Skip to content

Commit

Permalink
Make root:compute export the rest of namespaced kube API
Browse files Browse the repository at this point in the history 
Not exporting the cluster-scoped part yet, not sure about ability to
support it.

Updated example1 to exercise this by switching the common workload
from a Deployment object to a ReplicaSet object.

Also updated example1 to use `kubestellar init` because that now does
a lot more than just create one workspace and do one `kubectl apply`.

The CRDs and APIExports were produced as follows.

These were produced by the following bashery.

The following function converts a `kubectl api-resources` listing into
a listing of arguments to the kcp crd-puller.

```bash
function rejigger() {
    if [[ $# -eq 4 ]]
    then gv="$2"
    else gv="$3"
    fi

    case "$gv" in
	(*/*) group=.$(echo "$gv" | cut -f1 -d/) ;;
	(*)   group=""
    esac

    echo "${1}$group"
}
```

With `kubectl` configured to manipulate a kcp workspace, the following
command captures the listing of resources built into that kcp
workspace.

```bash
kubectl api-resources | grep -v APIVERSION | while read line; do rejigger $line; done > /tmp/kcp-rgs.txt
```

With `kubectl` configured to manipulate a kind cluster, the following
commands capture the resource listing split into namespaced and
cluster-scoped.

```bash
kubectl api-resources | grep -v APIVERSION | grep -w true | while read line; do rejigger $line; done > /tmp/kind-ns-rgs.txt
kubectl api-resources | grep -v APIVERSION | grep -w false | while read line; do rejigger $line; done > /tmp/kind-cs-rgs.txt
```

With CWD=config/kube/exports/namespaced,

```bash
crd-puller --kubeconfig $KUBECONFIG $(grep -v -f /tmp/kcp-rgs.txt /tmp/kind-ns-rgs.txt)
```

With CWD=config/kube/exports/cluster-scoped,

```bash
crd-puller --kubeconfig $KUBECONFIG $(grep -v -f /tmp/kcp-rgs.txt /tmp/kind-cs-rgs.txt)
```

I manually deleted the four CRDs from https://github.com/kcp-dev/kcp/tree/v0.11.0/config/rootcompute/kube-1.24 .

Sadly, kubernetes/kubernetes#118698 is a thing.
So I manually hacked the CRD for jobs.

Sadly, the filenames produced by the crd-puller are not loved by
apigen.  The following function renames one file as needed.

```bash
function fixname() {
    rg=${1%%.yaml}
    case $rg in
	(*.*)
	    g=$(echo $rg | cut -d. -f2-)
	    r=$(echo $rg | cut -d. -f1);;
	(*)
	    g=core.k8s.io
	    r=$rg;;
    esac
    mv ${rg}.yaml ${g}_${r}.yaml
}
```

In each of those CRD directories,

```bash
for fn in *.yaml; do fixname $fn; done
```

Penultimately, with CWD=config/kube,

```bash
../../hack/tools/apigen --input-dir crds/namespaced --output-dir exports/namespaced
../../hack/tools/apigen --input-dir crds/cluster-scoped --output-dir exports/cluster-scoped
```

Finally, kubernetes/enhancements#1111 applies
to APIExport/APIBinding as well as to CRDs.  And the CRD puller does
not know anything about this (not that it would help?).  I manually
hacked the namespaced APIResource files that needed it to have an
`api-approved.kubernetes.io` annotation.  It turns out that the
checking in the apiserver only requires that the annotation's value
parse as a URL (any URL will do).

Signed-off-by: Mike Spreitzer <[email protected]>
  • Loading branch information
@MikeSpreitzer
MikeSpreitzer committed Jun 16, 2023
1 parent bd80ad2 commit aba0029
Show file tree
Hide file tree
Showing 69 changed files with 116,456 additions and 67 deletions.
1,093 changes: 1,093 additions & 0 deletions config/kube/crds/cluster-scoped/core.k8s.io_persistentvolumes.yaml
View file

Large diffs are not rendered by default.

315 changes: 315 additions & 0 deletions config/kube/crds/cluster-scoped/flowcontrol.apiserver.k8s.io_flowschemas.yaml
View file

Large diffs are not rendered by default.

170 changes: 170 additions & 0 deletions ...ig/kube/crds/cluster-scoped/flowcontrol.apiserver.k8s.io_prioritylevelconfigurations.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,170 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.kubernetes.io: https://github.com/kcp-dev/kubernetes/pull/4
creationTimestamp: null
name: prioritylevelconfigurations.flowcontrol.apiserver.k8s.io
spec:
conversion:
strategy: None
group: flowcontrol.apiserver.k8s.io
names:
kind: PriorityLevelConfiguration
listKind: PriorityLevelConfigurationList
plural: prioritylevelconfigurations
singular: prioritylevelconfiguration
scope: Cluster
versions:
- name: v1beta2
schema:
openAPIV3Schema:
description: PriorityLevelConfiguration represents the configuration of a
priority level.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: '`spec` is the specification of the desired behavior of a
"request-priority". More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
limited:
description: '`limited` specifies how requests are handled for a Limited
priority level. This field must be non-empty if and only if `type`
is `"Limited"`.'
properties:
assuredConcurrencyShares:
description: |-
`assuredConcurrencyShares` (ACS) configures the execution limit, which is a limit on the number of requests of this priority level that may be exeucting at a given time. ACS must be a positive number. The server's concurrency limit (SCL) is divided among the concurrency-controlled priority levels in proportion to their assured concurrency shares. This produces the assured concurrency value (ACV) --- the number of requests that may be executing at a time --- for each such priority level:
ACV(l) = ceil( SCL * ACS(l) / ( sum[priority levels k] ACS(k) ) )
bigger numbers of ACS mean more reserved concurrent requests (at the expense of every other PL). This field has a default value of 30.
format: int32
type: integer
limitResponse:
description: '`limitResponse` indicates what to do with requests
that can not be executed right now'
properties:
queuing:
description: '`queuing` holds the configuration parameters
for queuing. This field may be non-empty only if `type`
is `"Queue"`.'
properties:
handSize:
description: '`handSize` is a small positive number that
configures the shuffle sharding of requests into queues. When
enqueuing a request at this priority level the request''s
flow identifier (a string pair) is hashed and the hash
value is used to shuffle the list of queues and deal
a hand of the size specified here. The request is put
into one of the shortest queues in that hand. `handSize`
must be no larger than `queues`, and should be significantly
smaller (so that a few heavy flows do not saturate most
of the queues). See the user-facing documentation for
more extensive guidance on setting this field. This
field has a default value of 8.'
format: int32
type: integer
queueLengthLimit:
description: '`queueLengthLimit` is the maximum number
of requests allowed to be waiting in a given queue of
this priority level at a time; excess requests are rejected. This
value must be positive. If not specified, it will be
defaulted to 50.'
format: int32
type: integer
queues:
description: '`queues` is the number of queues for this
priority level. The queues exist independently at each
apiserver. The value must be positive. Setting it to
1 effectively precludes shufflesharding and thus makes
the distinguisher method of associated flow schemas
irrelevant. This field has a default value of 64.'
format: int32
type: integer
type: object
type:
description: '`type` is "Queue" or "Reject". "Queue" means
that requests that can not be executed upon arrival are
held in a queue until they can be executed or a queuing
limit is reached. "Reject" means that requests that can
not be executed upon arrival are rejected. Required.'
type: string
required:
- type
type: object
type: object
type:
description: '`type` indicates whether this priority level is subject
to limitation on request execution. A value of `"Exempt"` means
that requests of this priority level are not subject to a limit
(and thus are never queued) and do not detract from the capacity
made available to other priority levels. A value of `"Limited"`
means that (a) requests of this priority level _are_ subject to
limits and (b) some of the server''s limited capacity is made available
exclusively to this priority level. Required.'
type: string
required:
- type
type: object
status:
description: '`status` is the current status of a "request-priority".
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
conditions:
description: '`conditions` is the current state of "request-priority".'
items:
description: PriorityLevelConfigurationCondition defines the condition
of priority level.
properties:
lastTransitionTime:
description: '`lastTransitionTime` is the last time the condition
transitioned from one status to another.'
format: date-time
type: string
message:
description: '`message` is a human-readable message indicating
details about last transition.'
type: string
reason:
description: '`reason` is a unique, one-word, CamelCase reason
for the condition''s last transition.'
type: string
status:
description: '`status` is the status of the condition. Can be
True, False, Unknown. Required.'
type: string
type:
description: '`type` is the type of the condition. Required.'
type: string
required:
- type
type: object
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions:
- v1beta2
94 changes: 94 additions & 0 deletions config/kube/crds/cluster-scoped/networking.k8s.io_ingressclasses.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,94 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.kubernetes.io: https://github.com/kcp-dev/kubernetes/pull/4
creationTimestamp: null
name: ingressclasses.networking.k8s.io
spec:
conversion:
strategy: None
group: networking.k8s.io
names:
kind: IngressClass
listKind: IngressClassList
plural: ingressclasses
singular: ingressclass
scope: Cluster
versions:
- name: v1
schema:
openAPIV3Schema:
description: IngressClass represents the class of the Ingress, referenced
by the Ingress Spec. The `ingressclass.kubernetes.io/is-default-class` annotation
can be used to indicate that an IngressClass should be considered default.
When a single IngressClass resource has this annotation set to true, new
Ingress resources without a class specified will be assigned this default
class.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: 'Spec is the desired state of the IngressClass. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status'
properties:
controller:
description: Controller refers to the name of the controller that
should handle this class. This allows for different "flavors" that
are controlled by the same controller. For example, you may have
different Parameters for the same implementing controller. This
should be specified as a domain-prefixed path no more than 250 characters
in length, e.g. "acme.io/ingress-controller". This field is immutable.
type: string
parameters:
description: Parameters is a link to a custom resource containing
additional configuration for the controller. This is optional if
the controller does not require extra parameters.
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced.
If APIGroup is not specified, the specified Kind must be in
the core API group. For any other third-party types, APIGroup
is required.
type: string
kind:
description: Kind is the type of resource being referenced.
type: string
name:
description: Name is the name of resource being referenced.
type: string
namespace:
description: Namespace is the namespace of the resource being
referenced. This field is required when scope is set to "Namespace"
and must be unset when scope is set to "Cluster".
type: string
scope:
description: Scope represents if this refers to a cluster or namespace
scoped resource. This may be set to "Cluster" (default) or "Namespace".
type: string
required:
- kind
- name
type: object
type: object
type: object
served: true
storage: true
subresources: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: null
storedVersions:
- v1
Loading

0 comments on commit aba0029

Please sign in to comment.