Bug 1950113: config: add aws usertags to infrastructure #864
Conversation
staebler
force-pushed
the
aws_user_tags
branch
3 times, most recently
from
aa79a73 to
37d7b08
Compare
|
Would you mind giving this a review, Jeremiah? /cc @jstuever |
|
ping, ETA on this? |
This is temporary; will drop when 864 merges.
config/v1/types_infrastructure.go
Outdated
| // userTags is a list of additional tags to apply to AWS resources created for the cluster. Changes made to userTags | ||
| // will not be reflected in existing AWS resources. The userTags are only applied to an AWS resource when the | ||
| // resource is created. |
There was a problem hiding this comment.
@alexander-demichev is this how it works upstream or do they reconcile as well? I think we will want to mimic their behaviour ideally so we can make the behaviour consistent across various openshift topologies
There was a problem hiding this comment.
This also feels like we're implicitly saying we shouldn't change existing resources, and we're stating we won't. This might require special handling depending on the component in the future.
michaelgugino
left a comment
michaelgugino
left a comment
There was a problem hiding this comment.
We should have an enhancement for this.
| created for the cluster. | ||
| type: object | ||
| properties: | ||
| key: |
There was a problem hiding this comment.
What if users want to have different tags for the machine-api and other components? This API does not allow for this facility.
Also, having this be platform specific means we need special logic for each platform in the future. Why would we define centralized cluster tags for one platform and not another?
There was a problem hiding this comment.
What if users want to have different tags for the machine-api and other components? This API does not allow for this facility.
The user still retains the capability of adding additional tags to specific machinesets/machines just like they do now. Those tags would be additive with the global tags, where the global tags have precedence.
There was a problem hiding this comment.
Those tags would be additive with the global tags, where the global tags have precedence.
This is not stated in the CRD description and should be. Also, this runs contrary to how most config is typically applied (specific should override the general).
Also, since this mechanism is being tied IAM permissions in a particular use case, we need to make sure this mechanism is granular.
|
I am giving my LGTM on this (looking from the internal image registry point of view). |
|
previous discussion on a similar enhancement |
|
Should the new If we added a status field now, that would make it easier to add a day-2 configurable later on, with more time to implement consistent behavior and have some controller validate the spec and copy it to status. |
|
Where is validation being done for the key and values? AWS docs call out the following tag restrictions (https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/Using_Tags.html): The following basic restrictions apply to tags:
Although EC2 allows for any character in its tags, other services are more restrictive. The allowed characters across services are: letters, numbers, and spaces representable in UTF-8, and the following characters: + - = . _ : / @. Tag keys and values are case-sensitive. The aws: prefix is reserved for AWS use. If a tag has a tag key with this prefix, then you can't edit or delete the tag's key or value. Tags with the aws: prefix do not count against your tags per resource limit. |
|
|
|
Based on what is described in the enhancement, I think this fits the description |
|
Cross reference enhancement proposal: openshift/enhancements#706. |
|
/lgtm |
|
The low level pieces of the API look good. The final higher level question I have is about having user input here on status and not on spec. I would expect this on spec. We're discussing in slack at the moment. |
Add a new field resourceTags to `.status.aws` of the infrastructure.config.openshift.io type. Tags included in the resourceTags field will be applied to new resources created for the cluster. https://issues.redhat.com/browse/CORS-1657
The long-term sketch of the design on this is to add a |
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: deads2k, frobware, JoelSpeed, staebler The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
openshift-ci-robot
added
the
approved
staebler
changed the title
openshift-ci-robot
added
bugzilla/severity-urgent
|
@staebler: This pull request references Bugzilla bug 1950113, which is valid. The bug has been moved to the POST state. The bug has been updated to refer to the pull request using the external bug tracker. 3 validation(s) were run on this bug
No GitHub users were found matching the public email listed for the QA contact in Bugzilla ([email protected]), skipping review request. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
@staebler: All pull requests linked via external trackers have merged: Bugzilla bug 1950113 has been moved to the MODIFIED state. DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
This is not reflected in the enhancement, nor did anyone agree to removing tags from resources. Changing and not applying to new resources is not the same as removing tags. |
in fact the enhancement explicitly says we must NOT remove tags from the underlying cloud resources. (That was a request from Clayton). Additive only. |
|
/cherry-pick release-4.7 |
|
@staebler: new pull request created: #914 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
12 participants
Add a new field userTags to
.status.awsof the infrastructure.config.openshift.io type. Tags included in the userTags field will be applied to new resources created for the cluster.https://issues.redhat.com/browse/CORS-1657