Added GEP: provide a name field to http route #996
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: hzxuzhonghu The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
There was a problem hiding this comment.
Thanks for starting this GEP @hzxuzhonghu! I'm a bit hesitant to move forward with this new field, but it is very helpful to see the rationale here. Interested in what others think.
site-src/geps/gep-995.md
Outdated
| Provide a path for implementations to support: | ||
|
|
||
| * Policy Attachment: | ||
| Attach policies to HTTP route. |
There was a problem hiding this comment.
For this to be useful, we'd also need to add SectionName to PolicyTargetReference as described here: https://gateway-api.sigs.k8s.io/geps/gep-713/#apply-policies-to-sections-of-a-resource-future-extension. It would be helpful to clarify that here + link to what that change would look like.
site-src/geps/gep-995.md
Outdated
| Ability to have more fine-grained matches for policy references | ||
| if we add sectionName to the policy object. |
There was a problem hiding this comment.
I think some more details would be helpful here, maybe something like this?
Although Route Attachment/Delegation is not part of the API yet, it is likely to be added in the future. This concept is tracked by #634. One of the solutions that has been proposed for this involves using ParentRefs on a Route to refer to a parent Route. If we were to do that, it may be useful to attach to a specific Route rule instead of the entire Route. Adding name to Route rule could enable that.
site-src/geps/gep-995.md
Outdated
|
|
||
| ## Non-Goals | ||
|
|
||
| * Define how implementations should support these features. |
There was a problem hiding this comment.
I think we can leave this out. We do want to at least define support levels associated with any new field we propose. My guess is that this would start with Support: Core, but open to what others think.
| A `Name` field would be added to `HTTPRouteRule `: | ||
|
|
||
| ```go | ||
| type HTTPRouteMatch struct { | ||
| // Name specifies the HTTP route match name. The match's name will be | ||
| // concatenated with the parent route's name and may be logged in | ||
| // the access logs for requests matching this route depends on the implementor. | ||
| // | ||
| // +optional | ||
| Name *string `json:"name,omitempty"` | ||
| ... | ||
| } | ||
| ``` |
There was a problem hiding this comment.
Is there a clear use case for this? Unfortunately it would result in two levels of hierarchy which could get confusing when using sectionName in references.
There was a problem hiding this comment.
For istio, it will be used to generate route name, so that user can use envoyfilter to patch the generated one.
There was a problem hiding this comment.
The two levels of hierarchy name can be used to prevent duplicate names.
There was a problem hiding this comment.
Could you generate a name at this level using the index or a hash? Would that amount to enough determinism for the code and the human to get to the right place when the need arises?
There was a problem hiding this comment.
We don't want the hack, because it will be used by users
site-src/geps/gep-995.md
Outdated
| ``` | ||
| ## Alternatives | ||
|
|
||
| N/A |
There was a problem hiding this comment.
I think there's a few alternatives here:
-
Users can split out Routes into different resources when they need to be referenced separately.
Route rules are really more of a convenience than a necessity. Instead of having 10 rules in 1 route, the same config could be represented by 10 routes with 1 rule each. -
Route attachment/delegation may choose to use a different approach.
For example, each Route could choose to include a set of child routes by direct reference, meaning this GEP would not be useful for that approach. -
Logging could assign numerical indexes to Route rules.
Instead ofrules[sectionName]logs would includerules[0]or similar.
Co-authored-by: Rob Scott <[email protected]>
Co-authored-by: Rob Scott <[email protected]>
Co-authored-by: Rob Scott <[email protected]>
Co-authored-by: Rob Scott <[email protected]>
Co-authored-by: Rob Scott <[email protected]>
Although more flexible, this feels clunky and error-prone to me. The more granular the references, the more careful one has to be at different levels. |
It is always trade-off to keep simple or provide more features. TBH, I donot think there is much diff from Gateway + HTTPRoute This is an optional field, it is for experienced users. And also it is just like the semantics widely used in the repo(reference other objects with high flexibility) |
|
Like @robscott and @hbagdi, I'm worried about how this will interact with Ironically, this would actually be a little easier if we transitioned each of these lists to listMapTypes, and made the
That would make the name required in practice, if optional on input. Maybe some examples would help? How would something refer to this name if other names were set. How do we refer to a specific named match when the RouteRule also has a name? If the field is optional, how do you handle the some-have-a-name case? As I said above, having a |
|
@youngnick This is a good suggestion, but make it required will break the compatability |
|
Yes, I know it will break compatibility, but I don't think that this is really viable unless we do. I think our options are either:
Without having this required, I think it will create more implementation problems than it solves. |
|
I agree that a route rule name that is similar to gateway listener name could get confusing if it were not subject to the same unique validation and constraints. We could potentially leave it as optional but introduce webhook validation that enforced uniqueness, but @youngnick's questions have me second guessing that idea:
These are great questions, and make me question even an optional name field here. I can only imagine the confusion if someone chose to name a Route rule Despite previously proposing something very similar to what this GEP proposes, I'm not entirely sold on this concept, especially if it would require a v1alpha3. My current preference would be to leave this out of the API for the following reasons:
|
|
We discussed this in the community meeting on Monday 31-Jan-2022:
I've committed to checking in with api-machinery about if there's any preference for more, smaller objects vs larger ones, so I will do so and follow up here. |
|
Thanks for planning to follow up with apimachinery @youngnick! Very interested to hear their perspective. I agree that we've generally been pushing for more small routes instead of fewer large routes. I'm concerned that introducing a rule name here could lead to less than ideal configuration. On the other hand, it sounds like a rule name will also be part of a proposal for Route delegation. So that would add to the potential use cases for this (policy attachment, logging/debugging). Of course, all of those are possible with smaller Routes, but that could also become unwieldy at a certain scale. If we were to add a name field to Route rule, maybe it could be optional, with validation ensuring that non-empty values were unique within the Route. That would provide a level of consistency with |
|
smaller HTTPRoute is just a choice for end-users, but for infra developers, they still face the challenge to merge them, how to merge regex matches? It seems very hard. An optional field is to provide a flexible extensibility way for both users and infrastructure developers
I have to admit, it is a little confusing. how about declaring the default value, such as |
FWIW this is how Istio works. Name is not required |
|
Hey @hzxuzhonghu, we discussed this PR again at today's community meeting. We want to make some progress here, but think it will be helpful to have a clearer picture of how route delegation will work first, since it's likely very closely related to this. @Jeff-Apple is working on a proposal for this, and we're planning on discussing all of this at the next community meeting (Feb 28). |
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
Is there any progress on this recently? |
|
Hey @johnlanni, I think @mikemorris was going to try to pick this up, but I'm not sure what the timeline is. |
What type of PR is this?
What this PR does / why we need it:
Which issue(s) this PR fixes:
Fixes #986
Does this PR introduce a user-facing change?: