Skip to content
This repository has been archived by the owner on Jun 26, 2023. It is now read-only.

HNC: Move subnamespace creation to HNSR and simplify HCR #552

Closed
yiqigao217 opened this issue Mar 25, 2020 · 1 comment · Fixed by #581
Closed

HNC: Move subnamespace creation to HNSR and simplify HCR #552

yiqigao217 opened this issue Mar 25, 2020 · 1 comment · Fixed by #581

Comments

@yiqigao217
Copy link
Contributor

yiqigao217 commented Mar 25, 2020
edited
Loading

Part of #457

We will move the subnamespace creation from HierarhyConfig Reconciler (HCR) to HierarchyicalNamespace Reconciler (HNSR) to simplify the logic and make it easier to understand.

The HNSR will take care of the subnamespace creation/deletion based on the HNS instances. When HNSR creates a subnamespace, it will set correct owner annotation on the subnamespace.

We will use the namespace annotation as the source of truth for the ownership, since modifying a namespace has higher privilege than what HNC users can do.

The implementation detail of this change will be:

Source of truth: Owner annotation on the subnamespace

Conditions/states to report:

  • Namespace condition: HNS_MISSING
    (If the HNS is missing in the owner NS or the owner NS is missing)
  • HNS state: Conflict
    (If the owned namespace is missing)

Forest:

  • Add a list of names of the HNSes in the namespace: ns.HNSes
    (This will be updated in each HCR by an api list)
  • Remove ns.Owner field and add ns.isOwned bool field, since the parent will always be the owner in the annotation.

HCR:

  • Additionally watch HNS instances. Map it only to the parent HC (since the child NS will be created/deleted by HNSR and thus will be reconciled by HCR naturally). This makes it easier for cascading deletion to remove HC finalizers when there's no HNS instances in the namespace.
  • onMissingNamespace(): remove the namespace creation of the previous RequiredChild.
  • syncOwner() sets parent to owner. Look through the owner’s ns.HNSes in the forest, if not found, set HNS_MISSING condition.
  • syncParent() unchanged.
  • syncChildren(): Will remove SubnamespaceConflict condition and only update the children list from forest to spec since any existing owned namespace always has owner as its parent and if the owned ns is missing, the HNS will have Conflict state.
  • Add syncHNSes(): It will update HNS list in the syncWithForest(): ns.SetHNSes(hnsnms).

HNSR:

  • Additionally watch NS instances. Map it only to its owner (parent) HNS, e.g. {Name: ns.name, Namespace: ns.getAnnotation()[owner]}. If anything's changed with the owned namespace (creation/deletion/annotation change), the HNS will be reconciled.
  • If subnamespace doesn't exist, it will create one with correct owner annotation.
  • Update hns.status.state accordingly.

(The cascading deletion part is not included in this change)
This was referenced Mar 26, 2020
Merged
Closed
Closed
Closed
@yiqigao217
Copy link
Contributor Author

The only thing left here is:
Remove ns.Owner field and add ns.isOwned bool field, since the parent will always be the owner in the annotation.

@yiqigao217 yiqigao217 mentioned this issue Mar 31, 2020
Merged
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Replace ns.Owner with ns.IsOwned in the forest yiqigao217/multi-tenancy
1 participant
@yiqigao217