From e3e70339c135053ddf52b7f970ad6b711353a375 Mon Sep 17 00:00:00 2001 From: Erik Godding Boye Date: Sun, 24 Nov 2024 12:17:28 +0100 Subject: [PATCH] Migration Design: Rename Bundle to ClusterBundle Signed-off-by: Erik Godding Boye --- .../20241124-rename-bunde-to-clusterbundle.md | 82 +++++++++++++++++++ 1 file changed, 82 insertions(+) create mode 100644 design/20241124-rename-bunde-to-clusterbundle.md diff --git a/design/20241124-rename-bunde-to-clusterbundle.md b/design/20241124-rename-bunde-to-clusterbundle.md new file mode 100644 index 00000000..7b9224dc --- /dev/null +++ b/design/20241124-rename-bunde-to-clusterbundle.md @@ -0,0 +1,82 @@ +# Design: Renaming Bundle to ClusterBundle + +- [Release Signoff Checklist](#release-signoff-checklist) +- [Summary](#summary) +- [Motivation](#motivation) + - [Goals](#goals) + - [Non-Goals](#non-goals) +- [Proposal](#proposal) + - [Risks and Mitigations](#risks-and-mitigations) +- [Design Details](#design-details) + - [Test Plan](#test-plan) + - [Upgrade / Downgrade Strategy](#upgrade--downgrade-strategy) +- [Alternatives](#alternatives) +- [Future Work](#future-work) + +## Release Signoff Checklist + +This checklist contains actions which must be completed before a PR implementing this design can be +merged. + +- [ ] This design doc has been discussed and approved +- [ ] Test plan has been agreed upon and the tests implemented +- [ ] User-facing documentation has been PR-ed against the release branch in [cert-manager/website] + +## Summary + +TODO + +## Motivation + +TODO + +### Goals + +- `Bundle` resource is renamed to `ClusterBundle` + +TODO: add more goals + +### Non-Goals + +- Change/fix/improve `Bundle`/`ClusterBundle` while renaming + +TODO: add more non-goals + +## Proposal + +TODO + +### Risks and Mitigations + +#### Target configmaps/secrets are accidentally deleted + +Since using owner references in this project, we need to be extra careful when performing changes like this. + +TODO: describe mitigation + +## Design Details + +### Test Plan + +TODO + +### Upgrade / Downgrade Strategy + +TODO + +## Alternatives + +### Just rename resource between releases + +Since the `Bundle` API version is `v1alpha1`, we could justify just doing the simplest thing and rename. +This approach could cause potentially catastrophic failures in user clusters when the `Bundle` CRD is deleted +since all target configmaps/secrets are owned by bundle and would be deleted by the Kubernetes garbage collector. + +### Doing Nothing + +See "Motivation" above. + +## Future Work + +- Introduce a **namespace-scoped** `Bundle` resource. +- Integration with upstream [ClusterTrustBundle API](https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#cluster-trust-bundles).