|
| 1 | +--- |
| 2 | +title: Cluster Runtime Constraint |
| 3 | +authors: |
| 4 | + - "@dinhxuanvu" |
| 5 | +reviewers: |
| 6 | + - "@kevinrizza" |
| 7 | +approvers: |
| 8 | + - "@kevinrizza" |
| 9 | +creation-date: 2021-08-26 |
| 10 | +last-updated: 2020-09-06 |
| 11 | +status: provisional |
| 12 | +--- |
| 13 | + |
| 14 | +# cluster-runtime-constraint |
| 15 | + |
| 16 | +## Release Signoff Checklist |
| 17 | + |
| 18 | +- [ ] Enhancement is `implementable` |
| 19 | +- [ ] Design details are appropriately documented from clear requirements |
| 20 | +- [ ] Test plan is defined |
| 21 | +- [ ] Graduation criteria for dev preview, tech preview, GA |
| 22 | + |
| 23 | +## Summary |
| 24 | + |
| 25 | +This proposal presents the specification and usage to enable runtime constraints to be considered during operator dependency resolution. This feature will ensure Operator Lifecycle Manage (OLM) to install operators that satisfy dependency requirements and runtime constraints if present. |
| 26 | + |
| 27 | +## Motivation |
| 28 | + |
| 29 | +At the moment, OLM resolves a set of operators which seem that they will work together based on dependency requirements that are specified by operator bundles. However, it is possible that those resolved operators will not work on the clusters due to cluster/runtime constraints. For example, if the cluster is running a specific Kubernetes version that is not compatible with the operators, the installed operators may fail to work properly on that given cluster. |
| 30 | + |
| 31 | +The cluster runtime constraints are often unknown by the operator authors and should be specified by cluster admins. However, currently, there is no mechanism for cluster admins to specify runtime constraints that OLM can understand and take under consideration during installation. |
| 32 | + |
| 33 | +### Goals |
| 34 | +- Provide mechanism (including specification and guideline) for cluster admins to specify cluster runtime constraints |
| 35 | +- Provide specification and guideline for author operators to specify runtime constraints/requirements if needed |
| 36 | +- Block the updates/installations of operators based on cluster runtime constraints |
| 37 | +- Allow the cluster runtime constraints to be generic and configurable by cluster admins |
| 38 | + |
| 39 | +### Non-Goals |
| 40 | + |
| 41 | +- Provide mechanism to retrieve/populate cluster runtime constraints automatically |
| 42 | +- Allow cluster runtime constraints to be scoped |
| 43 | +- Allow cluster runtime constraints to come from multiple/different sources |
| 44 | +- Allow optional cluster runtime constraints |
| 45 | + |
| 46 | + |
| 47 | +## Proposal |
| 48 | + |
| 49 | +To provide a generic solution for cluster runtime constraints, a library named [cel-go](https://github.com/google/cel-go) that provides expression evaluation capabilities is utilized in this proposal. |
| 50 | + |
| 51 | +### User Stories |
| 52 | + |
| 53 | +#### Constraints specified by cluster admin |
| 54 | + |
| 55 | +As a cluster admin, I would like to specify a list of cluster runtime constraints that are associated with a given cluster and all installable operators will meet these requirements. |
| 56 | + |
| 57 | +#### Constraint properties specified by operator author |
| 58 | + |
| 59 | +As an operator author, I would like to provide a list of runtime properties that may be needed to be considered before installation to ensure the operator working properly on the cluster. |
| 60 | + |
| 61 | +### Implementation Details |
| 62 | + |
| 63 | +#### Cluster Runtime Constraint Configmap |
| 64 | + |
| 65 | +Cluster admins can specified cluster runtime constraints in a configmap (named `olm-runtime-constraints`) in `olm` namespace using this format: |
| 66 | + |
| 67 | +```yaml= |
| 68 | +apiVersion: v1 |
| 69 | +kind: ConfigMap |
| 70 | +metadata: |
| 71 | + name: olm-runtime-constraints |
| 72 | + namespace: olm |
| 73 | +data: |
| 74 | + properties: <list-of-expression-constraints-in-json> |
| 75 | +``` |
| 76 | + |
| 77 | +Each constraint is specified using the following syntax: |
| 78 | + |
| 79 | +```json= |
| 80 | +{ |
| 81 | + "type": "olm.constraint", |
| 82 | + "value": { |
| 83 | + "evaluator": { |
| 84 | + "id": "cel" |
| 85 | + }, |
| 86 | + "source": "properties.exists(p, p.type == \"certified\")", |
| 87 | + "action": { |
| 88 | + "id": "require" |
| 89 | + } |
| 90 | + } |
| 91 | +} |
| 92 | +``` |
| 93 | + |
| 94 | +The constraint `type` is `olm.constraint` and the `value` is information associated with constraint. The `value` struct has 3 fields: `evaluator`, `source` and `action`. |
| 95 | + |
| 96 | +The `evaluator` is a struct with `id` field to represent the language library that will be used to evaluate the expression. At the moment, only `cel-go` library is supported using `cel` as the identifier. More fields are potentially added to expand the supported expression languages/libraries in the future. |
| 97 | + |
| 98 | +The `source` field is the string of expression that will be evaluated during resolution. Currently, only `cel-go` expressions are supported. |
| 99 | + |
| 100 | +Finally, the `action` field is a struct with the `id` field to indicate the resolution action that this constraint will behave. For example, for `require` action, there must be at least one candidate that satisfies this constraint. At the moment, `require` and `conflict` actions are supported. More fields may be added into `action` struct to support more resolution actions in the future. |
| 101 | + |
| 102 | +#### Runtime Dependencies in Bundle |
| 103 | + |
| 104 | +The operator authors specify the cluster runtime requirements in `dependencies.yaml` using the following format: |
| 105 | + |
| 106 | +```yaml= |
| 107 | +dependencies: |
| 108 | + - |
| 109 | + type: olm.constraint |
| 110 | + value: |
| 111 | + action: |
| 112 | + id: require |
| 113 | + evaluator: |
| 114 | + id: cel |
| 115 | + source: "properties.exists(p, p.type == \"certified\")" |
| 116 | +``` |
| 117 | + |
| 118 | +#### Runtime Constraint Resolution |
| 119 | + |
| 120 | +The constraints that are specified in `olm-runtime-constraints` Configmap are converted into properties of a global existing virtual node in the cluster. All operators/candidates must satisfy those properties in order to be installed. |
| 121 | + |
| 122 | +If constraints are added to bundles, they will be evaluated and must be satisfied similarly to `olm.gvk.required` and `olm.package.required` properties. |
| 123 | + |
| 124 | +### Risks and Mitigations |
| 125 | + |
| 126 | +### Prototype |
| 127 | + |
| 128 | +TBD |
| 129 | + |
| 130 | +## Drawbacks |
| 131 | + |
| 132 | +The [cel-go](https://github.com/google/cel-go) library is rather new and still under development. Even though cel-go has been used in other opensource projects such as Tekton, it has not yet reached stable release (v1). Breaking changes can be introduced to this library and potentially OLM behavior in the future. |
| 133 | + |
| 134 | +The complexity of the library is not yet fully evaluated which could lead to a poor user experience if the library is too difficult to use and utilized. |
| 135 | + |
| 136 | +One of the popular use cases is semver comparison which is not a supported value type in cel-go. Custom functions are required to support semver. |
| 137 | + |
| 138 | +## Alternatives |
0 commit comments