RFC to create a lifecycle crd #1483
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
❗ Your organization needs to install the Codecov GitHub app to enable full functionality. Additional details and impacted files@@ Coverage Diff @@
## main #1483 +/- ##
=======================================
Coverage 67.17% 67.17%
=======================================
Files 134 134
Lines 8276 8276
=======================================
Hits 5559 5559
Misses 2264 2264
Partials 453 453 ☔ View full report in Codecov by Sentry. |
rfcs/0000-lifecycle-crd.md
Outdated
| patched upstream, requires any user to build the kpack specific lifecycle image themselves if the kpack provided one | ||
| has not been bumped. | ||
|
|
||
| As we [move to deprecate windows](https://github.com/buildpacks-community/kpack/discussions/1366), there is an opportunity for us to utilize |
There was a problem hiding this comment.
We do ship "lifecycle images" for Windows, so in theory you could specify the Windows image if Windows support is desired.
There was a problem hiding this comment.
if we kept windows support a user would need to create a ClusterLifecycle for windows and reference that one in their builder. We should have os status on the new lifecycle crd and validation when generating a builder. I can add something about that in the event that windows doesn't get deprecated before we do this
There was a problem hiding this comment.
Do we want to support multi-arch lifecycle images? I.e. if I have an Image Index with linux/amd64, linux/arm64, and windows/amd64 images, do I need to break them out into 3 separate ClusterLifecycles?
There was a problem hiding this comment.
That is a good question. I suspect the simpler approach would be to keep them separate, but I could be wrong. Would appreciate other more knowledgeable folks weighing in here.
rfcs/0000-lifecycle-crd.md
Outdated
| One open question is whether we should follow the Clusterstack model and keep this resource strictly cluster scoped or | ||
| follow the ClusterBuildpack pattern and provide a namespaced scoped version of the CRD. |
There was a problem hiding this comment.
What are the pros and cons here? I could imagine, con of providing additional namespaced scoped resource is increased complexity. Anything else here?
I'd vote to do whatever is simplest and add more stuff later if it is ever needed or requested.
There was a problem hiding this comment.
the pro would be that a user that wants to use a particular version of the lifecycle that doesn't have cluster access can create a namespaced builder with a namespaced lifecycle. They would still run into the fact that stacks are cluster scoped only. I am in favor of only creating a cluster level resource but I feel pretty strongly that we should call it ClusterLifecycle to keep the door open for a namespaced one and to follow the naming convention of our other resources
| The existing lifecycle reconciler can be updated to reconcile this new CRD instead of ConfigMaps. | ||
|
|
||
| A new field will be added to the ClusterBuilder/Builder resources allowing the user to provide a reference to a lifecycle CR. | ||
| This field will be optional and will default to the highest semantic version that is supported by the buildpacks in the builder and the platform. |
There was a problem hiding this comment.
Is that basically like how we hard-code the lifecycle version here?
Line 35 in e1722c0
Would the future world deprecate that part of the code entirely? Like, if no ClusterLifecycle is specified do you get a default ClusterLifecycle or do you fallback to pulling the layer out of the lifecycleImage?
There was a problem hiding this comment.
ya this would get deprecated and we would pull in an upstream lifecycle in the ci pipeline instead of building our own like this file is doing.
we would still ship a default ClusterLifecycle to ease burden on our users and avoid a breaking change on upgrade
Signed-off-by: Tom Kennedy <[email protected]>
tomkennedy513
force-pushed
the
lifecycle-crd
branch
from
1cb07da
to
a4da42a
Compare
|
A few unresolved qs from my side - What happens when there are multiple lifecycle crds? Can we specify a default? Is this a cluster only resource? What happens when the lifecycle gets updated? Will we do a rebuild/rebase? |
I think @tomkennedy513 was suggesting we use a webhook for that
Yes (this is detailed here)
Good question. For rebuild, I think yes? This is philosophically the same as updating your builder which already triggers a rebuild. For rebase, I think no? There would be no benefit if the run image didn't change. @tomkennedy513 @chenbh could you confirm my understanding?
BUT we may want to explore (on the CNB-spec side) "launcher layer rebase" to update the go version in the launcher which (when outdated) can cause pain. |
|
@tomkennedy513 @chenbh I'd like to work on this. Is there an issue for it? Could we create one (pending the approval of this RFC)? |
I was thinking we may go down the same path we did with clusterstack where the kp cli will use a lifecycle crd called default (and we will ship with one called default). Alternatively we were thinking that the kpack webhook could do the exact same thing where it looks for one called default.
It would cause a rebuild because the builder would be rewritten. You can mimic this today by updating the lifecycle in the configmap |
I dont think we have one, are you ok making one |
|
Made an issue to track the work on this: #1609 |
| The existing lifecycle reconciler can be updated to reconcile this new CRD instead of ConfigMaps. | ||
|
|
||
| A new field will be added to the ClusterBuilder/Builder resources allowing the user to provide a reference to a lifecycle CR. | ||
| This field will be optional and will default to the highest semantic version that is supported by the buildpacks in the builder and the platform. |
There was a problem hiding this comment.
| This field will be optional and will default to the highest semantic version that is supported by the buildpacks in the builder and the platform. | |
| This field will be optional and will default to the highest semantic version that is supported by the platform. |
Buildpacks are configured by the operator, so I don't think we can know which Buildpack APIs will be required... right? In theory (assuming we think most buildpacks in the wild have upgraded to at least Buildpack API 0.7 - since lifecycle 0.18.x and higher drops support for earlier APIs) it should be the highest semantic version that supports the Platform APIs here...right? In practice, that is going to mean the latest available lifecycle (until we deprecate more Platform APIs).
There was a problem hiding this comment.
we do validate that any buildpack referenced in the order is using buildpack apis supported by the lifecycle when constructing a builder
kpack/pkg/cnb/builder_builder.go
Lines 188 to 204 in ae5eb15
There was a problem hiding this comment.
Ah, I see - but that validation happens after the ClusterLifecycle is defined, no? So in the case that the provided lifecycle doesn't support a buildpack in the builder we just fail, right? (Instead of selecting a different lifecycle?)
There was a problem hiding this comment.
I think the only check we'd want when the cluster lifecycle is reconciled is the platform api compatibility. The buildpack api compatibility will continue to happen at builder creation
|
FYI the PR implementing the changes proposed here is ready for feedback: #1628 So, we should probably circle back to this RFC to see if it is acceptable as-is or if it needs changes. |
readable