Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KEP-4742: Expose Node Labels via Downward API #4747

Open
wants to merge 9 commits into
base: master
Choose a base branch
from
+892 −0
Open

KEP-4742: Expose Node Labels via Downward API #4747

Changes from 1 commit
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
d9e8407
Initial draft
docandrew Jul 1, 2024
f39745e
Correct typos
docandrew Jul 9, 2024
a671421
Update keps/sig-node/4742-node-labels-downward/README.md
cmwylie19 Jul 25, 2024
cfa525a
Merge branch 'kubernetes:master' into master
cmwylie19 Jul 25, 2024
f98b0aa
chore: address comments
cmwylie19 Jul 25, 2024
d3ce8be
chore: address more comments
cmwylie19 Jul 25, 2024
3db26ae
Merge branch 'kubernetes:master' into master
docandrew Oct 2, 2024
844b95e
Addressed comments
docandrew Oct 2, 2024
13441f1
Updated milestone to 1.32, TOC fix
docandrew Oct 2, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Correct typos
  • Loading branch information
@docandrew
docandrew committed Jul 9, 2024
commit f39745eea677585ac81eddfa0bed44bec490cec5
4 changes: 2 additions & 2 deletions keps/sig-node/4742-node-labels-downward/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,11 +163,11 @@ to extract information.
We’d like to change the runtime behavior of containers based on node labels.
In our case, we’re using a CNI with DaemonSets to perform network setup, and
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For very specific cases, we have workarounds like sidecars. If these DaemonSets need more info, that's their escape path.

would like to configure the network differently based on the presence of a node
label (e.g. `toplogy.k8s.io/vpn=true`).
label (e.g. `topology.k8s.io/vpn=true`).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

topology.k8s.io/vpn is NOT a standard label. If you (abstract you) make up labels with "k8s.io" or "kubernetes.io" keys, you are asking to get broken. To the best of my knowledge, we have not declared that "topology.k8s.io" in an extensibility mechanism -- am I misremembering?

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We used this based off the suggestion made in kubernetes/kubernetes#40610 (comment) that these labels could be copied - but I think the comment there was addressing the very specific use case of things like being AZ-aware, and not the broader need to make certain node labels visible in pods.

Whatever the scheme, I think I'd like to stick with a convention for labels (e.g. downwardapi.k8s.io/* or shared.k8s.io/*) that get copied rather than specify which labels get copied via something like kubelet args or CRDs.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When we started this conversation, I assumed (I know, my mistake) that we would only be copying topology labels, and those topology labels are few in number and well defined by the project.

I am okay if we want to define a way for admins to extend that using our topology label space, as long as we make it clear what's an extension and what is standard. But we have to define that somewhere.

I am also okay, I guess, to define a different label space, which explicitly means that "these labels are safe to copy to pods". But again we have to define that somewhere.

I really really really do not want this to be something that is configurable, either through flags or crds or something else. Until and unless we can show that something simple and well defined absolutely cannot work, let's just do the simple thing.


A number of other use cases exist for providing node labels to pods. One
example is utilizing topology data from cloud providers, which are automatically
assignedto nodes, and then used to tailor workloads to minimize cross-zone data
assigned to nodes, and then used to tailor workloads to minimize cross-zone data
transfers and reduce costs. Having an easy way for pods to access these node
topology labels would provide users a straightforward, maintainable way to
optimize their workloads given topology constraints.
Expand Down