H4HIP: Helm Sequencing Proposal #373
Conversation
…tallations and upgrades. Signed-off-by: Joseph Beck <joebeck5705@gmail.com>
Signed-off-by: Joe Beck <joebeck5705@gmail.com>
- Seuencing logic - Readiness logic Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Jeb135
changed the title
hips/hip-00xx-sequencing.md
Outdated
|
|
||
| ## Abstract | ||
|
|
||
| This HIP is to propose a new featureset in Helm 4 to provide Application developers, who create heam charts for their applications, a well supported way of defining what order chart resources and chart dependencies should be deployed to Kubernetes. |
There was a problem hiding this comment.
Does this proposal also include sequencing for uninstall, or only install/upgrade? For example, waiting to uninstall a resource until all that depends on it have completely uninstalled?
There was a problem hiding this comment.
Good point I didn't think about that. At least with uninstall it can just be done backwards to the installation, but upgrade would add some complexity that I'm not sure how to tackle.
There was a problem hiding this comment.
I added a section to clarify that this would apply to all 3, installation/uninstall/upgrade
hips/hip-00xx-sequencing.md
Outdated
|
|
||
| - `helm.sh/layer`: Declare a layer that a given resource belongs to. Any numebr of resources can belong to a layer. | ||
| - `helm.sh/depends-on/layer`: Declare a layer that must exist and in a ready state before this resource can be deployed. | ||
| - `helm.sh/depends-on/chart`: Declare a chart dependency that must exist and in a ready state before this resource can be deployed. For the chart to be declared ready, all of its resources, with their sequencing order taken into consideration, would need to be deployed and declared ready. |
There was a problem hiding this comment.
To be clear, helm.sh/depends-on/chart refers to some chart that is not listed as a dependency of the current chart? Is that right?
- assuming this because the wait flag should already check that dependent charts are fully installed before installing the current chart
- is the idea that this is limited to other charts that have already been deployed to the same namespace, or is there an idea to check charts in other namespaces (assuming the user has correct RBAC permissions)?
My other question here is, do we want to allow depending on other named k8s resources that are not defined by a chart? Eg, helm.sh/depends-on/resource? Or is the idea that users could annotate other resources not defined by a chart with helm.sh/layer, declaring that they are considered part of the same layer of a chart?
There was a problem hiding this comment.
helm.sh/depends-on/chart is referring to any direct chart dependencies. I was unsure if Helm waits to install the current chart until all dependent charts are installed and assumed not. If Helm is already waiting for dependent charts to be installed, then this section can probably be removed?
There was a problem hiding this comment.
assuming this because the wait flag should already check that dependent charts are fully installed before installing the current chart
helm.sh/depends-on/chart meant for both dependencies and subcharts, will wait regardless of --wait/--wait-for-jobs CLI flags being present. Unless we want to have a way to opt-out from sequencing, which we can then assume if --wait/--wait-for-jobs are absent, not sequencing. Today, --wait will wait for certain resources only. In the proposal we have helm.sh/resource-ready which a chart developer can use to define what they mean by "readiness".
I think we need to add a section explaining how --wait/--wait-for-jobs will work with sequencing annotations. I added it to Open Issues
My other question here is, do we want to allow depending on other named k8s resources that are not defined by a chart? Eg, helm.sh/depends-on/resource? Or is the idea that users could annotate other resources not defined by a chart with helm.sh/layer, declaring that they are considered part of the same layer of a chart?
I think using helm.sh/depends-on/resource to specify a resource makes sense. Helm would eventually interpret layers as a group of resources to wait for
There was a problem hiding this comment.
A suggestion came my way regarding reasoning around sequencing chart dependencies/subcharts. Chart authors would want to place such annotations on a chart-level definition rather than deep inside chart templates. Defining once also makes sense because only one reference of the chart dependency is needed. Any other references are repetition since helm will wait for the chart before deploying the parent chart. We came up with something like below. We'd move helm.sh/depends-on/charts from chart templates
In the parent Chart.yaml
name: MyChart
annotations:
# List of charts that need to be installed before MyChart
helm.sh/depends-on/charts: "subchart, minio, rabbitmq"
dependencies:
- name: rabbitmq
version: "1.2.3"
- name: minio
version: "5.0.0"
hips/hip-00xx-sequencing.md
Outdated
| metadata: | ||
| name: barz | ||
| annotations: | ||
| helm.sh/resource-ready: "status.succeeded==1" |
There was a problem hiding this comment.
Is the idea that this would be a check that Helm could use to override—kstatus ready condition (as an example implementation)? https://github.com/kubernetes-sigs/cli-utils/blob/master/pkg/kstatus/README.md#the-ready-condition
hips/hip-00xx-sequencing.md
Outdated
|
|
||
| ## Rationale | ||
|
|
||
| ### Proposal 1: Named Dependencies |
There was a problem hiding this comment.
Personally, I quite like the general direction of proposal 1—as a replacement of numeric weights entirely—over proposal 2, which extends that. My point of view is I would like to move the numeric weighting into the "alternatives considered" section. But would like to hear other maintainers and community feedback on this.
I have wanted to introduce a depends_on functionality for helm resources—as a dynamic alternative to weights—to allow users to specify a specific order they are applied (a similar concept is used by used by projects like terraform, flux, and docker-compose).
My main reasoning for this is numbered weights are static—you must know the entire list of how all resources should be ordered, and this often takes a lot of finagling and fussing to get it right.
While named dependencies are dynamic—creating a DAG on the fly, based only on when and if certain resources have an actual dependency on one or more other resources.
It might be good to note some of this in the proposal. I could sketch up some suggested text for this if you prefer, but would also be happy for you to take a stab at it in your HIP. What do you think?
There was a problem hiding this comment.
Go ahead! I'll add you as a contributor, I appreciate the assistance.
There was a problem hiding this comment.
I moved the weights proposal to rejected ideas and tried to capture some of the points you made here in why.
hips/hip-00xx-sequencing.md
Outdated
| Today, to accomplish resource sequencing you have two options. The first is leveraging helm hooks, the second is building required sequencing into the application (via startup code or init containers). The existing hooks and weights can be tedious to build and maintain for Application developers, and built-in app sequencing can unecessarily increase complexity of a Helm application that needs to be maintained by Application Developers. Helm as a package manager should be capable of enabling developers to properly sequence how their applications are deployed, and by providing such a mechanism to developers, this will significantly improve the Application developer's experience. | ||
|
|
||
| Additionally, Helm currently doesn't provide a way to sequence when chart dependencies are deployed, and this featureset would ideally address this. |
There was a problem hiding this comment.
When it comes to sequencing, I'm not sure what you mean is clear in the document. I could come to two different conclusions:
- The ordering of resources when they are uploaded to the k8s API server in one push
- An ordered set of communications to the k8s API server where set it sent and completed prior to the next one being sent
Can you please provide some more clarity on what you mean.
There was a problem hiding this comment.
2 is what we're going for here. I'll make a note to try and make that more clear.
There was a problem hiding this comment.
Clarified what "resource sequencing" meant in the HIP
hips/hip-00xx-sequencing.md
Outdated
|
|
||
| Helm would scope each subchart layer annotation names using a delimiter e.g `someChartDependency#mylayer` to avoid any name collisions. This is an internal implementation detail rather than feature chart authors or operators would need to know. | ||
|
|
||
| `helm template` would print all resources in the order they would be deployed. Groups of resources in a layer would be delimited using a `## Layer: <name>` comment indicate the beginning of each layer |
There was a problem hiding this comment.
The # at the front denotes a comment. I'm not sure the k8s yaml parser, that we currently use and is supported by the k8s project, provides a means to parse and use data in comments. This needs to be investigated before this possibility could be considered. See https://github.com/kubernetes-sigs/yaml
There was a problem hiding this comment.
For reference, the ## Layer: <name> would be above/below # Source:. Maybe there is no need for 2 #. We can have it be # Layer: <name>.
helm template from an example chart
---
# Source: foo/templates/tests/test-connection.yaml
apiVersion: v1
kind: Pod
metadata:Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Co-authored-by: Scott Rigby <scott@r6by.com> Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
…intentions on how/why this should be built Signed-off-by: Joe Beck <joebeck5705@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
|
I made some changes to allow a chart author to build a dependency of subcharts. Its based on #373 (comment) post I had made earlier |
|
This HIP will depend on #374 HIP |
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
…sources Signed-off-by: Evans Mungai <mbuevans@gmail.com>
|
What happens when it breaks? How will partial successes be rolled back? What if a rollback fails a stage? |
Which also makes me think about storage. Will each stage need to be a release in order to manage failures and rollbacks? What will that do to storage requirements? |
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
I think this HIP should not change the way rollbacks work today, only the order in which resources within a chart and subcharts are applied, and how waiting for readiness works if
This HIP should not change storage either. A chart's resources and and its subcharts should continue to be stored the same way for a release as if it didn't have any sequencing of those specified. To clarify for some of the questions above, @banjoh / @Jeb135 do you think this is a fair summary of sequencing, scope, and waiting for readiness in this HIP?
|
If staging charts is important, isn't staging rollbacks important? Can a staged upgrade, where subchart a is installed but subchart b fails, just have the whole previous manifest be reapplied?
Perhaps, but what about these stages? If subchart a is installed, should that count as a successful upgrade? If subchart b fails, can you just roll back to where subchart a succeeded? Personally, I don't understand the concept of imperative operations in kubernetes. I need feedback from people that do understand the reasons to know what steps are needed to restore to a successful release. |
Yes it is important, both the layers within a chart/subchart, and the subcharts themselves if sequenced.
👍 This is a good call out, and this should be spelled out explicitly in this HIP. @banjoh do you want to add this?
No, this HIP does not propose allowing subcharts to be installed/upgraded/uninstalled/rolled back separately from the release. If a user wants this, they should do what we currently recommend—to make these all separate releases, and use a separate orchestration tool (eg, Helmfile) to sequence these. @mattfarina covered this—I think well—in #375.
Yes, that is the entire conceit of this HIP. It is for applications that don't work well with Kubernetes recommended eventual consistency. |
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
| The following annotations would be added to enable this. | ||
|
|
||
| *Additions to templates* | ||
| - `helm.sh/layer`: Annotation to declare a layer that a given resource belongs to. Any number of resources can belong to a layer. A resource can only belong to one layer. |
There was a problem hiding this comment.
layer is not very descriptive into how its being used. End users may not understand how it can/should be used
There was a problem hiding this comment.
layeris not very descriptive into how its being used. End users may not understand how it can/should be used
I'll rename this to resource-group. I think this is a clearer name. Its come up before.
There was a problem hiding this comment.
I think resource-group is much more clear. It's self-explanatory, unlike "layer" 👍
| - `helm.sh/depends-on/layers`: Annotation to declare layers that must exist and in a ready state before this resource can be deployed. Order of the layers has no significance | ||
|
|
||
| *Additions to Chart.yaml* | ||
| - `helm.sh/depends-on/subcharts`: Annotation added to `Chart.yaml` to declare chart dependencies, by name or tags, that must be deployed fully and in a ready state before the chart can be deployed. For the dependency or subchart chart to be declared ready, all of its resources, with their sequencing order taken into consideration, would need to be deployed and declared ready. Order of the charts has no significance. |
There was a problem hiding this comment.
How will the dependency of subcharts be handled as it relates to tags and name? is there a concern if there is an overlap between the two? should a distinction be made?
hips/hip-00xx-sequencing.md
Outdated
|
|
||
| ### Readiness | ||
|
|
||
| In order to enforce sequencing, Helm will check that resources are ready using `kstatus` [ready condition](https://github.com/kubernetes-sigs/cli-utils/blob/master/pkg/kstatus/README.md#the-ready-condition) allowing helm to proceed installing the next group of resources, or fail the install. Users can override checks using optional `helm.sh/readiness-failure` and `helm.sh/readiness-success` annotations which are jsonpath queries to check status fields of the annotated resource. If any of the checks in the lists evaluate as true, the readiness check is determined as successful/failed. `helm.sh/readiness-timeout` annotation can be used to override how long Helm should wait when performing readiness checks before bailing out. It defaults to `10s`. |
There was a problem hiding this comment.
Does there need to be some commentary/discussion regarding how to construct readiness-success and/or readiness-failure?
There was a problem hiding this comment.
Does there need to be some commentary/discussion regarding how to construct
readiness-successand/orreadiness-failure?
@sabre1041 I updated the doc to better explain how readiness checks work. https://github.com/Jeb135/helm-community/blob/hip-sequencing/hips/hip-00xx-sequencing.md#readiness
Co-authored-by: Andrew Block <andy.block@gmail.com> Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Co-authored-by: Andrew Block <andy.block@gmail.com> Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Co-authored-by: Andrew Block <andy.block@gmail.com> Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Co-authored-by: Andrew Block <andy.block@gmail.com> Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Co-authored-by: Andrew Block <andy.block@gmail.com> Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Co-authored-by: Andrew Block <andy.block@gmail.com> Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Co-authored-by: Scott Rigby <scott@r6by.com> Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
Signed-off-by: Evans Mungai <mbuevans@gmail.com>
proposal to add resource sequencing support to Helm for v4