fix(controller): handle long rule names in bootstrap annotation keys#224
fix(controller): handle long rule names in bootstrap annotation keys#224vishnukothakapu wants to merge 1 commit into
Conversation
✅ Deploy Preview for node-readiness-controller canceled.
|
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: vishnukothakapu The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
|
Welcome @vishnukothakapu! |
|
Hi @vishnukothakapu. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Regular contributors should join the org to skip this step. Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
538cca4 to
d42de51
Compare
|
Thanks for catching this. My only thoughts on this is that it takes away the human observability on this when a bootsrap-rule is done. :/ |
|
The annotation restrictions are Hashing the rule name is one option, couple of alternatives to consider:
We need to evaluate the pros/cons on the implementation. @vishnukothakapu Do you want to evaluate the alternatives and propose a plan here? |
Good point. I agree the full hash reduces readability during debugging. I’ll explore the hybrid approach with a readable prefix + short hash and compare it with the other alternatives discussed.
Thanks @ajaysundark , these are good points. I’ll evaluate the tradeoffs between the current hashing approach, the hybrid readable-prefix approach, and the single annotation JSON payload design, then propose a direction based on readability, implementation complexity, and backward compatibility. |
|
/assign @vishnukothakapu |
|
Hi @AvineshTripathi & @ajaysundark, |
87864cf to
261f03d
Compare
Could you clarify your thoughts further on this? What are the downsides of using a json payload. This is also how kubectl saves last applied configurations in objects today - ref: https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/#how-to-create-objects @AvineshTripathi / @Karthik-K-N I think fixing this short-term with a hash based approach for length immunity doesnt feel right. A more reliable long term solution would be to maintain the rule-status inside a JSON payload to track individual rule evaluation data. It would also address concerns such as #247 |
|
Hi @ajaysundark, thanks for the clarification, that makes sense. I can see how the structured JSON payload approach becomes more reliable long-term, especially with concerns like stale rule state and rule recreation handling from #247. My initial preference for the hybrid approach was mainly to keep the fix minimal and avoid larger behavioral changes in this PR. But I agree the stable key + structured payload model feels more extensible and better suited for tracking rule lifecycle/state going forward. |
@ajaysundark, the JSON payload approach is the right long-term design. It eliminates the key length issue at the root, preserves full observability (complete rule name in the value), and cleanly resolves #247, a deleted+recreated rule would no longer be blocked by a stale annotation. The main considerations are:
|
261f03d to
4f850ec
Compare
66f3eeb to
86fbd4d
Compare
|
We discussed this bug further in the meeting today. A quick summary - we agreed or better, to overcome the 'opaque keys' argument: maybe a preferred design for few reasons:
Unique-key creation:
Migration path from "legacy" keys to UID based keys:
|
|
@vishnukothakapu are you still available to take this fix? |
|
Thanks @ajaysundark, I'm still available and happy to take this forward. I agree with the UID-based annotation approach. Using I'll rework the implementation to use UID-based keys, add the legacy annotation migration logic, update the tests, and push an update to this PR soon. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: vishnukothakapu The full list of commands accepted by this bot can be found here. DetailsNeeds approval from an approver in each of these files:Approvers can indicate their approval by writing |
6041d35 to
946480d
Compare
|
Hi @ajaysundark, @AvineshTripathi, and @Karthik-K-N, I've pushed the updated implementation based on the design discussed above.
Tests are updated and passing. Ready for your review! |
946480d to
2ff507d
Compare
|
/ok-to-test |
1bed1e4 to
1776f2a
Compare
1776f2a to
1b45c95
Compare
Description
This PR fixes a bug where
NodeReadinessRuleresources with long names (longer than 43 characters) caused the controller to fail when patching Node annotations. Kubernetes strictly limits the name part of an annotation key to 63 characters. Since our key pattern wasreadiness.k8s.io/bootstrap-completed-<rule-name>, long rule names resulted in invalid annotation keys.This PR implements a stable, UID-based key design:
readiness.k8s.io/bootstrap-completed-<ruleUID>. Sincerule.GetUID()is guaranteed by the API server to be ~36 characters (RFC 4122 UUID), this completely eliminates the 63-character limit issue without requiring custom hashing.{"rule": "<name>"}. The value is stored as a JSON payload containing the original rule name to preserve human readability for debugging.readiness.k8s.io/bootstrap-completed-<name>keys and idempotently migrates them to the new UID-based format during node reconciliation.This approach also cleanly addresses the stale annotation issue raised in #247: when a rule is deleted and recreated with the same name, it receives a fresh UID from the API server, ensuring it correctly tracks a new lifecycle state without being bypassed by a stale annotation key.
Related Issue
Fixes #223, #247, #248
Type of Change
/kind bug
Testing
internal/controller/helper_unit_test.go: Unit tests forbootstrapAnnotationKey, bootstrapAnnotationValue, and legacy migration helper functions.internal/controller/node_controller_reproduction_test.go: Reproduction test that confirms the controller successfully uses UID-based annotations for rules with very long names, and explicitly tests legacy annotation migration idempotency.go build ./...andgo vet ./internal/controller/....Checklist
make testpassesmake lintpassesDoes this PR introduce a user-facing change?
Yes. Existing
readiness.k8s.io/bootstrap-completed-<rule-name>annotations will be automatically migrated toreadiness.k8s.io/bootstrap-completed-<ruleUID>keys on the node, with a small JSON payload representing the rule name.