Replies: 8 comments 13 replies
-
I voted YES, for a wide variety of reasons a few prominent ones being:
|
Beta Was this translation helpful? Give feedback.
-
I voted "Uncertain". There are definitely benefits which others mention which I agree with. However, there is a huge risk to velocity that I worry about. In another context I just said "X API is alpha in Kubernetes, so it will be roughly 3 years before we can use it". Our users would love to not wait 3 years for Gateway features! Its also not clear to me what the transition looks like from CRD to core. Depending on how this works, it plausibly could solve the above problem. For instance, if you can have a CRD override the core type, you could in theory have users get the 'bundled version' (maybe older, but ok) or deploy the CRD manually and get the latest and greatest. Then you kind of have 'bundled (super stable)', 'stable', and 'experimental' I suppose. Not sure, this may cause weird fragmentation as well. |
Beta Was this translation helpful? Give feedback.
-
It is important to consider in this context that for any API in-tree we are requiring reference implementations in tree, because users expect the APIs to work without installing anything |
Beta Was this translation helpful? Give feedback.
-
A metaquestion: are we really talking about "in-tree"? or are we talking about "automagically available in-cluster"? To me, one of these is a question about how development is done, and the other is a question about what Gateway API's user experience is like. I care more about UX than I do about where exactly the development happens (though I care about that too, somewhat). |
Beta Was this translation helpful? Give feedback.
-
I am a very hard no on moving the code to in-tree, for a few reasons. Firstly, to explain, here I am using "in-tree" to mean the following:
Secondly, I think it's really, really important to remember that Kubernetes is, by and large, stable software. Users of Kubernetes do not want a greater velocity of change. The LTS working group has got a lot of feedback from big institutions like banks that they want slower releases, and for releases to be supported for longer. I think that speeding up of the upstream Kubernetes release cycle will not happen any time in the next 5 years, if ever. People run platforms on Kubernetes that people's lives depend on, if anything I think we're not being careful enough. All of the above would mean that Gateway API releases will be on the same cadence as Kubernetes releases (so, three times a year), and even experimental changes will need the full KEP process - and because the things will be included, we'll need signoff from groups like SIG-API Machinery and SIG-Architecture on many changes (Policy Attachment, particularly, would need a KEP all its own, and we would need a lot more certainty around how things work before we could even get it to alpha.) So, I'm very much a no here, because the net effect would be:
There's some additional background that may not be clear to folks who haven't been following the upstream closely as well: there has been a multi-year effort to move things out of tree, to make the core Kubernetes code base smaller, so that less changes will be necessary, so that folks who want less change per version can continue using Kubernetes. That's why cloud provider code, for example, is now out of tree. Gateway API is actually well ahead of the curve here, and the fact that we are finding the issues with distributing CRDs as an extension mechanism is going to be good for Kubernetes as a whole because we can find solutions as well, at a much faster cadence than would be possible in upstream. With all of that said, I one hundred percent agree that we need ways to ensure that Gateway API CRDs are:
I just feel very strongly that moving away from delivering this API with CRDs is not worth the additional pain it would cost everyone, both us and users. Even with all their problems, using CRDs is the best option we have available, and I don't think we can build a better option in any reasonable amount of time and/or resources. |
Beta Was this translation helpful? Give feedback.
-
I absolutely agree with the problem statement - installing and managing Gateway API CRDs is annoying and creates friction that likely limits the adoption of Gateway API. With that said, I strongly disagree with moving this API into tree. My rationale for this can be split into several points: 1. It's not sustainable for the Kubernetes core to indefinitely grow in size 2. The Kubernetes upstream development cycle is at least 2x slower than Gateway API 3. The Kubernetes upstream development cycle does not enable the same level of collaboration 4. It's very confusing when an API is included in Kubernetes but doesn't actually do anything by default 5. This change would likely result in less contributor activity in the project With all of that said, there are very real pain points when working with CRDs for contributors, users, and implementers of this project. I do want to find a way to dramatically improve this experience. That will undoubtedly require some work in this project to make the installation process better, and likely also some work in upstream to smooth off the rough edges of CRDs. Given that we have a finite amount of time and people that are able to work on this project, I'd rather focus our efforts on improving the overall experience than making a significant project to upstream. For example, using CRDs does not prevent cluster providers from managing the CRDs as a cluster addon. We could work as a project to define some guidelines for how to do that safely and likely resolve much of the overall UX problems we're facing with a significantly smaller amount of work. If in the future, there comes a point in time where this API is not meaningfully changing and has fully stabilized, we can certainly revisit this conversation, but until then, I'd strongly prefer continuing to iterate on this project with CRDs. |
Beta Was this translation helpful? Give feedback.
-
Even though I totally agree with the root problem and the statement of making life easier for our users and increasing the Gateway API adoption, I'm opposed to move Gateway API in-tree. I do share the concerns about the development velocity and the fact that moving Gateway API upstream would significantly lower our process, with some bad side effects, such as the potential loss of contributors, and the rise of implementation-based alternatives (in a nutshell what already happened to ingress API). I think we should spend our energy on improving the CRD management both upstream and in the Gateway API. One point is shipping Gateway API CRDs with core Kubernetes. I think it'd heavily help increase adoption while keeping Gateway API independent from upstream cycles, needs, and rules. A user who creates a new cluster will have Gateway API CRD at hand to play with, and in case they want to upgrade to the newest Gateway API version (or change channel) they'll be able to do it as they always did. |
Beta Was this translation helpful? Give feedback.
-
I agree with Rob’s points, and for those reasons I don’t think moving Gateway API in-tree would be a good idea in the short to medium term. I also think that Gateway API is a strong enough community with a large base of interested users for Kubernetes to use it to fix the issues around CRD usage! (Note I’m not saying the Gateway API community needs to fix those, but that the Kubernetes community needs to, and that Gateway API can hopefully be a good enough reason to find the energy to make the appropriate changes once we figure out what they are.) |
Beta Was this translation helpful? Give feedback.
-
Gateway API as a project was a pioneer in the "creating official CRDs" movement in Kubernetes SIGs. The choice to go CRD provided velocity and autonomy and has often been touted as a good call and a boon for the project.
CRDs however have their difficulties for end-users however! So in a community meeting we revisited the question of "Should we move Gateway API in-tree?" and we took an action item to make some discussions like this.
To be more definitive this means make some subset of our APIs official APIs like Ingress is, and (importantly) make them available by default on clusters.
We hope people will please answer the poll, but also add an accompanying comment as understanding your pain points and reasons could be very illuminating for us (perhaps especially if you answer is no or I'm uncertain).
20 votes ·
Beta Was this translation helpful? Give feedback.
All reactions