Put Tekton OCI bundles behind a feature flags 🎏 #3492
Conversation
tekton-robot
added
release-note
| @@ -95,10 +95,13 @@ spec: | |||
| - /kaniko/executor | |||
| args: | |||
| - --destination=gcr.io/my-project/gohelloworld | |||
| ``` | |||
| ``** | |||
| in [Pipelines](pipelines.md#tekton-bundles) or [TaskRuns](taskruns.md#tekton-bundles). | ||
|
|
||
| `Tekton Bundles` may be constructed with any toolsets that produce valid OCI image artifacts | ||
| so long as the artifact adheres to the [contract](tekton-bundle-contracts.md). |
There was a problem hiding this comment.
Maybe udpate the tekton-bundle-contracts file to add it needs to have the feature flag enabled?
|
Quick question: since using the OCI bundles is optional, I want to understand the advantage of feature flagging them? I mean if someone doesn't want to use this feature, they can simply not use it 🤔 It sounds like you mostly want to use this to indicate that the feature is alpha? I'm not sure I agree with this way of doing it - however also if we don't add the feature flag before our next release we'll be stuck, so I don't want to block it. Feature flagging won't stop the fields from showing up in the API, it'll just make them not work - just not really sure how that helps users. |
Yes, that's exactly it, indicate the feature is alpha.
Nothing can really stop the field to show up in the API but we can mark those fields as "alpha" (document them, etc..) See #3459 for more context about this (and how it's done in kubernetes too) |
|
From #3459 :
(just to put some context here too) |
|
@vdemeester do you think it might make sense to have one flag for all of these "alpha" features? Basically I'm worried that this feature flag will create an even worse user experience:
I think I'm not totally sold on the user benefit of making this part of our API do nothing by default |
|
Maybe we can discuss in the working group today! I think there are kinda 2 different discussions:
|
I am not sure nor decided, but I feel, we shouldn't hide them all under one flag, but instead have them all use their own flag (or group them by flag that make sense instead of their "status").
Well this is debatable, what is a worse use experience between having to explicitly enable a feature to be able to use a field or having a field that could be changed, removed later on. By forcing the user to explicitly enable it, we ensure that the user has the knowledge on what it implies to enable and use this feature (aka alpha, not supported, can be removed later on, …) — it allows us gather feedback on features without having to commit to it too much or too long. It allows the user to use feature in preview and have an impact on what the future holds. All of this while working on the stability of the API 🙃. I am open to alternative though. One of it would be to have a On "folks cant try alpha features without enabling them", this is indeed by design. To test an alpha feature in a time where we ship a beta or stable api, the user should have to do something explicitly, whether it is by enable a feature-flag, use a Also, note that this is not proposing anything new, it's just following what k8s does (as explained in #3459 and here at length) – although in the case of k8s, setting
On 1., we need to decide this rather sooner than later 😅 Otherwise, anything we merge in without a feature-flag (or something to "hide it") is considered as beta (and stable once in |
🙋♀️ I have ran into similar issues (stuck pipelinerun) while reviewing the bundle PR, havent got chance to play with it after. |
|
From working group today: thanks for discussing this! I'm happy to add this feature flag for this particular feature as part of the 0.18 release and then continue to discuss our overall strategy separately ( @vdemeester I'm thinking maybe we can try to aim to agree on a policy before 0.19? ) |
Yes definitely. @afrittoli and I are gonna work on a TEP for this 😉 |
vdemeester
force-pushed
the
feature-flag-bundles
branch
2 times, most recently
from
04f7543 to
bf3749d
Compare
| @@ -156,6 +140,27 @@ spec: | |||
| ... | |||
| ``` | |||
|
|
|||
| #### Tekton Bundles | |||
There was a problem hiding this comment.
I feel like we might want to design a page dedicated to alpha features eventually, or at least one that contains a link to all alpha feature docs, but not necessarily in this patch.
There was a problem hiding this comment.
I tried running the example on a cluster that runs this PR and I get:
status:
completionTime: "2020-11-05T18:06:17Z"
conditions:
- lastTransitionTime: "2020-11-05T18:06:17Z"
message: 'error when listing tasks for taskRun remote-task-reference: tasks.tekton.dev
"hello-world" not found'
reason: TaskRunResolutionFailed
status: "False"
type: Succeeded
podName: ""
startTime: "2020-11-05T18:06:17Z"
This is the taskrun:
apiVersion: tekton.dev/v1beta1
kind: TaskRun
metadata:
name: remote-task-reference
spec:
taskRef:
name: hello-world
bundle: docker.io/ptasci67/example-oci@sha256:053a6cb9f3711d4527dd0d37ac610e8727ec0288a898d5dfbd79b25bcaa29828
I was expecting a validation error, but I think we normally ignore unknown fields, so I guess this should be ok?
| @@ -1,9 +0,0 @@ | |||
| # TODO: Move the example image to a tekton owned repo. | |||
There was a problem hiding this comment.
I guess we could have moved this to a skip folder, or perhaps verify that this doesn't work when the flag is not switched, but I think the machinery to run YAML tests does not support that yet?
There was a problem hiding this comment.
Yeah I moved it to no-ci, forgot to commit the file 😓
Should be fixed now.
| @@ -31,12 +31,14 @@ const ( | |||
| disableCredsInitKey = "disable-creds-init" | |||
| runningInEnvWithInjectedSidecarsKey = "running-in-environment-with-injected-sidecars" | |||
| requireGitSSHSecretKnownHostsKey = "require-git-ssh-secret-known-hosts" // nolint: gosec | |||
| enableTektonOCIBundles = "enable-tekton-oci-bundles" | |||
There was a problem hiding this comment.
It would be nice to update the feature_flags_test.go and related test files too
OMG, I forgot those, thanks, I'll update tomorrow morning. |
There was a problem hiding this comment.
@pritidesai we'll need to make sure to call this out clearly in the 0.18 release notes: that you have to explicitly enable this feature to use it
| @@ -156,6 +140,27 @@ spec: | |||
| ... | |||
| ``` | |||
|
|
|||
| #### Tekton Bundles | |||
There was a problem hiding this comment.
can we add a link to this new section in the TOC at the top?
I have updated the release notes in the PR #3142 which introduced this feature. Also one of the highlights of 0.18: "bundles behind feature flags" |
vdemeester
force-pushed
the
feature-flag-bundles
branch
4 times, most recently
from
a5978ef to
9dc5abe
Compare
|
The following is the coverage report on the affected files.
|
In order to expose Tekton OCI bundle less and mark them as "alpha" still, let's put their usage under a feature-flag. This will allow us to experiment, refactor and enhance those without having to support them nor expose them too much to the end-user. Enabling the feature gates is a explicit choice for the user and is documented to make sure users understand this is subject to changes. This adds a new feature-flags field called "enable-tekton-oci-bundles" that defaults to false. If the feature-flag is off, Tekton OCI bundle are not usable. The admission controller will disallow its usage, and the controller will not take the bundle field into account. Note: the e2e tests will be skip on the CI temporarly because we do not have the *framework* in place to switch feature-flags during tests. This will be worked out in parallel. Signed-off-by: Vincent Demeester <[email protected]>
vdemeester
force-pushed
the
feature-flag-bundles
branch
from
9dc5abe to
51444bb
Compare
|
The following is the coverage report on the affected files.
|
|
/retest |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: afrittoli, chmouel The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
tekton-robot
added
the
approved
|
/retest |
|
Disabled by default: |
|
Enabled with |
| @@ -9,6 +9,7 @@ weight: 4 | |||
| - [Overview](#overview) | |||
| - [Configuring a `PipelineRun`](#configuring-a-pipelinerun) | |||
| - [Specifying the target `Pipeline`](#specifying-the-target-pipeline) | |||
| - [Tekton Bundles](#tekton-bundles) | |||
There was a problem hiding this comment.
NIT: "Specifying Tekton Bundles" 😆
|
thanks a bunch @vdemeester for putting this together 😻 |
|
/test pull-tekton-pipeline-build-tests |
Changes
In order to expose Tekton OCI bundle less and mark them as "alpha"
still, let's put their usage under a feature-flag. This will allow us
to experiment, refactor and enhance those without having to support
them nor expose them too much to the end-user.
Enabling the feature gates is a explicit choice for the user and is
documented to make sure users understand this is subject to changes.
This adds a new feature-flags field called "enable-tekton-oci-bundles"
that defaults to false.
If the feature-flag is off, Tekton OCI bundle are not usable. The
admission controller will disallow its usage, and the controller will
not take the bundle field into account.
Note: the e2e tests will be skip on the CI temporarly because we do
not have the framework in place to switch feature-flags during
tests. This will be worked out in parallel.
/cc @tektoncd/core-maintainers
To add a bit more context, I am experiencing pipelinerun completely stuck at resolving tasks when using Tekton bundles, that's why I feel we should put this under a feature flag. This also takes inspiration from "Support Kubernetes style feature-gates for new API fields" #3459.
Signed-off-by: Vincent Demeester [email protected]
/kind misc
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide for more details.
Double check this list of stuff that's easy to miss:
cmddir, please updatethe release Task to build and release this image.
Reviewer Notes
If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.
Release Notes