Update Kustomization integration KEP #698
Conversation
pwittrock
commented
Jan 18, 2019
pwittrock
commented
- Split into 2 parts
- Add subcommand
- New kep for integration into file handling
- add more background and context. - revisit specifics of UX. - provide justification for not using plugins. - add more alternatives considered.
k8s-ci-robot
added
cncf-cla: yes
k8s-ci-robot
added
sig/architecture
|
/assign @soltysh |
|
@pwittrock: GitHub didn't allow me to assign the following users: Liujingfang1. Note that only kubernetes members and repo collaborators can be assigned and that issues/PRs can only have 10 assignees at the same time. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
|
||
| ## Summary | ||
|
|
||
| This is a follow up to [KEP-0031](https://github.com/kubernetes/enhancements/blob/master/keps/sig-cli/0031-kustomize.md) |
There was a problem hiding this comment.
This PR is removing that file.
justaugustus
left a comment
justaugustus
left a comment
There was a problem hiding this comment.
Please remove any references to NEXT_KEP_NUMBER and rename the KEP to just be the draft date and KEP title.
KEP numbers will be obsolete once #703 merges.
k8s-ci-robot
added
the
approved
pwittrock
force-pushed
the
master
branch
3 times, most recently
from
23d3fe4 to
f2d6e2a
Compare
|
@justaugustus That is great news. Updated. |
soltysh
left a comment
soltysh
left a comment
There was a problem hiding this comment.
I left you a few nits here and there, but overall this lgtm.
Thank you 🥇
| Kubectl commands taking the common flags (`-f`, `--filename`, `-R`, `--recursive`) will support `kustomization.yaml` | ||
| files. | ||
|
|
||
| Cli-runtime will add the flags `-k, --kustomize=[]`, which will be registered along side the other file processing |
There was a problem hiding this comment.
Quick question, I assume -k and -f will be exclusive? If so, maybe it's worth adding that here.
There was a problem hiding this comment.
Hm. Good question. We could start that way and open it up in the future.
There was a problem hiding this comment.
Yeah, exclusive seems the best to start with, it'll leave us more room for change than the other way around.
|
|
||
| Link to tracking issue: kubernetes/enhancements#633 | ||
|
|
||
| See [KEP FAQ](kep-faq.md) for "why not as as plugin". |
There was a problem hiding this comment.
and Why should this be part of kubectl? section too.
|
|
||
| Kustomize Standalone Sub Command | ||
|
|
||
| Publish the `kustomize build` command as `kubectl kustomize`. Update documentation demonstrate using kustomize as |
| Publish the `kustomize build` command as `kubectl kustomize`. Update documentation demonstrate using kustomize as | ||
| `kubectl kustomize <dir> | kubectl apply -f -`. | ||
|
|
||
| `kubectl kustomize` takes a single argument with is the location of a directory containing a file named `Kustomization` |
There was a problem hiding this comment.
file named kustomization.yaml
There was a problem hiding this comment.
@monopole WDYT of changing the file name pre-integration (we could still recognize the old one, but not advertise it)? This follows the pattern of Makefile and Dockerfile.
There was a problem hiding this comment.
FWIW, We went with .yaml (and, alas, .yml) because emacs and vi both still use the legacy extension as a pretty reliable edit model signal. I just tried it without the extension, and my stock emacs and vim installs failed to do the Right Thing based on content detection.
Makefile, being a unique text formatting class with one instantiation, doesn't suffer from this problem (emacs/vi do the Right Thing). Dockerfile detection hasn't made it into my stock emacs install yet :)
I'm for allowing all of them ( Kustomization, kustomization.yaml, kustomization.yml) pre-integration, erroring if none or more than one found (no ambiguity).
There was a problem hiding this comment.
Have we actually considered abandoning the brand name Kustomization and actually call it customization.yaml?
There was a problem hiding this comment.
keeping this kustomization.yaml
There was a problem hiding this comment.
Honestly, since we're introducing -k flag which is meant to point to kustomization.yaml I think we can safely assume that any name is supported, right? Or did I miss something? Eventually we should make this more clearer in description of the flag, if so. But I remember from the discussion we've had during KubeCon we wanted to explicitly point to the file to run kustomization, unless the fact that we're using -k/--kustomize allows users to pass file OR the directory containing the file. In which case there are two possibilities:
- if I pass file name to
-kthe name doesn't matter, only the kind specified in file must beKustomization. - if I pass directory we can search for
kustomization.yamlor just look for a file withKustomizationkind.
So actually the name doesn't matter. Other thoughts?
There was a problem hiding this comment.
I'd expect -k to take a directory, and look for the kustomization file the same way we look for the file when processing a base referenced from another file. For these directories to be composable, they will need to use kustomize filenames findable via base reference, anyway.
There was a problem hiding this comment.
That's a reasonable argument for -k accepting a dir.
| `kubectl kustomize` takes a single argument with is the location of a directory containing a file named `Kustomization` | ||
| and writes to stdout the kustomized Resource Config. | ||
|
|
||
| If the directory does not contain a `Kustomization` file, it returns an error. |
|
|
||
| ## Kustomize Example | ||
|
|
||
| Following is an example of a kustomization.yaml file used by kustomize: |
There was a problem hiding this comment.
Put kustomization.yaml into back-quotes.
| Following is an example of a kustomization.yaml file used by kustomize: | ||
|
|
||
| ``` | ||
| apiVersion: v1beta1 |
|
|
||
| ## Graduation Criteria | ||
|
|
||
| The API version for kustomize is defined in the kustomization.yaml file. The KEP is targeted `v1beta1`. |
There was a problem hiding this comment.
Back-quote kustomization.yaml
| The API version for kustomize is defined in the kustomization.yaml file. The KEP is targeted `v1beta1`. | ||
|
|
||
| The criteria for graduating from `v1beta1` for the kustomize sub-command should be determined as part of | ||
| evaluating the success and maturity of kustomize as a command within kubectl. |
| Most implementation will be in cli-runtime | ||
|
|
||
| - [ ] vendor `kustomize/pkg` into kubernetes | ||
| - [ ] copy `kustomize/k8sdeps` into cli-runtime |
There was a problem hiding this comment.
Yeah, at the end of the day I'm hoping that cli-runtime will contain the core of kustomize, but everything above (commands, etc) should exist outside cli-runtime. Maybe worth putting that here.
| ## Summary | ||
|
|
||
| [Kustomize](https://github.com/kubernetes-sigs/kustomize) | ||
| was developed as a subproject of sig-cli by kubectl maintainers with the goal of addressing |
There was a problem hiding this comment.
s/with the goal of addressing/to address/
|
|
||
| [Kustomize](https://github.com/kubernetes-sigs/kustomize) | ||
| was developed as a subproject of sig-cli by kubectl maintainers with the goal of addressing | ||
| a collection of issues (See [motivation](#motivation)) creating friction for declarative workflows in kubectl |
There was a problem hiding this comment.
issues can link to #motivation - can drop the (See ...)
| It is independent of, but complementary to, the [*server-side apply*](https://github.com/kubernetes/enhancements/issues/555) | ||
| initiative that was started later and targeted at a separate collection of `kubectl apply` issues. | ||
|
|
||
| **Note:** |
There was a problem hiding this comment.
This paragraph (the "Note") and the next offer more details on the purpose / history of kustomize,
Trying to rephrase without the "Note":
Kustomize offers generators and transformations in a declarative form that improve
on functionality provided by existing imperative commands in kubectl.The declarative approach offers a clear path to accountability (all input can be kept
in version control), can safely exploit a holistic, unbounded view of disparate resources
and their interdependence (it's a plan about what to do, not a direct action), and
can be easily constrained to verifiable rules across this view (all edits must be
structured, no removal semantics, no environment side-effects, etc.).Imperative kubectl commands / flags available through kustomize:
....
| - updating Resources from Resource Config without wiping out control-plane defined fields (e.g. Service clusterIp) | ||
| - automatically deciding whether to create, update or delete Resources | ||
|
|
||
| **Motivation:** |
| @@ -0,0 +1,101 @@ | |||
| --- | |||
| title: Integrate Kustomize into cli-runtime | |||
There was a problem hiding this comment.
minor point: This KEP has three titles - this one (in the table), the file name, and the text after the first #. Let's pick one.
more importantly - We've discussed -f vs -k / visitation at length, and my views/concerns are missing here or perhaps just not expressed as I'd express them.
We want declarative features delivered as part of kubectl, and have established that the quickest way to do so is via adding a new subcommand (the other KEP), and deferring debate about -f and its baggage.
| If the directory does not contain a `Kustomization` file, it returns an error. | ||
|
|
||
| Defer deeper integration into ResourceBuilder (e.g. `kubectl apply -k <dir>`) as a follow up after discussing | ||
| the precise UX and technical tradeoffs. (i.e. deeper integration is more delicate and can be done independently.) |
There was a problem hiding this comment.
This is enough about -f / -k for this PR
| literals: | ||
| - JAVA_HOME=/opt/java/jdk | ||
| - JAVA_TOOL_OPTIONS=-agentlib:hprof | ||
|
|
There was a problem hiding this comment.
The indentation is off for literals.
| - name: app-sec | ||
| commands: | ||
| username: "echo admin" | ||
| password: "echo secret" |
There was a problem hiding this comment.
The indentation is off for commands.
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: monopole, pwittrock The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
9 participants
