-
Notifications
You must be signed in to change notification settings - Fork 134
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for generating multi-version CRDs and CRD conversion webhooks #1075
Add support for generating multi-version CRDs and CRD conversion webhooks #1075
Conversation
/test-examples="examples/iam/v1beta1/role.yaml" |
1 similar comment
/test-examples="examples/iam/v1beta1/role.yaml" |
4d60778
to
c5cc8d3
Compare
/test-examples="examples/ec2/v1beta1/vpc.yaml" |
c5cc8d3
to
c41cda9
Compare
/test-examples="examples/ec2/v1beta1/vpc.yaml" |
9a684ab
to
e56a2ed
Compare
/test-examples="examples/ec2/v1beta1/vpc.yaml" |
6c24e4b
to
d323e8c
Compare
e064009
to
6db1167
Compare
/test-examples="examples/rds/v1beta1/clusterroleassociation.yaml" |
/test-examples="examples/docdb/v1beta1/cluster.yaml" |
/test-examples="examples/rds/v1beta1/clusterinstance.yaml" |
|
/test-examples="examples/rds/dbinstanceautomatedbackupsreplication.yaml" |
/test-examples="examples/rds/v1beta1/dbinstanceautomatedbackupsreplication.yaml" Uptest run: https://github.com/upbound/provider-aws/actions/runs/7629167136 |
/test-examples="examples/rds/v1beta1/clustersnapshot.yaml" Uptest run: https://github.com/upbound/provider-aws/actions/runs/7629183379 |
/test-examples="examples/rds/v1beta1/clusteractivitystream.yaml" Uptest run: https://github.com/upbound/provider-aws/actions/runs/7629188626 |
/test-examples="examples/rds/v1beta1/clusterendpoint.yaml" Uptest run: https://github.com/upbound/provider-aws/actions/runs/7629205986 |
/test-examples="examples/rds/v1beta1/clusterparametergroup.yaml" Uptest run: https://github.com/upbound/provider-aws/actions/runs/7629208677 |
/test-examples="examples/rds/v1beta1/dbsnapshotcopy.yaml" Uptest run: https://github.com/upbound/provider-aws/actions/runs/7629211590 |
1203a2a
to
dc52294
Compare
/test-examples="examples/docdb/v1beta1/cluster.yaml" |
/test-examples="examples/rds/v1beta1/clusterroleassociation.yaml" |
The linter failure is expected as discussed in the description of the PR. After we merge upbound/official-providers-ci#178, we will need to retrigger the CI job. |
/test-examples="examples/docdb/v1beta1/cluster.yaml" |
1 similar comment
/test-examples="examples/docdb/v1beta1/cluster.yaml" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
…ooks Signed-off-by: Alper Rifat Ulucinar <[email protected]>
- Generate the terraformed files for individual resources. Signed-off-by: Alper Rifat Ulucinar <[email protected]>
… option. Signed-off-by: Alper Rifat Ulucinar <[email protected]>
…registry. Signed-off-by: Alper Rifat Ulucinar <[email protected]>
Signed-off-by: Alper Rifat Ulucinar <[email protected]>
…cal-deploy target - Run "make generate" - Fix the linter issues Signed-off-by: Alper Rifat Ulucinar <[email protected]>
…target Signed-off-by: Alper Rifat Ulucinar <[email protected]>
Signed-off-by: Alper Rifat Ulucinar <[email protected]>
…ame for the "connect" group Signed-off-by: Alper Rifat Ulucinar <[email protected]>
…ationIDPrefixed to prevent circular imports. - Move lambda/v1beta1.LambdaFunctionInvokeARN to apis/lambda.FunctionInvokeARN to prevent circlular imports. Signed-off-by: Alper Rifat Ulucinar <[email protected]>
Signed-off-by: Alper Rifat Ulucinar <[email protected]>
- This effectively addresses the upjet issue: crossplane/upjet#96 for upbound/provider-aws as long as we are careful for the cross-resource reference extractors. Signed-off-by: Alper Rifat Ulucinar <[email protected]>
- Consume the yq tool installation make target from the upbound/build repo. Signed-off-by: Alper Rifat Ulucinar <[email protected]>
…r command-line option is supplied Signed-off-by: Alper Rifat Ulucinar <[email protected]>
Signed-off-by: Alper Rifat Ulucinar <[email protected]>
…solver transformation - The API resolver package where the `GetManagedResource` function is implemented is github.com/upbound/provider-aws/internal/apis. - Run `make generate`. Signed-off-by: Alper Rifat Ulucinar <[email protected]>
Signed-off-by: Alper Rifat Ulucinar <[email protected]>
Signed-off-by: Alper Rifat Ulucinar <[email protected]>
f36d813
to
7c7f28b
Compare
/test-examples="examples/rds/v1beta1/clusterroleassociation.yaml" |
Hi @sergenyalcin, |
Description of your changes
Depends on: crossplane/upjet#321, crossplane/upjet#326, crossplane/upjet#331
This PR introduces the multi-version CRD & API conversion function generation capabilities to the provider. More details can be found in crossplane/upjet#321. It also incorporates the resolver transformer from crossplane/upjet#331 to prevent the import cycles that frequently occur when a managed resource's API version is bumped leaving some other managed resources in its group at their previous versions. The transformer is run as part of the code generation pipeline defined in
apis/generate.go
as follows:The dynamic reference source initialization is implemented using a type registry in
internal/apis/scheme.go
, which we can move to upjet in the future releases.This PR also introduces a new optional command-line flag for the provider binary,
--certs-dir
. The default value for this flag is/tls/server
, the mount path for the Crossplane-generated TLS certificate and the key, when the provider package is installed by Crossplane. The provider process looks for thetls.crt
andtls.key
files under the folder specified with--certs-dir
while starting the conversion Webhook server. This flag can also be used to disable the Webhook server for development purposes, as discussed below.Apart from the discussion in crossplane/upjet#321, this PR takes care of generating CRDs with the conversion strategy set to
Webhook
. However, the generated CRDs containing the conversion strategy are not stored underpackage/crds
under the repo root. That path still contains the generated CRDs but without theconversion
stanzas and they can still be used during development of the managed resources, and for running the provider process locally without the need to configure any TLS certificates. While developing the implementation of a managed resource, there's generally no need to involve the conversion webhooks and the conversion function chains they invoke, unless you're specifically interested in the conversion functions (or the upjet generated spoke implementations). Although the generated CRDs atpackage/crds
do not contain theconversion
stanzas, if there's at least one resource in the provider with multiple API versions, the provider, by default, attempts to start the conversion Webhook server, which will fail if the TLS certificates are not properly configured. In such cases, if you'd like to run the provider with the Webhook server disabled, then you can just set the--certs-dir
command line argument to an empty string to disable the conversion webhook server, i.e., by specifying--certs-dir=""
.The PR uses kustomize together with the yq to generate the CRDs with the proper
conversion
stanzas specifying the conversion strategy ofWebhook
for converting between the hub & spoke API versions. As discussed above, the CRDs specifying the conversion strategies are not stored at the pathpackage/crds
and instead, they can be found under the path_output/package/crds
in the repo root.yq
is used to split the multi-doc YAML output fromkustomize
as theup xpkg batch
command relies on the generated CRD filenames while preparing the provider family (resource) packages. Various alternatives have been considered instead of incorporatingyq
in the code generation pipeline as detailed in the description of upbound/build#249. Notably a shell script implementation of the split function was considerably slower than theyq --split-exp
command and we've chosen to incorporateyq
into our code generation pipeline.yq
has been incorporated as a kustomize plugin with the nameSplitTransformer
. Another alternative was to just pipe the output fromkustomize
(via a shell pipe) to theyq --split-exp
command. However, the plugin approach is better for bundling the kustomization transformations as a reusable module. We will consider moving the kustomization configuration for generating CRDs with the properconversion
stanzas as a reusable component to uptest (where there are already some reusable components related with the official provider repos' build pipelines) or to upjet.With this PR, we also need to bump the
golangci-lint
version tov1.55.2
. Thegolangci-lint
version in the corresponding reusable workflow is not parameterized and is currently hardcoded. upbound/official-providers-ci#178 makes it parameterized and we will retrigger the lint job after it's merged.I have:
make reviewable test
to ensure this PR is ready for review.How has this code been tested
@sergenyalcin has implemented a variety of
CustomConversion
s andFieldRenameConversion
s (please see crossplane/upjet#321 for further context) on top of this PR and tested the underlying machinery successfully. We are planning to introduce thoseConversion
s with a separate PR on top of this PR.