kubernetes-sigs / cluster-api

Home for Cluster API, a subproject of sig-cluster-lifecycle

https://cluster-api.sigs.k8s.io

[Proposal] Allow add any prefix labels to node

Bo0km4n opened this issue a month ago · comments

Katsuya Kawabe commented a month ago

What would you like to be added (User Story)?

As a operator, I would like to allow add any prefix labels to machine and k8s nodes.

Detailed Description

I would like to write any prefix labels like as xxxx.example.com/any-label: hoge to machine deployment's .spec.template.metadata.labels.
And I expect these labels will be propagated to nodes.

Currently, this propagation managed by machine controller: https://github.com/kubernetes-sigs/cluster-api/blob/main/internal/controllers/machine/machine_controller_noderef.go#L119

This controller add only labels have specific managed subdomain (e.g: node.cluster.x-k8s.io

I propose it makes controller options can be control this restriction.
For example, --allow-propagate-labels-prefix=hoge.example.com

Anything else you would like to add?

No response

Label(s) to be applied

/kind feature
One or more /area label. See https://github.com/kubernetes-sigs/cluster-api/labels?q=area for the list of labels.

Kubernetes Prow Robot commented a month ago

This issue is currently awaiting triage.

If CAPI contributors determine this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

Christian Schlotter commented a month ago

Background of why it was decided not to allow arbitrary labels for in-place propagation:

https://github.com/kubernetes-sigs/cluster-api/blob/main/docs/proposals/20220927-label-sync-between-machine-and-nodes.md#label-domains--prefixes

Christian Schlotter commented a month ago

More background in the doc: https://docs.google.com/document/d/17QA2E0GcbWNYb160qs8ArHOW0uMfL-NTYivefPGtn-c/ (also see the comments) which also takes in consideration what was thought about for the kubelet: https://github.com/kubernetes/enhancements/tree/master/keps/sig-auth/279-limit-node-access

So instead I propose you to use the well-known prefix to define your own labels if you want them to get propagated to nodes, e.g. my-example.hoge.node.cluster.x-k8s.io/foo instead.

Katsuya Kawabe commented a month ago

@chrischdi Thanks your information!
I will try to use your example labels: my-example.hoge.node.cluster.x-k8s.io/foo