|
| 1 | +# API Design |
| 2 | + |
| 3 | +The Search service provides APIs for searching resources and managing the |
| 4 | +resources available to search. Platform operators can quickly use this service |
| 5 | +to search for resources they need across the platform. |
| 6 | + |
| 7 | +## Motivation |
| 8 | + |
| 9 | +The platform supports quick and easy registration of resources though Custom |
| 10 | +Resource Definitions and API aggregation. Given this, it's important our search |
| 11 | +service can adjust dynamically at runtime to resources being indexed and |
| 12 | +searchable so it doesn't require software changes to index new resources. |
| 13 | + |
| 14 | +## Goals |
| 15 | + |
| 16 | +- Introduce a dynamic method of configuring which resources in the platform |
| 17 | + should be indexed and searchable |
| 18 | +- Enable platform operators to quickly search across resource types while also |
| 19 | + allowing field based selection to narrow the scope of the search |
| 20 | +- Support full-text search capabilities configurable through dynamic index |
| 21 | + policies |
| 22 | + |
| 23 | + |
| 24 | +## Proposal |
| 25 | + |
| 26 | +The Search API will initially offer these new API resources to end-users: |
| 27 | + |
| 28 | +- **ResourceIndexPolicy** configures which resources in the platform should be |
| 29 | + indexed and which fields within the resource are applicable to indexing |
| 30 | +- **ResourceSearchQuery** allows users to execute field filtering and full-text |
| 31 | + searching capabilities across all indexed resources |
| 32 | + |
| 33 | + |
| 34 | +> [!IMPORTANT] |
| 35 | +> |
| 36 | +> The system does not support AuthZ based policies to ensure users have access |
| 37 | +> to results returned by search queries. This API should only be used for |
| 38 | +> non-sensitive resources and for internal-use only. |
| 39 | +> |
| 40 | +> This service will be made multi-tenant friendly in the future. |
| 41 | +
|
| 42 | +## Design Details |
| 43 | + |
| 44 | +### Resource index policies |
| 45 | + |
| 46 | +The `ResourceIndexPolicy` resource will be managed by platform operators to |
| 47 | +control which resources in the platform are made available to users. The search |
| 48 | +service will begin indexing a policies immediately after a policy is created. |
| 49 | + |
| 50 | +The resource index policy will allow users to define the resource applicable to |
| 51 | +the index policy and filter resources using CEL expressions. Index policies will |
| 52 | +also allow users to configure which fields from the resource are indexed and how |
| 53 | +they're indexed (field filtering, full-text search, etc.) |
| 54 | + |
| 55 | +Here's an example index policy that would configure search service to index all |
| 56 | +active organizations. |
| 57 | + |
| 58 | +```yaml |
| 59 | +apiVersion: search.miloapis.com/v1alpha1 |
| 60 | +kind: ResourceIndexPolicy |
| 61 | +metadata: |
| 62 | + name: organizations |
| 63 | +spec: |
| 64 | + targetResource: |
| 65 | + group: resourcemanager.miloapis.com |
| 66 | + version: v1alpha1 |
| 67 | + kind: Organization |
| 68 | + conditions: |
| 69 | + # Only index organizations that are active |
| 70 | + - name: ready-only |
| 71 | + expression: status.conditions.exists(c, c.type == 'Ready' && c.status == 'True') |
| 72 | + fields: |
| 73 | + # Index the resource name |
| 74 | + - path: metadata.name |
| 75 | + searchable: true |
| 76 | + filterable: true |
| 77 | + # Index the description of the resource |
| 78 | + - path: metadata.annotations["kubernetes.io/description"] |
| 79 | + searchable: true |
| 80 | + filterable: true |
| 81 | +``` |
| 82 | +
|
| 83 | +The index policy will used a versioned reference to resources since the field |
| 84 | +paths for resources may be different between versions. The system should monitor |
| 85 | +for deprecated resource versions being referenced in index policies. |
0 commit comments