TEP-0033 Tekton Feature Gates #280
Conversation
|
/cc @tektoncd/core-maintainers @tektoncd/triggers-maintainers @tektoncd/operator-maintainers |
5cc32ac to
a5308bd
Compare
There was a problem hiding this comment.
I also think that we'll probably end up using feature flags/gates to solve this problem, but this problem statement seems to assume this is the solution we're going with - is there some way that the goals and non-goals could focus more on the problems we're solving without assuming we'll be going ahead with feature flags? (one requirement/goal that id be interested to see fleshed out is what the experience should be like if we add an "alpha" field and decide to remove it in the next release - what should this be like for the user?)
once we add the proposal I think it would be worth having an alternatives section that discusses other approaches too, so we can be sure this is the one we want
I think we use the term "feature flag" in this document in a more general ways than an |
I'm thinking something even broader that would let us explore completely different options, e.g.:
My understanding of the problem we are trying to solve is that its ultimately about communicating to users the stability level of new fields we add when their stability level doesn't match the level of the CRD we add them to. Probably feature flags/gates/toggles will be the option we settle on but I think it's worth getting clarity on why we are doing this and what all our options are. |
Yes
This brings some complexity (more version to maintain) and might be confusing for users : the general idea in k8s ecosystem is that
Depending on the stability of field, we need to require more or less "explicit" behavior from the user. Handling it solely with documentation can be a problem because, from the user point of view, he didn't have to do anything to get access to the feature, so he is in his rights to think it is supported (even if it's not).
This is tricky to achieve in our current model (CRD + controllers) as, there is no way to add warnings as far as I know. You are either valid or you are not (when creating/updating the CR). Warning in the controller logs is similar to not do anything as user may not have access to it (RBAC rules, …) and even if they have, it's not explicit at all (you have to know what you are looking for to find the warning in the middle of the logs).
This makes the graduation process a little bit harder because we require a rename of a field (even if it had the good name from the start). This mean we will need to support both
What about field that would be added "inside" others ? For example, adding a field to the
This is very similar to using feature toggle but has no advantage over it. It is also a all-or-nothing approach (aka either you have all alpha feature, or none). Also, this docs is based on a precedent, which is how kubernetes handles the same problem 👼. |
|
I think those are all great points to highlight about each approach - what i'd really like is for the TEP to include all the alternatives (and explain why we don't want to pursue them). Which would mean stating the problem in such a way that it doesn't assume we'll solve it with feature flags.
I think that's a good point in favor of the approach but also I want to make sure that we take a look at what our specific needs are and make sure this approach makes the most sense for us as well. |
|
|
4d69ae8 to
e6a4515
Compare
|
Thanks for the feedback @bobcatfish - we've taken a step (or two) back, this version describes the issue more generally and it doesn't make assumptions on the solution. |
|
Updates look good! /lgtm |
| changes to the API, since any change made will have to be supported for at | ||
| least 9 months. | ||
|
|
||
| The tools we have today are deprecation notices in the release notes, a |
There was a problem hiding this comment.
Another tool is using annotations to control a feature on a per resource (Task/Template etc.) basis.
e.g. in triggers we have a custom annotaiton for templates: https://github.com/tektoncd/triggers/blob/master/docs/triggertemplates.md#escaping-quoted-strings
and we proposed a custom annotation for tektoncd/pipeline#3257
There was a problem hiding this comment.
Right, I think the annotation/label can be used "in addition to" a way to enable/disable globally.
Co-authored-by: Vincent Demeester <vdemeest@redhat.com> Signed-off-by: Andrea Frittoli <andrea.frittoli@gmail.com>
e6a4515 to
9e8a911
Compare
| introduced the level of maturity of the associated feature | ||
| - Tools to test enabled/disabled feature flags as part of the test matrix | ||
| - It should be possible for a Tekton operator to restrict access to | ||
| feature flags (*not* on a one-by-one case) |
There was a problem hiding this comment.
i think the rest of this doc does a great job of not trying to specify a solution - but these last 3 requirements seem to assume we're going with feature flags. maybe we can reword them as something like:
- The maturity of each feature should be clearly documented and it should be clear how to opt into optional features
- Tools should be available to test all desired combinations of features at various maturity levels
- It should be possible for a Tekton operator to restrict access to alpha features
I'm not 100% sure about (3): if we go with feature flags this is possible, but i dont totally understand if we actually need it - do we want to be able to say that Tekton operators can restrict access to all alpha features, e.g. even alpha CRDS? (if yes then (3) makes sense to me)
| a cluster admin role, while still preventing cluster owners from enabling | ||
| alpha features. This is not a requirement for Tekton, because even in case of | ||
| a managed Tekton, users can be prevented access to the `tekton-pipelines` | ||
| namespaces, where the feature flag config map is hosted. |
There was a problem hiding this comment.
i think we could include this in the proposal instead of the requirements?
|
I'm happy to merge this after just a couple tiny tweaks mentioned above. I feel like we're already starting to use the functionality this TEP is about before we've resolved it, so I'd like to jump ahead and make a request regarding how we implement this: Can we use one feature flag for all alpha features, vs. adding a flag per feature? We seem to be adding a flag per feature, e.g. we already have separate flags for enabling custom tasks and enabling oci bundles. I want to suggest one flag for all alpha features because:
|
Thanks @bobcatfish, I think this is a good suggestion. We might want to consider separate cases for API driven features vs other ones. I think we could have one single flag to control all alpha fields in the API, and dedicated flags for other features. One example from the TEP about finally timeout - as I mentioned in the comment there, if we had a flag to control the API field to specify the finally timeout, enabling that flag would imply that previously specified timeouts would not apply to entire pipelines anymore, but only to the non-finally section. If we had a single flag for all API fields, enabling that flag would then have side effects on existing pipelines, which should not be the case. With separate flags, it would be possible to enabled alpha API fields, while keeping the old behaviour for the overall timeout still valid. |
+:100: on this. |
Make sense indeed 👌🏼 I do agree on this.
Same here 👌🏼 |
|
@afrittoli sgtm - i think all we need to merge this PR and move forward with the proposal is to reword the requirements section? at this point i can also just go ahead as is in the interests of moving this forward |
|
assinging it to @pritidesai |
|
/lgtm |
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: bobcatfish The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Co-authored-by: Vincent Demeester vdemeest@redhat.com
Signed-off-by: Andrea Frittoli andrea.frittoli@gmail.com
/kind tep