cluster-api-provider-openstack icon indicating copy to clipboard operation
cluster-api-provider-openstack copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Deprecating/Replacing securityGroups field from OpenStackMachineTemplate ports

Open Xenwar opened this issue 2 years ago • 9 comments

/kind feature

Describe the solution you'd like With the PR https://github.com/kubernetes-sigs/cluster-api-provider-openstack/pull/1246, we have introduced a new field OpenStackMachineTemplate.spec.template.spec.ports.securityGroupsFilters.

Before that, there was only one such field, OpenStackMachineTemplate .spec.template.spec.ports.securityGroups which is a lit of UUIDs.

I would like to deprecate the older field for two reasons.

  1. It is restrictive in that allows only specifying UUIDs
  2. It is not the same as what is at intense level, shown below.
kubectl explain OpenStackMachineTemplate.spec.template.spec.securityGroups
KIND:     OpenStackMachineTemplate
VERSION:  infrastructure.cluster.x-k8s.io/v1alpha5
RESOURCE: securityGroups <[]Object>
DESCRIPTION:
     The names of the security groups to assign to the instance
FIELDS:
   filter       <Object>
     Filters used to query security groups in openstack
   name <string>
     Security Group name
   uuid <string>
     Security Group UID

In favour of uniformity, I intend to

  • Remove ports.SecurityGroups
  • Rename the new field ports.securityGroupsFilters to ports.securityGroups

Anything else you would like to add:

I would like to know if this breaks existing deployments and if it is ok to start coding and If there are any side effect this may introduce.

Xenwar avatar May 25 '22 16:05 Xenwar

/assign @mdbooth

Xenwar avatar May 25 '22 16:05 Xenwar

given we are still alpha version, I think we didn't guarantee the version compatible (actually we already did so) thus, I see no reason we can't do it given the previous PR is already merged and it covers the deprecated feature

jichenjc avatar May 27 '22 06:05 jichenjc

@jichenjc Thanks.

Xenwar avatar May 27 '22 07:05 Xenwar

Making these changes to the CRD is breaking change which requires a new version of the CRD (probably v1alpha6?)

apricote avatar May 27 '22 08:05 apricote

Making these changes to the CRD is breaking change which requires a new version of the CRD (probably v1alpha6?)

Yes, definitely!

mdbooth avatar May 27 '22 08:05 mdbooth

However, I do think it's appropriate to make these consistent.

mdbooth avatar May 27 '22 08:05 mdbooth

/kind api-change

apricote avatar Jun 15 '22 13:06 apricote

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Sep 13 '22 14:09 k8s-triage-robot

/remove-lifecycle stale

jichenjc avatar Sep 13 '22 23:09 jichenjc

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Dec 13 '22 00:12 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Jan 12 '23 01:01 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-triage-robot avatar Feb 11 '23 02:02 k8s-triage-robot

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Feb 11 '23 02:02 k8s-ci-robot

/reopen I'm working on this

lentzi90 avatar Mar 21 '23 06:03 lentzi90

@lentzi90: Reopened this issue.

In response to this:

/reopen I'm working on this

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Mar 21 '23 06:03 k8s-ci-robot

/remove-lifecycle rotten

lentzi90 avatar Mar 21 '23 07:03 lentzi90

After staring at the code for a while and implementing some conversions and tests for this, I'm not convinced it is a good idea to rename securityGroupsFilters to securityGroups. I would instead suggest to keep securityGroupFilters as is and just remove securityGroups. This is easier to handle in the conversions and much easier for users deal with also.

The old securityGroups field would be removed, the new securityGroupFilters would remain as is. Any old securityGroups can easily be converted to securityGroupFilters and they can be used in parallel in v1alpha6. In v1alpha7 securityGroups would be dropped.

The originally suggested change in this issue was to remove the (old) securityGroups and then rename securityGroupFilters to securityGroups. I think this is unnecessary and just makes things more confusing and complicated.

lentzi90 avatar Mar 21 '23 07:03 lentzi90