danm icon indicating copy to clipboard operation
danm copied to clipboard

Published 20 hours ago verified publisher icon nokia

DANM API domain needs to be changed to comply with K8s API domain policy

Open Levovar opened this issue 4 years ago • 5 comments

K8s community implemented and released the following PR with K8s 1.19: https://github.com/kubernetes/enhancements/pull/1111

The TL;DR version of the Pr is that the API group used in the DANM CRDs unknowingly violates Kubernetes community policies, and therefore now must be changed so it doesn't "look like" it is an official K8s API. Until this PR is implemented DANM is effectively not compatible with K8s versions 1.19+, because whenever the user would try and create a DANM API object the following error will be thrown:

Error from server (Invalid): error when creating "/var/lib/caas/crds/DanmEp.yaml": CustomResourceDefinition.apiextensions.k8s.io "danmeps.danm.k8s.io" is invalid: [spec.versions[0].schema.openAPIV3Schema: Requir
ed value: schemas are required, metadata.annotations[api-approved.kubernetes.io]: Required value: protected groups must have approval annotation "api-approved.kubernetes.io", see https://github.com/kubernetes/en
hancements/pull/1111]

Levovar avatar Dec 04 '20 11:12 Levovar

proposal is to change "danm.k8s.io" API group to "danm.io" this change must include the references put into the annotation field of other core APIs as well, such as Pod, and Services

Levovar avatar Dec 04 '20 11:12 Levovar

additional information: this error oinly surfaces with the CRD v1 API, but DANM currently uses v1beta as such the issue is not a blocker until v1beta APIs are removed, which will happen with the K8s 1.22 release

Levovar avatar Jan 04 '21 15:01 Levovar

Is the transition to CRD v1 API as the DANM CRDs planned? Currently DANM is no longer working with K8 1.22 so wanted to understand if the fix will be available in the near future.

Also, will it be sufficient to make the DANM CRD manifest files compliant with CRD v1 APIs or will there more work required to make it compliant with v1 APIs?

Thanks. Rajdeep Ahluwalia

rajdeepwalia avatar Dec 08 '21 07:12 rajdeepwalia

I have started doing something on api_group_migration branch, but it is far from completion. Reason for this not being done yet is that I changed jobs recently, and don't really have spare capacity for open source developments anymore I still might do a fix or enhancement here or there, but you shouldn't expect regular updates and on-time critical fixes (such as this one) from me.

If there is a user community for DANM it is time to step up and start contributing in case you would like to see the project going

Levovar avatar Dec 08 '21 11:12 Levovar

as a temporary workaround you could add ""api-approved.kubernetes.io":" annotation to the APIs, but that's basically "cheating" so wouldn't advise using it in production

Levovar avatar Dec 08 '21 11:12 Levovar