcase labels - Have separate instance labellers for different reconcile paths. This is needed when we have RGD2 instance in RGD1 resources. Today both paths use the same label resulting in conflict. path 1: RGD2.instance created as part of an RGD1 instance reconciliation path 2: RGD2.instance reconciled by RGD2 reconciler
- Based on proposal: kubernetes-sigs#639 - Move to new labels - Add deprecate TODO for old labels - Add new testcase for nested RGD and update existing testcase labels - Have separate instance labellers for different reconcile paths. This is needed when we have RGD2 instance in RGD1 resources. Today both paths use the same label resulting in conflict. path 1: RGD2.instance created as part of an RGD1 instance reconciliation path 2: RGD2.instance reconciled by RGD2 reconciler
- Based on proposal: kubernetes-sigs#639 - Move to new labels - Add deprecate TODO for old labels - Add new testcase for nested RGD and update existing testcase labels - Add docs - Have separate instance labellers for different reconcile paths. This is needed when we have RGD2 instance in RGD1 resources. Today both paths use the same label resulting in conflict. path 1: RGD2.instance created as part of an RGD1 instance reconciliation path 2: RGD2.instance reconciled by RGD2 reconciler
| - `kro.run/reconciled-by-rgd` | ||
| - **Value:** The name of the ResourceGraphDefinition (e.g., `my-rgd-name`). | ||
| - **Purpose:** To indicate that an instance is being actively reconciled against a specific RGD. This label will be applied to the instance itself. | ||
| - **Alternative Names:** |
There was a problem hiding this comment.
are these alternative names set too or are these just suggestions? I would prefer to limit us to one.
| - **Purpose:** To identify which RGD was used as a template to create a resource during the reconciliation of an instance. This label will be applied to all resources created by the instance controller. | ||
| - **Alternative Names:** | ||
| - kro.run/created-by-rgd | ||
| - kro.run/managed-by-rgd |
There was a problem hiding this comment.
I think managed-by probably fits best since we continuously work on it
There was a problem hiding this comment.
I think if we have kro.run/managed-by-rgd it could be reused for the instance too. Is there a specific need to have two labels here?
| - kro.run/instance-namespace: default | ||
| - **Proposed Labels:** | ||
| - `kro.run/managed-by-instance-group`: The API group of the instance (e.g., `mygroup.example.com`). | ||
| - `kro.run/managed-by-instance-kind`: The kind of the instance (e.g., `MyKind`). |
There was a problem hiding this comment.
if you define a group+kind, don't you also need to define a version?
There was a problem hiding this comment.
How about:
kro.run/instance: production/my-web-app # namespace/name format
kro.run/instance-gvk: myapp.io/v1/WebService # optional for additional context ?There was a problem hiding this comment.
another approach would be to just include an RGD ref?
| - `kro.run/owner-` | ||
| - `kro.run/created-by-` | ||
|
|
||
| ## Other solutions considered |
There was a problem hiding this comment.
Im wondering if it doesn't make sense to reuse the kubernetes labels or at least co-apply them. Im sure you thought about this too so it would be good to have a thought about this in the proposal
There was a problem hiding this comment.
+1 here i would love for us to adopt k8s standard labels. at least the app.kuberentes.io/managed-by and app.kubernets.io/part-of
|
Unknown CLA label state. Rechecking for CLA labels. Send feedback to sig-contributor-experience at kubernetes/community. /check-cla |
k8s-ci-robot
added
the
cncf-cla: yes
There was a problem hiding this comment.
Thanks for putting this together @barney-s ! you've identified an important issue - the current labeling scheme is definitely confusing with both resource-graph-definition-id and resource-graph-definition-name without clear semantics.
|
|
||
| 1. **Label for an instance being reconciled:** | ||
| - **Existing Labels:** | ||
| - kro.run/resource-graph-definition-id: 761e8fb7-14d5-4da1-b4f9-0a16fc334d6c |
There was a problem hiding this comment.
I wanted to add some context about why I originally introduced the RGD ID label. The goal was to help the controller detect when RGDs are deleted and recreated, which creates completely new RGDs and can trigger unwanted cleanup. I was thinking we could have an RGD annotation like kro.run/allow-recreation (or maybe kro.run/allow-rgd-replacement?) that users would need to explicitly set. Without this annotation, kro would reject the recreation as a conflict to prevent accidental data loss. cc @matthchr @jakobmoellerdev @n3wscott
There was a problem hiding this comment.
This might influence how we think about the labeling scheme - we still need some way to track RGD identity beyond just the name. but i fully agree the current implementation could be clearer
There was a problem hiding this comment.
I think the Kubernetes UID field is sufficient for this purpose because it is effectively an ID that gets recreated when the object is recreated. Any specific reason why you would want to roll your own?
| - kro.run/instance-namespace: default | ||
| - **Proposed Labels:** | ||
| - `kro.run/managed-by-instance-group`: The API group of the instance (e.g., `mygroup.example.com`). | ||
| - `kro.run/managed-by-instance-kind`: The kind of the instance (e.g., `MyKind`). |
There was a problem hiding this comment.
How about:
kro.run/instance: production/my-web-app # namespace/name format
kro.run/instance-gvk: myapp.io/v1/WebService # optional for additional context ?| - kro.run/instance-namespace: default | ||
| - **Proposed Labels:** | ||
| - `kro.run/managed-by-instance-group`: The API group of the instance (e.g., `mygroup.example.com`). | ||
| - `kro.run/managed-by-instance-kind`: The kind of the instance (e.g., `MyKind`). |
There was a problem hiding this comment.
another approach would be to just include an RGD ref?
| - `kro.run/owner-` | ||
| - `kro.run/created-by-` | ||
|
|
||
| ## Other solutions considered |
There was a problem hiding this comment.
+1 here i would love for us to adopt k8s standard labels. at least the app.kuberentes.io/managed-by and app.kubernets.io/part-of
|
|
||
| This aligns with the common Kubernetes practice of using labels for discovery and organization of related resources, as seen in tools like Helm and Kustomize. | ||
|
|
||
| #### Design details |
There was a problem hiding this comment.
should we have a section addressing deeply nested RGDs (3+ levels)? thinking what happens when RGD1 creates an RGD2 instance, which creates an RGD3 instance, which creates an RGD4 instance ? With the two label scheme, we lose the intermediate relationships e.g an RGD4 instance would only show it was defined by RGD3 and controlled by RGD4, with no trace of RGD1 or RGD2. this means queries like "show me all resources that originated from RGD1, including those created indirectly through nested RGDs" won't be possible - which is fine, but worth noting.
There was a problem hiding this comment.
We could get around this by having a root RGD, although this starts to get reaaaally complicated by then :D
- Based on proposal: kubernetes-sigs#639 - Move to new labels - Add deprecate TODO for old labels - Add new testcase for nested RGD and update existing testcase labels - Add docs - Have separate instance labellers for different reconcile paths. This is needed when we have RGD2 instance in RGD1 resources. Today both paths use the same label resulting in conflict. path 1: RGD2.instance created as part of an RGD1 instance reconciliation path 2: RGD2.instance reconciled by RGD2 reconciler
Related PR that triggered this doc: #631