Add feature gate WatchListClient for v1.30 #47261
Conversation
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
size/S
✅ Pull request preview available for checking
To edit notification comments on pull requests, go to your Netlify site configuration. |
content/en/docs/reference/command-line-tools-reference/feature-gates/watch-list-client.md
Outdated
Show resolved
Hide resolved
|
/lgtm |
k8s-ci-robot
added
the
lgtm
|
LGTM label has been added. Git tree hash: c707bcb89ab6d41eacab087b43f87037c99f5cb3
|
/sig api-machinery scalability cc: @p0lyn0mial @kubernetes/sig-api-machinery-misc @kubernetes/sig-scalability-pr-reviews Can we please get some help contributing some detail to this feature gate doc? We appreciate it, thanks! |
k8s-ci-robot
added
sig/api-machinery
| @@ -0,0 +1,16 @@ | |||
| --- | |||
| title: WatchListClient | |||
There was a problem hiding this comment.
The WatchListClient is defined for a client (the client-go library) and not for the server.
It enables the client to request a stream of data rather than an entire list. The streamed data is then transformed into a list response on the client side.
Another way to think about this feature is that it essentially replaces standard LIST calls with WATCH calls under the hood.
Individual list items are delivered via the WATCH call and transformed into a list response on the client.
This process is completely opaque to the client requesting a list.
For the client, it doesn’t matter whether the library issues a LIST or WATCH request/verb.
The client only cares about the result, which will be a list response.
Also, for the WatchListClient to work, the server must support API Streaming, which is controlled by a server-side WatchList feature flag. If the server doesn't support the API Streaming and the WatchListClient is enabled then the client falls back/issues to a standard LIST request.
There was a problem hiding this comment.
Will this feature gate be configurable on API clients such as: the kubelet, kube-controller-manager, the scheduler?
There was a problem hiding this comment.
The WatchListClient is defined for a client (the client-go library) and not for the server.
So if I'm interacting with a Kubernetes cluster using pure RESTful API, and I'm developing
a client tool in Python or Rust, this feature gate doesn't matter at all. But ...
it is listed in the command line options for kube-apiserver, kube-controller-manager, kube-scheduler, kube-proxy and kubelet. Right?
There was a problem hiding this comment.
I assume you can configure some of those components to enable or not enable this feature when acting as a client of the API server.
There was a problem hiding this comment.
sftim 2 minutes ago
Well this feature gate be configurable on API clients such as: the kubelet, kube-controller-manager, the scheduler?
yes, kubernetes will expose the WatchListClient feature gate via command line options for some/all control plane components. Initially we were planning to enable the WatchListClient by default only for KCM.
There was a problem hiding this comment.
So if I'm interacting with a Kubernetes cluster using pure RESTful API, and I'm developing
a client tool in Python or Rust, this feature gate doesn't matter at all
yes, that is correct, in that case, the WatchList feature gate on the server-side matters.
| Enable the API server to serve collections (responses to the **list** verb) | ||
| from its watch cache, rather than always from the back store etcd. | ||
| When this feature gate is disabled, the API server falls back to its legacy behavior | ||
| where data are fetched from etcd instead of served from the watch cache. |
There was a problem hiding this comment.
OK, this is wrong; see https://github.com/kubernetes/website/pull/47261/files#r1692893760
k8s-ci-robot
added
the
do-not-merge/work-in-progress
k8s-ci-robot
removed
the
lgtm
|
New changes are detected. LGTM label has been removed. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
k8s-ci-robot
removed
the
do-not-merge/work-in-progress
| This enables an API client (inlcuding some control plane components) to | ||
| request a stream of data rather than an entire list. The behavior change | ||
| is implemented in the client-go library and it is opaque to the client. |
There was a problem hiding this comment.
Typo in “inlcuding“.
Revised suggestion:
| This enables an API client (inlcuding some control plane components) to | |
| request a stream of data rather than an entire list. The behavior change | |
| is implemented in the client-go library and it is opaque to the client. | |
| Enable selected control plane components to fetch collections using **watch** rather | |
| than **list** requests, as an optimization. | |
| If you enable this feature gate, you should also check that any custom authorization rules allow | |
| kube-controller-manager and its service identities to perform **watch** requests, otherwise | |
| you will not benefit from the improvement. | |
| If you do not use custom authorization rules, you only need to enable the feature gate. |
There was a problem hiding this comment.
Em ... why we want to touch the authorization topic in this feature gate?
There was a problem hiding this comment.
I checked and actually the control plane should be able to fall back to list, so no authz changes are needed. I edited the suggestion.
|
Are there any plans to resume work on this PR? |
I have no idea how to proceed. |
No description provided.