KEP-2149: bump clusterid to beta

[lauralorenz]

• One-line PR description: Bump clusterid to beta

• Issue link: ClusterID for ClusterSet identification #2149

• Other comments:

Alpha --> Beta graduation requirements:

• Determine if an id.k8s.io ClusterProperty be strictly a valid DNS label, or is allowed to be a subdomain.
  • KEP-2149: Rename id.k8s.io --> cluster.clusterset.k8s.io #3508 simplified the usages of what was previously id.k8s.io to be specific for ClusterSet usages, limiting the blast radius of this decision. Notes from CAPI and discussion with SIG-MC are here in terms of determining whether there was a compelling use case from the field of cloud providers' cluster naming conventions. As of 3/7 SIG-MC meeting we intend to expand this to allow N dots (considering starting with N=1) to support implementation-specific disambiguation for pod DNS (the concrete use case being a region due to regional cluster registries). Language is updated in KEP-1645, KEP-2149: Location-disambiguated addressing of Headless service pods #3918.
• To CRD or not to CRD
  • This was provisionally decided in favor or CRD in the pre-alpha stage in March 2021 (ref) and the position had not changed despite being discussed on 6/8/2021 and 8/20/2021 and the alpha proceeding with a CRD implementation. Updates to the language reflecting this is in 8e3011b.
• Determine if CRD implementation should use CEL validation to limit byte length instead of code points; this would make it only compatible with 1.23+ where CEL validation is behind a feature gate for alpha.
  • Updated in this PR the limitations of CEL validation and more rationale for the unicode code point length we decided in 91cc81c

[k8s-ci-robot]

Skipping CI for Draft Pull Request.
If you want CI signal for your change, please convert it to an actual PR.
You can still manually trigger a test run with /test all

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: lauralorenz
Once this PR has been reviewed and has the lgtm label, please assign jeremyot for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• keps/sig-multicluster/OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[lauralorenz]

/remove-lifecycle stale

Waiting to finalize language in #3918 to cover graduation requirement 1

PRR merged in #3917

/retest

[lauralorenz]

/label api-review
/cc thockin

Requesting API review as the well-known properties use the k8s.io suffix. This is a re-request of API review as the first round occurred pre-alpha in #3084.

Since then I direct your attention to the following API related changes:

1. The well-known property formerly required to be known by metadata.name as id.k8s.io was renamed to cluster.clusterset.k8s.io to more clearly reflect its restrictions when observed by its resource name out of context. See also KEP-2149: Rename id.k8s.io --> cluster.clusterset.k8s.io #3508 and the links in the OP there.
2. Rationale for not requiring CEL validation for the implementation of this CRD is added in this PR in 91cc81c.

[JeremyOT]

/lgtm

[thockin]

s/cluster/clusterset ?

[thockin]

I think we need a bit of setup. Something like:

"""
This proposal presupposes that some abstract control plane exists which describes the concept of a ClusterSet. The details of that control plane are beyond this specification, and are intentionally very loosely defined, such that implementations may make their own design decisions. The only assumptions made by this specification are that:

1. Users must be able to add clusters to the clusterset
2. Users may be able to remove clusters from the clusterset

This abstract control plane may exist in one or more of the constituent clusters or may exist outside of them, or may be some sort of hybrid, with aspects of both.

This abstract control plane may use the constituent clusters as the primary source of truth for information on which it depends, or it may have its own notion of truth, or may be some sort of hybrid, with aspects of both.
"""

[thockin]

s/will/must/ ? I'm trying to clear up the concept of who enacts what ideas and what happens if this spec is violated. "will" suggests we own the act of assigning. "must" suggests this is the law, but the implementation gets to implement...

"Each cluster in a ClusterSet must be assigned a unique identifier" implies "...or else some capabilities which depend on that identifier will not function".

[JeremyOT]

Yes, this must be must :)

[thockin]

s/is immutable/must not be changed/

[thockin]

Contentious: Because we are no interacting with external control planes - is this sufficiently flexible? If it turned out not to be, could we extend it? DNS is more flexible than we give it credit for - underscores are not so uncommon as I once thought, for example!

[JeremyOT]

I propose we start with the current proposal, then add flexibility in beta if needed as it would not be a backward incompatible change. It seems like the next logical step would be "any valid domain name" and I don't think we're ready or see sufficient need to impose that yet

[thockin]

How about we change it from "one or two labels" to something like:

"""
The identifier must be a valid RFC-1123 DNS subdomain and should be less than 128 characters in total. This identifier might be used to compose larger DNS names (e.g. in the case of multi-cluster services), so care should be take to ensure that the final names fit into the limit of 253 characters.
"""

[thockin]

Is this more simply stated as "The identifier may be any value" ? Do we include non-ASCII? We don't have a lot of concrete use for this yet, so it's hard to know if we are cutting off interesting exploration

[thockin]

I would also add * The identifier should be the same across members of a ClusterSet" ?

[JeremyOT]

This was introduced to highlight two patterns:

1. where the identifier is the same for every member and directly identifies the clusterset
2. where the identifier is actually a reference to a relationship - i.e. points to a cluster's "membership"

This is slightly different than just "any value" as we steer away from a mixed case. May instead of should/must because we have no control and as you say, no concrete use. But it seems like making excess room for exploration here may also be making room for pain

[thockin]

Why would clusterset.k8s.io indicate the relationship? I may have missed something?

[thockin]

May rely on

[thockin]

s/coolmcsimplementation/example/

[thockin]

We usually reserve un-spaced names for cluster operators - any reason not to do so here?

[thockin]

I think I would soften all of this to make less assumptions. A self-assembling (e.g. peer-to-peer discovered) clusterset should be a valid implementation

[thockin]

Why did this merge? It's not labelled approved?

[JeremyOT]

Why did this merge? It's not labelled approved?

It didn't, this one did: #4156

Since it's a superset of commits I guess github considers this merged as well? Interesting UX

[thockin]

Oh. Weird.

…

On Fri, Sep 1, 2023 at 4:00 PM Jeremy Olmsted-Thompson < ***@***.***> wrote: Why did this merge? It's not labelled approved? It didn't, this one did: #4156 <#4156> Since it's a superset of commits I guess github considers this merged as well? Interesting UX — Reply to this email directly, view it on GitHub <#3652 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABKWAVEKJIEFTWBYBEK7BBLXYJSKFANCNFSM6AAAAAAR3V6MRU> . You are receiving this because you were assigned.Message ID: ***@***.***>

[liggitt]

Oh. Weird.

It didn't, this one did: #4156

Since it's a superset of commits I guess github considers this merged as well? Interesting UX

Why did this merge? It's not labelled approved?

I'm cleaning up closed api-review issues for 1.29, were there outstanding issues or were the API bits good?