Proposal: define the CRD of nested components #11
Conversation
charleszheng44
commented
Nov 10, 2020
charleszheng44
commented
- Define the CRD of the nested components
- Define a standard way of creating nested components
k8s-ci-robot
added
the
cncf-cla: yes
k8s-ci-robot
added
the
size/L
|
/resolve #7 |
|
It'd be perfect if we could illustrate where the CRs and instances are created/placed, especially under the context of multiple tenant / nested clusters are supported, in the architectural diagrams. |
|
@brightzheng100 thanks for the suggestion. I will edit the proposal and explain where each CR will be placed. In short: The NCPT is a cluster scope CRD, the NCP will be placed in the namespace specified by the end-users, and the Nested CRs will located in the |
There was a problem hiding this comment.
Awesome job on this @charleszheng44 added some suggestions throughout.
|
Original message:
See my suggestions as well, I wonder if we could implement this part slightly different for NCPs vs how it was done in VC. |
|
@Fei-Guo did you mean to edit my message? 😛 |
|
From @Fei-Guo with regards to my message about NCPT
If we plan to let user create CRs by himself, it is likely he has to to deal with setting proper owner references for all the CRs. Anyway, if we design a mechanism to identify all the associated components, we may be able to workaround the owner reference limitation. All we need is that each component has a way to find other components. |
Totally, I think we need to have some way, like using a I'm worried if we add too much automation upfront then we'll have a difficult time rolling it back, it would be relatively easy to eventually add "creating the CRs" in a |
|
Yes. ControllerplanRef works which is exactly in the proposal here. How to find associated CRs from NCP? We propose to add objectRef in NCP status. Do you agree or have some other ideas? |
We could use |
I think the problem is how can one CR controller get another CR, for example, KAS controller may wanna to get the etcd address that is stored in the Etcd CR. We could use the |
| // NestedEtcd contains information required by the etcd provider to create the Etcd | ||
| NestedEtcd NestedComponentSpec `json:"nestedEtcd"` | ||
|
|
||
| // NestedKAS contains information required by the apiserver provider to create the apiserver | ||
| NestedKAS NestedComponentSpec `json:"nestedKAS"` | ||
|
|
||
| // NestedKCM contains information required by the controller-manager provider to create the controller-manager | ||
| NestedKCM NestedComponentSpec `json:"nestedKCM"` |
There was a problem hiding this comment.
| // NestedEtcd contains information required by the etcd provider to create the Etcd | |
| NestedEtcd NestedComponentSpec `json:"nestedEtcd"` | |
| // NestedKAS contains information required by the apiserver provider to create the apiserver | |
| NestedKAS NestedComponentSpec `json:"nestedKAS"` | |
| // NestedKCM contains information required by the controller-manager provider to create the controller-manager | |
| NestedKCM NestedComponentSpec `json:"nestedKCM"` | |
| // Etcd contains information required by the etcd provider to create the Etcd | |
| Etcd NestedComponentSpec `json:"etcd"` | |
| // ApiServer contains information required by the apiserver provider to create the apiserver | |
| ApiServer NestedComponentSpec `json:"apiServer"` | |
| // ControllerManager contains information required by the controller-manager provider to create the controller-manager | |
| ControllerManager NestedComponentSpec `json:"controllerManager"` |
Given that all of these are already in a Nested struct
| } | ||
| ``` | ||
|
|
||
| We will let users specify component providers through NCP, implement a native mode that has each sub-controller to create the component on the super cluster, and define three new types `EtcdProvider`, `KASProvider`, and the `KCMProvider`: |
There was a problem hiding this comment.
Could we run all controllers all the time instead of allowing to turn them on/off? If controllers aren't reconciling anything because there are no resources / events, it should be fine?
There was a problem hiding this comment.
The idea here would be that in the config (or flags 🤮 ) we can turn off specific controllers and if you wanted to use an external etcd cluster provider like etcdadm or etcd-cluster-operator you can choose to flip off the built-in provider and you just supply your own controller listening for NEtcd and creating w/e the necessary components for that implementation. This will change a bit of the implementation as per - https://github.com/kubernetes-sigs/cluster-api-provider-nested/pull/11/files/4b6d8aea98ed04eea543f2e29319567d4bab5207#r521166698
| type NestedControlPlaneSpec struct { | ||
| // other fields.... | ||
|
|
||
| // NestedEtcdProvider specifies which EtcdProvider will be used to create the Etcd | ||
| // +optional | ||
| NestedEtcdProvider EtcdProvider `json:"etcdProvider,omitempty"` | ||
|
|
||
| // NestedKASProvider specifies which KASProvider will be used to create the kube-apiserver | ||
| // +optional | ||
| NestedKASProvider KASProvider `json:"kasProvider,omitempty"` | ||
|
|
||
| // NestedKCMProvider specifies which KCMProvider will be used to create the kube-controller-manager | ||
| // +optional | ||
| NestedKCMProvider KCMProvider `json:"kcmProvider,omitempty"` | ||
| } |
There was a problem hiding this comment.
| type NestedControlPlaneSpec struct { | |
| // other fields.... | |
| // NestedEtcdProvider specifies which EtcdProvider will be used to create the Etcd | |
| // +optional | |
| NestedEtcdProvider EtcdProvider `json:"etcdProvider,omitempty"` | |
| // NestedKASProvider specifies which KASProvider will be used to create the kube-apiserver | |
| // +optional | |
| NestedKASProvider KASProvider `json:"kasProvider,omitempty"` | |
| // NestedKCMProvider specifies which KCMProvider will be used to create the kube-controller-manager | |
| // +optional | |
| NestedKCMProvider KCMProvider `json:"kcmProvider,omitempty"` | |
| } | |
| type NestedControlPlaneSpec struct { | |
| // other fields.... | |
| // EtcdProvider specifies which EtcdProvider will be used to create the Etcd | |
| // +optional | |
| EtcdProvider EtcdProvider `json:"etcdProvider,omitempty"` | |
| // ApiServerProvider specifies which KASProvider will be used to create the kube-apiserver | |
| // +optional | |
| ApiServerProvider KASProvider `json:"apiServerProvider,omitempty"` | |
| // ControllerManagerProvider specifies which KCMProvider will be used to create the kube-controller-manager | |
| // +optional | |
| ControllerManagerProvider KCMProvider `json:"controllerManagerProvider,omitempty"` | |
| } |
Same suggestion as above regarding naming.
On a more general note, do we need pluggable providers for the first iteration? Would it be ok to reduce scope a bit and only allow the built-in controllers for etcd/api-server/controller-manager instead?
There was a problem hiding this comment.
We don't fully as it's documented IMO, this was called out a couple places. Specifically here - https://github.com/kubernetes-sigs/cluster-api-provider-nested/pull/11/files/4b6d8aea98ed04eea543f2e29319567d4bab5207#r521166698 As long as we have a way to swap the controllers for specific implementations that would be sufficient, IE I could use an etcd prefix or an operator backing the NEtcd controller instead and manage that out-of-tree.
I'm very hesitant to add too much pluggability upfront except controlling what controller manages each object. Since there are so much prior art in the OSS for etcd controllers and we should be able to support those without forking.
|
@christopherhein @Fei-Guo @charleszheng44 Are there concrete use cases that we have today for having multiple CR references inside linked to the main resource? It seems from prior conversations (been catching up today) that all of these resources are effectively linked together and we might want to reconsider having a pluggable abstraction layer until later on. In other words, consider starting from a (mild) opinionated approach that doesn't allow pluggable controllers, we could always get there with time and as use cases occur, but for now it seems we can iterate an learn by having a simplified model. What do you folks think? |
The thought process with individual controllers for each component is it allows us to build more stable upgrade flows for nested control planes. If we have each component use standard labels and statuses we can have etcd staying stable at one version while the apiserver or controller manager is being in-place upgraded through standard kubernetes mechanisms. What you are referencing is much like what we have with I agree to start smaller and opinionated is better upfront and the in-tree providers should be able to do this just requiring the user to create those CRs when bringing up the cluster eg. Create WDYT? Would this cause concerns? |
|
This all makes sense, thanks for providing some more color.
If the references are left blank, we could have the main controller to default-create the in-tree controllers on its own, further simplifying the UX. We could also make sure of controller owner references to signal that these CR are managed by the main controller |
Yea, we discussed this a little bit on the last call. I agree it could be created up-front by the NCP although we'd need a way to reconcile since in-theory we'd have someone My initial thought was since we eventually plan to bring back Have any suggestions, is there prior implementations doing something like this we could use as a reference? |
I might be missing something (also getting lost with all the acronyms :)), if a user kubectl apply a bunch of yaml, and they have a custom provider for NestedEtcd, I'd expect them to setup the ObjectReference in NCP correctly? Otherwise, as you said, the NCP controller is going to default it and create one on its own |
Doh' sorry I'm going off the expectation that there wasn't a bidirectional references between NCP to N* components, you are right that would solve the problem, I was going off the expectation that the NCP didn't have those and the component CRs were the only thing referencing back to an NCP. If NCP has: and each Nested Component CR has an |
charleszheng44
force-pushed
the
proposal/master-controllers
branch
from
674e568 to
9f45b0d
Compare
There was a problem hiding this comment.
Couple more nits, this is looking really good. thanks @charleszheng44
|
|
||
| 1. The user generates all CRs and apply them. | ||
|
|
||
| 2. As the user chooses to use the etcd-cluster-operator(ECO), the ECO controller will create the EtcdCluster CR |
charleszheng44
force-pushed
the
proposal/master-controllers
branch
2 times, most recently
from
da045fe to
bdf20be
Compare
|
Once these last things are cleared up can you also squash the commits and we can get this merged and broken down to individual issues. |
charleszheng44
force-pushed
the
proposal/master-controllers
branch
from
bdf20be to
36a663a
Compare
Yes, just squashed the commits and create a new PR for moving terms to glossary #17 . |
|
Nice work @charleszheng44, I'm good to go on this. /approve |
k8s-ci-robot
added
the
approved
|
I would like someone else to give it |
|
/kind design |
|
/priority important-soon |
k8s-ci-robot
added
the
priority/important-soon
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: charleszheng44, christopherhein The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
