-
Notifications
You must be signed in to change notification settings - Fork 73
RFC: DNS Label Compatible Process Types #329
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Open
joshwlewis
wants to merge
16
commits into
buildpacks:main
Choose a base branch
from
joshwlewis:subdomain-processes
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Open
Changes from all commits
Commits
Show all changes
16 commits
Select commit
Hold shift + click to select a range
9271fcb
Draft Hostname Compatible Process Types
joshwlewis 3f41cfd
Move Hostname Process Types RFC to the right location
joshwlewis 766fde5
Update hostname process types RFC
joshwlewis b8ecf24
Use DNS Label instead of host name
joshwlewis 18b3e92
Rename to DNS Label
joshwlewis 8670283
Update DNS Label process types
joshwlewis a281ca6
Add open question for DNS label process types
joshwlewis 6ea2df2
Update introduction/summary wording
joshwlewis 2876c54
Update process type definition wording
joshwlewis ce17ddb
Update motivation wording
joshwlewis bda7d1f
Clarify change specifics
joshwlewis fd3089d
Clarify that compliance means lowercase
joshwlewis a020ae8
Clarify compatibility changes for lowercasing
joshwlewis 475d698
Update error messaging to include lowercase
joshwlewis 842a922
Limit to 253 chars
joshwlewis 79e1c6d
Add migration flag
joshwlewis File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,147 @@ | ||
| # Meta | ||
|
|
||
| - Name: DNS Label Compatible Process Types | ||
| - Start Date: 2025-03-30 | ||
| - Author(s): @joshwlewis | ||
| - Status: Draft <!-- Acceptable values: Draft, Approved, On Hold, Superseded --> | ||
| - RFC Pull Request: | ||
| - CNB Pull Request: | ||
| - CNB Issue: | ||
| - Supersedes: | ||
|
|
||
| # Summary | ||
|
|
||
| Process type identifiers, as defined in the Cloud Native Buildpacks buildpack specification, are less restrictive than the RFC 1123 DNS label definition. Therefore, CNB process types may not be compatible with internet routing or Kubernetes resource naming. This RFC proposes stricter process type identifier requirements to increase compatibility with other CNCF / OSS projects as well as RFC 1123. | ||
|
|
||
| # Definitions | ||
|
|
||
| **RFC 1123**: The IETF ["Requirements for Internet Hosts" RFC](https://datatracker.ietf.org/doc/html/rfc1123#section-2.1) describes the syntax for DNS host names, domain names, and labels. | ||
|
|
||
| **Kubernetes Resource Names**: Many resource names are restricted to RFC 1123, as outlined [here](https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#dns-subdomain-names). | ||
|
|
||
| **Process Type**: The `type` identifier for a launch process as [specified in `launch.toml`](https://github.com/buildpacks/spec/blob/main/buildpack.md#launchtoml-toml). | ||
|
|
||
| # Motivation | ||
|
|
||
| The images resulting from CNB builds are often deployed to internet connected environments, where it's useful to connect or manage the image lifecycle with an internet routable domain name. | ||
|
|
||
| For example, after building a web service image with Cloud Native Buildpacks, developers might want to expose various processes to the internet like static-assets.myapp.com and api.myapp.com. However, process types may currently include `_`, making process types like `Static_Assets` allowed, but not internet routable -- `Static_Assets.myapp.com` is not a valid domain name. | ||
|
|
||
| Or, developers might want to manage Kubernetes resources dynamically using process types defined in the resulting image: | ||
|
|
||
| ``` | ||
| kubectl autoscale replicaset static-assets --max=6 --min=2 --cpu-percent=50 | ||
| ``` | ||
|
|
||
| However, while CNB allows a `Static_Assets` process type, Kubernetes rejects it as a resource name: | ||
|
|
||
| ``` | ||
| object name does not conform to Kubernetes naming requirements: "Static_Assets" | ||
| ``` | ||
|
|
||
| These incompatibilities make using process types in dynamic scenarios challenging. | ||
|
|
||
| # What it is | ||
|
|
||
| The current Buildpack specification defines these process type restrictions: | ||
|
|
||
| > MUST only contain numbers, letters, and the characters ., \_, and -. | ||
|
|
||
| While DNS Labels as defined in RFC 1123 are more restrictive. Some notable differences: | ||
|
|
||
| - Underscores (`_`) are not allowed | ||
| - Periods (`.`) are not allowed | ||
| - Dashes ('-') are not allowed as the first or last character | ||
| - Uppercase and lowercase letters are not differentiated | ||
| - Must be less than 63 characters | ||
|
|
||
| The buildpack specification will be modified to require process types compatible with RFC 1123 for DNS Labels, and require lowercase letters for compatibility with Kubernetes. | ||
|
|
||
| # How it Works | ||
|
|
||
| The platform specification will be changed to reject process types that do not comply with lowercased RFC 1123 DNS Labels. When a process type fails to meet this syntax, appropriate error messaging may be given by the platform, for example: | ||
|
|
||
| ``` | ||
| The "Static_Assets" process type must comply with lowercased RFC 1123 DNS label syntax. Underscores are not allowed. Uppercase letters are not allowed." | ||
| ``` | ||
|
|
||
| While uppercase letters are allowed in RFC 1123, uppercase and lowercase are not differentiated -- `API` and `api` are the same. DNS providers and Kubernetes enforce (or coerce) uppercase to lowercase to prevent duplicate entries with different casing. The buildpack spec should also enforce lowercase letters for the same reason. | ||
|
|
||
| # Migration | ||
|
|
||
| This is a breaking API change, and will require a new Buildpack API version. | ||
|
|
||
| Buildpacks specifying process types that do not comply with the stricter requirements proposed in this RFC will need to change the way process types are defined. Buildpacks defining process types dynamically should implement logic to coerce process types (by substitution, filtering and/or truncation) to meet the specification and avoid build failures. | ||
joshwlewis marked this conversation as resolved.
Show resolved
Hide resolved
|
||
|
|
||
| In order to ease the transition, a new flag may be introduced to pack and/or lifecycle to control enforcement of this requirement. For example, a `--strict-process-types` flag could be introduced that might be set to `warn` or `error`. Calls with `pack build foo --strict-process-types=error ...` would emit error messages and reject builds with non-compliant process types while calls with `pack build foo --strict-process-types=warn ...` would emit warning messages while still allowing the build to complete. | ||
|
|
||
| With a flag like this, the migration could be split into phases: | ||
|
|
||
| Phase 1: `--strict-process-types` has a default value of `warn` | ||
| Phase 2: `--strict-process-types` has a default value of `error` | ||
| Phase 3 (optional): `--strict-process-types` is always `error` | ||
|
|
||
| # Drawbacks | ||
|
|
||
| - It's a breaking API change and will cause ecosystem churn. | ||
|
|
||
| # Alternatives | ||
|
|
||
| ## Enforce RFC 1123 host names | ||
|
|
||
| Instead of enforcing the DNS label syntax, enforce the host name syntax. This would allow periods (in correct postions) and allow up to 253 characters. | ||
|
|
||
| Pros: | ||
|
|
||
| - Less restrictive | ||
| - would allow internet routing and kubernetes compatibility. | ||
|
|
||
| Cons: | ||
|
|
||
| - Buildpacks are unlikely to know/set the correct fully qualified domain for an image that might be deployed many places | ||
| - Deployment platforms couldn't use use process types as a subdomain (since the buildpack may have chosen a 254 character process type) | ||
|
|
||
| ## Do Nothing | ||
|
|
||
| If we do nothing, developers in our ecosystem will not be able to use process types for internet routing or Kubernetes resource names. | ||
|
|
||
| # Prior Art | ||
|
|
||
| N/A | ||
|
|
||
| # Unresolved Questions | ||
|
|
||
| - Are there additional resources in the spec that should also have this restriction? | ||
|
|
||
| - Image names? (probably not, given it's common to use url-based image names with periods and slashes) | ||
|
|
||
| - Is this change worth creating a new Buildpack API version? | ||
| - Maybe not on it's own, but perhaps it could be bundled with other features. | ||
|
|
||
| # Spec. Changes (OPTIONAL) | ||
|
|
||
| This change will require changes to the Buildpack API spec. | ||
|
|
||
| # History | ||
|
|
||
| <!-- | ||
| ## Amended | ||
| ### Meta | ||
| [meta-1]: #meta-1 | ||
| - Name: (fill in the amendment name: Variable Rename) | ||
| - Start Date: (fill in today's date: YYYY-MM-DD) | ||
| - Author(s): (Github usernames) | ||
| - Amendment Pull Request: (leave blank) | ||
|
|
||
| ### Summary | ||
|
|
||
| A brief description of the changes. | ||
|
|
||
| ### Motivation | ||
|
|
||
| Why was this amendment necessary? | ||
| ---> | ||
|
|
||
| ``` | ||
|
|
||
| ``` | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.