Skip to content

Commit 11b36e8

Browse files
lavalamplavalamp
committed
resolve section, add criteria known so far
1 parent a134f0f commit 11b36e8

File tree

1 file changed

+22
-18
lines changed
  • keps/sig-api-machinery/3903-unknown-version-interoperability-proxy

1 file changed

+22
-18
lines changed

keps/sig-api-machinery/3903-unknown-version-interoperability-proxy/README.md

Lines changed: 22 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -204,6 +204,14 @@ API server change:
204204
with the resources it can serve and receiving a request for a resource
205205
that is not yet available on that apiserver).
206206

207+
* Discovery merging.
208+
209+
- During upgrade or downgrade, it may be the case that no apiserver has a
210+
complete list of available resources. To fix the problems mentioned, it's
211+
necessary that discovery exactly matches the capability of the system. So,
212+
we will use the storage version objects to reconstruct a merged discovery
213+
document and serve that in all apiservers.
214+
207215
### User Stories (Optional)
208216

209217
#### Garbage Collector
@@ -268,24 +276,7 @@ TODO: explanation of how the security handshake between apiservers works.
268276
* generate self-signed cert on startup, put pubkey in apiserver identity lease
269277
object?
270278

271-
### Unresolved (how we will make discovery consistent)
272-
273-
One option is routing discovery requests from old-apiservers to the new api-server,
274-
so that all discovery requests reflect the newest one. We specifically rule out
275-
merging discovery docs, because merging discovery is:
276-
277-
* complicated
278-
* represents an intermediate state which may not even make sense
279-
* the problems that merging discovery solves (i.e. preventing orphaned objects) can actually
280-
be solved by the dynamic feature flag KEP, so solving it here would be redundant and
281-
unnecessarily complex.
282-
283-
By routing all discovery requests to the newest apiserver, we can ensure that namespace and gc
284-
controllers do what they would be doing if the upgrade happened instantaneously.
285-
286-
Alternatively, we can use the storage version objects to reconstruct a merged discovery
287-
document and serve that in all apiservers.
288-
279+
TODO: detailed description of discovery merging. (not scheduled until beta.)
289280

290281
### Test Plan
291282

@@ -362,6 +353,19 @@ We expect no non-infra related flakes in the last month as a GA graduation crite
362353

363354
### Graduation Criteria
364355

356+
#### Alpha
357+
358+
- Proxying implemented (behind feature flag)
359+
360+
#### Beta
361+
362+
- Discovery document merging implemented
363+
- mTLS or other secure system used for proxying
364+
365+
#### GA
366+
367+
- TODO: wait for beta to determine any further criteria
368+
365369
<!--
366370
**Note:** *Not required until targeted at a release.*
367371

0 commit comments

Comments
 (0)