docs: RFC v1beta1

[ellistarn]

Fixes kubernetes/kubernetes#1327

Description

v1beta1 proposal.

Release Note

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[netlify]

✅ Deploy Preview for karpenter-docs-prod canceled.

Name	Link
🔨 Latest commit	d6fa45c
🔍 Latest deploy log	https://app.netlify.com/sites/karpenter-docs-prod/deploys/63c7166fec8099000815319e

[sftim]

Thanks for the PR. I recommend some clarifications, and I've added other opinions.

[sftim]

Suggested change

Kubernetes custom resources have built in support for API version compatibility. CRDs with multiple versions must define a “storage version”, which controls the data stored in etcd. Other versions are views onto this data and converted using [conversion webhooks](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning/#webhook-conversion). However, there is a fundamental limitation that all versions must be safely [round-tripable through each other](https://book.kubebuilder.io/multiversion-tutorial/api-changes.html). This means that it must be possible to define a function that converts a v1alpha5 Provisioner into a v1alpha6 Provisioner and vise versa.

Kubernetes custom resources have built in support for API version compatibility. CRDs with multiple versions must define a “storage version”, which controls the data stored in etcd. Other versions are views onto this data and converted using [conversion webhooks](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definition-versioning/#webhook-conversion). However, there is a fundamental limitation that all versions must be safely [round-tripable through each other](https://book.kubebuilder.io/multiversion-tutorial/api-changes.html). This means that it must be possible to define a function that converts a v1alpha5 Provisioner into a v1alpha6 Provisioner and vice versa.

[sftim]

How is Option 2 both untenable and recommended? This is unclear.

---

Opinion

I do like Option 2, BTW - it's the right approach for an alpha API that needs to change, even if people are using it. However, I can see the cost that it imposes on people who already adopted the alpha API.

If you mean that Option 2 is what the Kubernetes project recommends in general, it's OK to mention that detail.

[sftim]

I'm not sure if this is a removal or a deprecation; the text is ambiguous.

[sftim]

If deprecating (ie, retaining, but asking cluster operators not to use the field), then optionally: emit a Warning: if that field is set on a NodeProvisioner (via an admission webhook).

See https://kubernetes.io/blog/2020/09/03/warnings/ for how these work.

This Warning: behavior could also arrive via a Karpenter release that comes out ahead of the switch to v1alpha6.

[sftim]

Could the new Karpenter version automate that transition? I think it's technically possible.

If not, we could provide a container image that runs a one-time migration job (either in-cluster with appropriate access, or to run locally).

[sftim]

Opinion

Consider moving this into a containing field such as nodeLifecycle. We could do that for v1beta1 though as the API change would survive round trips.

[sftim]

I'm not sure if this is a removal or a deprecation; the text is ambiguous.

[sftim]

Opinion

We could support both APIs for several minor releases that are essentially the same underlying code but with different release-time behaviors around API support. The way I picture it, those changes mostly cover three things: updates to Helm charts, default parameters, and docs.

Doing that lets people pick the release that gets the behavior they like. Eg:

• v0.23.0 for Provisioner favored, NodeProvisioner available for early migration
  • this is a big release because it adds the v1alpha6 API group version and any related features
• v0.24.0 for NodeProvisioner favored, Provisioner supported, no warnings emitted
• v0.25.0 for NodeProvisioner favored, Provisioner supported, warnings on creating a Provisioner
• v0.25.0 for NodeProvisioner favored, Provisioner supported, creating a new Provisioner prohibited by default
• v0.26.0 for NodeProvisioner available, Provisioner API no longer present
  • this is an important release because it drops the v1alpha5 API group version

The way I imagine this, those releases could come out 1 calendar week apart. (I don't know how automated the release process is). Or even more frequently, if folks want to. Once made, those releases stay published and people who want to stick with v1alpha5 have a few options about that.

PS. https://kubernetes.io/blog/2020/09/03/warnings/ has some details about Warning: headers; an admission webhook can set these whilst still admitting an object. It's a nice way to tell ends users that they're not doing something the best way.

[sftim]

Related: kubernetes/website#45074

As far as I can tell, we don't hav e acomprehensive doc which covers the expected lifecycle of nodes in Kubernetes.

Specifically, we have lots of intersecting, async things which involve nodes. For example:

• Many environments have VMs "behind" Nodes. Those VMs can be deleted without telling k8s.
• Many environments have subsystems which cross-reference things which need to coordinate with node lifecycle. E.g. the service controller puts VMs into LBs.
• Some components manage nodes (e.g. Cluster Autoscaler, Karpenter).

…

For an example of things that I think are "weird" for lack of docs, look at kubernetes/autoscaler#5201 (comment) . ClusterAutoscaler defines a taint which it uses to prevent work from landing on "draining" nodes (even though we have the unschedulable field already). The service LB controller currently uses that taint to manage LBs. Cluster autoscaler removes the VM from the cloud, and leaves the Node object around for someone else to clean up.

The discussion is about the MEANING of the taint, when it happens, and how to be more graceful. What we want is a clear signal that "this node is going away" and a way for 3rd parties to indicate they have work to do when that happens. It strikes me that we HAVE such a mechanism - delete and finalizers. But CA doesn't do that. I don't know why, but I suspect there are reasons. Should it evolve?

[njtran]

Suggested change

	# v1beta11
	# v1beta1

[jonathan-innis]

This RFC is going to go under a re-write before it's re-proposed as we're still trying to capture more items from kubernetes/kubernetes#1327. Closing this for now since the discussion has gone a bit stale since the initial RFC was opened. I'll re-open with the revised version when the proposed items for v1beta1 are finalized.