|
1 | 1 | # Implementation guidelines |
2 | 2 |
|
3 | | -There are some general design guidelines used throughout these APIs. |
4 | | - |
5 | | -!!! note |
6 | | - Throughout the Multicluster API documentation and specification, |
7 | | - keywords such as "MUST", "MAY", and "SHOULD" are used |
8 | | - broadly. These should be interpreted as described in RFC 2119. |
9 | | - |
10 | | -## Single resource consistency |
11 | | - |
12 | | -The Kubernetes API guarantees consistency only on a single resource level. There |
13 | | -are a couple of consequences for complex resource graphs as opposed to single |
14 | | -resources: |
15 | | - |
16 | | -* Error checking of properties spanning multiple resource will be asynchronous |
17 | | - and eventually consistent. Simple syntax checks will be possible at the |
18 | | - single resource level, but cross resource dependencies will need to be |
19 | | - handled by the controller. |
20 | | -* Controllers will need to handle broken links between resources and/or |
21 | | - mismatched configuration. |
22 | | - |
23 | | -## Conflicts |
24 | | - |
25 | | -Separation and delegation of responsibility among independent actors (e.g. |
26 | | -between cluster ops and application developers) can result in conflicts in the |
27 | | -configuration. For example, two application teams may inadvertently submit |
28 | | -configuration for the same HTTP path. |
29 | | - |
30 | | -In most cases, guidance for conflict resolution is provided along with the |
31 | | -documentation for fields that may have a conflict. If a conflict does not have a |
32 | | -prescribed resolution, the following guiding principles should be applied: |
33 | | - |
34 | | -* Prefer not to break things that are working. |
35 | | -* Drop as little traffic as possible. |
36 | | -* Provide a consistent experience when conflicts occur. |
37 | | -* Make it clear which path has been chosen when a conflict has been identified. |
38 | | - Where possible, this should be communicated by setting appropriate status |
39 | | - conditions on relevant resources. |
40 | | -* More specific matches should be given precedence over less specific ones. |
41 | | -* The resource with the oldest creation timestamp wins. |
42 | | -* If everything else is equivalent (including creation timestamp), precedences |
43 | | - should be given to the resource appearing first in alphabetical order |
44 | | - (namespace/name). For example, foo/bar would be given precedence over foo/baz. |
45 | | - |
46 | | -## Gracefully Handling Future API Versions |
47 | | - |
48 | | -An important consideration when implementing this API is how it might change in |
49 | | -the future. Similar to the Ingress API before it, this API is designed to be |
50 | | -implemented by a variety of different products within the same cluster. That |
51 | | -means that the API version your implementation was developed with may be |
52 | | -different than the API version it is used with. At a minimum, the following |
53 | | -requirements must be met to ensure future versions of the API do not break your |
54 | | -implementation: |
55 | | - |
56 | | -* Handle fields with loosened validation without crashing |
57 | | -* Handle fields that have transitioned from required to optional without |
58 | | - crashing |
| 3 | +There are some general guidelines for implementers of SIG-Multicluster sponsored |
| 4 | +APIs. |
| 5 | + |
| 6 | + |
| 7 | +## Conformance Expectations |
| 8 | + |
| 9 | +We expect there will be varying levels of conformance among the different |
| 10 | +providers for some time. SIG-Multicluster is currently working on the framework |
| 11 | +for a conformance suite so implementations can test their conformance to the API |
| 12 | +specifications in an automated way. For now, each individual KEP indicates what |
| 13 | +a conformant implementation of a given API "MUST", "MAY", and "SHOULD" adhere |
| 14 | +to, following the interpretations of those terms as described in RFC 2119. |
| 15 | + |
| 16 | + |
| 17 | +### Implementation-specific |
| 18 | + |
| 19 | +In some aspects of the APIs, the specification provides the general user usage |
| 20 | +pattern of a feature, however, the exact behavior may depend on the underlying |
| 21 | +implementation. When known, these are called out in the KEP as implementation |
| 22 | +details to clearly distinguish between conformance expectations and the |
| 23 | +variations in behavior that are considered "implementation-specific". |
| 24 | + |
| 25 | + |
| 26 | +## API Conventions |
| 27 | + |
| 28 | +SIG-Multicluter sponsored APIs follow Kubernetes API [conventions]. These |
| 29 | +conventions are intended to ease client development and ensure that |
| 30 | +configuration mechanisms can consistently be implemented across a diverse set of |
| 31 | +use cases. |
| 32 | + |
| 33 | +[conventions]:(https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md) |
| 34 | + |
| 35 | + |
| 36 | +## API Process |
| 37 | + |
| 38 | +SIG-Multicluster sponsored APIs are communicated and matured via the [Kubernetes |
| 39 | +Enhancements Proposal process][KEPs], regardless of whether they are implemented as |
| 40 | +part of a Kubernetes release. SIG-sponsored artifacts such as conformance tests, |
| 41 | +published CRD yaml, or related images or software are published in repos in the |
| 42 | +[Kubernetes-sigs Github organization][kubernetes-sigs]. |
| 43 | + |
| 44 | +[KEPs]: (https://github.com/kubernetes/enhancements/tree/master/keps/sig-multicluster) |
| 45 | +[kubernetes-sigs]: (https://github.com/kubernetes-sigs/) |
59 | 46 |
|
60 | 47 | ## Limitations of CRD and Webhook Validation |
61 | 48 |
|
62 | 49 | CRD and webhook validation is not the final validation i.e. webhook is "nice UX" |
63 | 50 | but not schema enforcement. This validation is intended to provide immediate |
64 | 51 | feedback to users when they provide an invalid configuration. Write code |
65 | | -defensively with the assumption that at least some invalid input (Multicluster/About/Work API |
66 | | -resources) will reach your controller. Both Webhook and CRD validation is not |
67 | | -fully reliable because it: |
| 52 | +defensively with the assumption that at least some invalid input will reach your |
| 53 | +controller. Both Webhook and CRD validation is not fully reliable because it: |
68 | 54 |
|
69 | 55 | * May not be deployed correctly. |
70 | 56 | * May be loosened in future API releases. (Fields may contain values with less |
71 | 57 | restrictive validation in newer versions of the API). |
72 | 58 |
|
73 | | -*Note: These limitations are not unique to Multicluster API and apply more broadly to |
74 | | -any Kubernetes CRDs and webhooks.* |
| 59 | +*Note: These limitations are not unique to SIG-Multicluster sponsored APIs and |
| 60 | +apply more broadly to any Kubernetes CRDs and webhooks.* |
75 | 61 |
|
76 | 62 | Implementers should ensure that, even if unexpected values are encountered in |
77 | 63 | the API, their implementations are still as secure as possible and handle this |
78 | 64 | input gracefully. The most common response would be to reject the configuration |
79 | 65 | as malformed and signal the user via a condition in the status block. To avoid |
80 | 66 | duplicating work, Multicluster API maintainers are considering adding a shared |
81 | 67 | validation package that implementations can use for this purpose. |
82 | | - |
83 | | -### Expectations |
84 | | - |
85 | | -We expect there will be varying levels of conformance among the |
86 | | -different providers in the early days of this API. Users can use the |
87 | | -results of the conformance tests to understand areas where there may |
88 | | -be differences in behavior from the spec. |
89 | | - |
90 | | -### Implementation-specific |
91 | | - |
92 | | -In some aspects of the APIs, we give the user an ability to specify usage of the |
93 | | -feature, however, the exact behavior may depend on the underlying |
94 | | -implementation. For example, regular expression matching is present in all |
95 | | -implementations but specifying an exact behavior is impossible due to |
96 | | -subtle differences between the underlying libraries used (e.g. PCRE, ECMA, |
97 | | -Re2). It is still useful for our users to spec out the feature as much as |
98 | | -possible, but we acknowledge that the behavior for some subset of the API may |
99 | | -still vary (and that's ok). |
100 | | - |
101 | | -These cases will be specified as defining delimited parts of the API |
102 | | -"implementation-specific". |
103 | | - |
104 | | - |
105 | | -## Kind vs. Resource |
106 | | - |
107 | | -Similar to other Kubernetes APIs, Multicluster, Work and About APIs use "Kind" instead of "Resource" |
108 | | -in object references throughout the API. This pattern should be familiar to |
109 | | -most Kubernetes users. |
110 | | - |
111 | | -Per the [Kubernetes API Conventions][1], this means that all implementations of |
112 | | -this API should have a predefined mapping between kinds and resources. Relying |
113 | | -on dynamic resource mapping is not safe. |
114 | | - |
115 | | -## API Conventions |
116 | | - |
117 | | -The Multicluster, About and Work APIs follow [Kubernetes API Conventions][1]. These conventions |
118 | | -are intended to ease client development and ensure that configuration |
119 | | -mechanisms can consistently be implemented across a diverse set of use |
120 | | -cases. |
121 | | - |
122 | | -[1]: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md |
0 commit comments