[Lambda ACK] Add FunctionVersionRef to Lambda Alias CR to avoid hard-coded version number for deployments #2788
Description
Hi ACK Lambda team, I would like to raise a feature request about functionVersion spec for Alias. I'm happy to contribute for it, but I would like to hear your opinions first before coming with a PR since it has introduce a completely new field. Looking forward for your feedbacks.
Is your feature request related to a problem?
The current Alias CRD requires a hard-coded string value for spec.functionVersion, which makes it difficult to implement GitOps-based canary deployments with tools like Argo Rollouts or with custom controllers.
Current Problem:
apiVersion: lambda.services.k8s.aws/v1alpha1
kind: Alias
metadata:
name: my-app
spec:
functionName: my-app
functionVersion: "5" # Hard-coded string - requires manual updatesWhen implementing canary deployments, I need to:
- Publish a new Lambda version using the
VersionCR - Update the
AliasCR to point to that new version - Gradually shift traffic using weighted routing
However, the Version CR automatically gets a version number assigned by AWS Lambda that can be retrieved in its status.version field. I cannot predict this version number beforehand, which means:
- I cannot declare the version in a GitOps workflow without knowing what Lambda will assign
- I have to manually find the version number from the
VersionCR status after it's created - This breaks the declarative GitOps model and requires manual intervention or complex scripting
Real-World Use Case: Canary Deployment with Argo Rollouts
I want to use Argo Rollouts with a Lambda traffic routing plugin for canary deployments:
- Deploy new code as a new
VersionCR (let's call itmy-app-blue) - Point a canary
Aliasto this new version using a reference (not a hard-coded version number) - Use Argo Rollouts to gradually shift traffic from stable to canary
- Promote or rollback by updating which
VersionCR the alias references
This workflow is not possible today because I cannot reference the Version CR's status.version field from the Alias CR.
Describe the solution you'd like
Describe the solution you'd like
Add a new field functionVersionRef to the Alias CRD that allows referencing a Version CR. The controller would automatically resolve the reference and use the status.version field from the referenced Version CR.
Proposed API:
---
apiVersion: lambda.services.k8s.aws/v1alpha1
kind: Alias
metadata:
name: my-app-canary
spec:
name: canary
functionRef:
from:
name: my-app
functionVersionRef: # NEW: Reference to Version CR
from:
name: my-app-blue
routingConfig:
additionalVersionWeights:
- functionVersion: "5" # This will be changed by canary deployment tool. E.g. ArgoRollout
weight: 0.9
Key Requirements:
functionVersionRefshould reference only theVersionCR (notFunctionCR) to avoid ambiguity- The controller should read
status.versionfrom the referencedVersionCR - Either
functionVersionORfunctionVersionRefmust be provided (mutual exclusivity) - The feature should be backward compatible - existing hard-coded
functionVersionvalues continue to work
Implementation in generator.yaml:
resources:
Alias:
fields:
FunctionVersion:
is_required: false # Change from true to allow FunctionVersionRef
FunctionVersionRef:
references:
resource: Version
path: Status.VersionDescribe alternatives you've considered
Alternative 1: External Controller/Operator
Create a custom controller that watches Version CRs and updates Alias CRs with hard-coded version numbers.
Drawbacks:
- Adds complexity and another component to maintain
- Not a native Kubernetes pattern
- Requires additional RBAC permissions
- Doesn't leverage ACK's existing reference resolution mechanism
Alternative 2: Use Function CR's status.version
Instead of referencing Version CR, reference the Function CR's status.version field.
Drawbacks:
Function.status.versionrepresents the latest version, which may not be the one you want for canary- Cannot maintain multiple version CRs (blue/green) and switch between them
- Ambiguity: both
VersionandFunctionCRs could have the same name in the same namespace
Alternative 3: Manual Scripts/CI Pipeline
Use CI/CD scripts to:
- Create
VersionCR - Wait for it to be synced
- Query the
status.versionfield - Update
AliasCR with the hard-coded version number
Drawbacks:
- Not declarative/GitOps-friendly
- Requires complex scripting
- Breaks the Kubernetes reconciliation model
- Harder to rollback (requires re-running scripts)
Alternative 4: Use Alias ARN with $LATEST
Just use $LATEST as the version.
Drawbacks:
- Cannot do canary deployments with weighted routing
- All traffic goes to the latest version immediately (no gradual rollout)
- No ability to test new version with a small percentage of traffic
Benefits of the Proposed Solution
- GitOps-Friendly: Version changes are tracked in Git via
VersionCR updates - Declarative: No manual intervention or scripts needed
- Type-Safe: Kubernetes validates references before applying
- Automatic Resolution: Controller handles version lookup automatically
- Backward Compatible: Existing hard-coded
functionVersionvalues continue to work - Enables Advanced Deployment Strategies: Supports canary, blue/green, and progressive delivery with Argo Rollouts
- Consistent with ACK Patterns: Uses the same reference mechanism as other ACK controllers (e.g.,
functionRef,roleRef)