add a proposal for CRD conversion webhook #53
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Mariam Fahmy <[email protected]>
MariamFahmy98
requested review from
JimBugwadia,
MarcelMue,
realshuting,
chipzoller,
eddycharly and
vishal-chdhry
MarcelMue
reviewed
Dec 12, 2023
| Kyverno CRDs `v1` contain many deprecated fields that require removal. Additionally, there are fields at the `spec` level that are only specific to certain rules and not others. Therefore, we would like to introduce a more stable version, `v2`. Since `v1` and `v2` will have different schema, a conversion webhook is required to convert between them. | ||
|
|
||
| ## Proposal | ||
| In Kubernetes, it is essential that all versions are compatible with each other. This means that if we go from `v1` to `v2` and then back to `v1`, we must not lose any information. Therefore, any changes we make to our API must be compatible with `v1`, and we must ensure that anything we add in `v2` is also supported in `v1`. This requires us to add new fields to `v1` to support any new additions. |
There was a problem hiding this comment.
This requires us to add new fields to
v1to support any new additions.
I don't quite understand this, isn't it possible for us to use an annotation (as stated in solution 2.) also on the V1 object? So if something is only available in v2, it gets written to an annotation in v1 and then we don't lose data. Maybe I am missing something why this wouldn't work.
There was a problem hiding this comment.
Yes, we can do that.
MarcelMue
reviewed
Dec 12, 2023
|
|
||
| Note that multiple versions may exist in storage if they were written before the storage version changes – changing the storage version only affects how objects are created/updated after the change. | ||
|
|
||
| ## Implementation |
There was a problem hiding this comment.
I think implementation is the most important thing to clarify here. The two standouts to me are:
- Testing of the conversion
- Deployment of the CRDs with the webhook included in helm (size limitation issues + templating necessity)
I think the proposal here might change slightly when implementation plans become more clear.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.