clusterctl move support for cluster-scoped global resources

[randomvariable]

User Story

As a cluster operator using AWS as per kubernetes-sigs/cluster-api-provider-aws#1713, I reference a cluster-scoped resource in my AWSCluster object. When I use clusterctl move, I want my cluster-scoped resource to be copied to the target cluster so Cluster API continues running.

Detailed Description

New in kubernetes-sigs/cluster-api-provider-aws#1713 is the use of cluster-scoped account principal resources for credential management for CAPA. clusterctl will need to be extended to support the copy of the cluster scoped resource to the target cluster when it exists as an owner reference on the AWSCluster resource.

For CAPA's purposes, a deletion of the original principal is not needed, and it is OK-ish for the cluster resource to be potentially mutated in the source cluster and another namespace moved to the target cluster and the cluster-scoped resource to be re-copied.

Anything else you would like to add:

This is by no means an exhaustive description of what needs to be done, but more a starter for ten (e.g. this also potentially affects ClusterResourceSet in a different way)

[Miscellaneous information that will assist in solving the issue.]

/kind feature

[vincepri]

/milestone v0.3.x

[fabriziopandini]

some background about the move operation:

• the move operation is based on an object graph,
• graph's nodes are all the object of kinds defined by CRDs installed by clusterctl + Secrets & ConfigMaps
• graph's edges are based on OwnerReferences
• nodes not linked to a cluster directly or in-directly are excluded from move
• graphs relations are used to determine the create/delete order

in order to address this issue:
a. new types should be installed by clusterctl (I assume this is already the case)
b. it is required that objects are related via OwnerReferences
c. according to b, we should ensure that new objects are detected as in scope for move (not excluded)
d. eventual special case for global resources should be implemented (e.g. don't delete from source)

[fabriziopandini]

nb. a similar change might be required for ClusterResourceSet as well.
/cc @sedefsavas

[gab-satchi]

/assign

[vincepri]

@gab-satchi Before we start implementation, let's discuss a little more about the use case & proposed solution

[fabriziopandini]

/lifecycle active
/assign

[vincepri]

/milestone v0.4.0

[fejta-bot]

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

[fabriziopandini]

/remove-lifecycle stale
/lifecycle frozen

[fabriziopandini]

/area clusterctl

[fabriziopandini]

/close
in favour of #3042 (see #3042 (comment) for latest decisions)

[k8s-ci-robot]

@fabriziopandini: Closing this issue.

In response to this:

/close
in favour of #3042 (see #3042 (comment) for latest decisions)

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.