[WIP] 📖 External etcd cluster lifecycle support

[g-gaston]

What this PR does / why we need it:
This proposal continues the work started by #4659

Tracking TODOs

• Expand on KCP, CLuster and EtdcadmCluster controllers "interaction". Specially for upgrades scenarios.
• Document support for Bottlerocket

Fixes #7399

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign vincepri for approval by writing /assign @vincepri in a comment. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[k8s-ci-robot]

Hi @g-gaston. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[g-gaston]

This might trigger its own conversation due to the significant difference between bottlerocket and other OS supporting cloud-init.

It doesn't need to be part of this proposal but, since we will follow with the implementation, it's probably worth noting. I'll just document it here and we'll go from there.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[g-gaston]

/remove-lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all PRs.

This bot triages PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the PR is closed

You can:

• Mark this PR as fresh with /remove-lifecycle stale
• Close this PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[g-gaston]

/remove-lifecycle stale

[vincepri]

Last release was in 2021, is this still maintained?

[g-gaston]

Yeah, it is. I myself got a couple PRs after that 2021 release. I suspect no one has asked for a release and that's why it hasn't been cut. But I can reach out to get one if we move ahead with this.

[vincepri]

Should we add that we need some code reuse between this effort and KCP's current etcd capabilities? Ultimately we should try to maximize our shared code between the external etcd provider and stacked.

[g-gaston]

Ah good point. TBH I would prefer to leave that out of the design and move that responsibility to the implementation phase. It's also something we can iterate on without affecting the design.

However if you feel strongly about this, what about:

Suggested change

	- Support the following etcd cluster management actions: scale up and scale down, etcd member replacement and etcd version upgrades.
	- Support the following etcd cluster management actions: scale up and scale down, etcd member replacement and etcd version upgrades.
	- Minimize code duplication with KCP's current etcd capabilities by sharing code with the external etcd providers.

[vincepri]

There is a limitation currently in that the Machine controller always expects a Machine to become a Kubernetes node; this proposal would allow a different set of nodes to stand as Machine without a corresponding Node. We might want to add a paragraph here that states the above clarifying that Machine(s) that won't become nodes will only be for etcd, which is a support pillar.

[g-gaston]

Good point, will add this.

[vincepri]

Could we avoid relying on etcdadm here, and just call it etcd? Reason being, if in the future we'd like to swap out the implementation detail, we should be able to do so

[g-gaston]

Oh that's an interesting point. However, wouldn't that almost guarantee another provider? Similarly to if we ever want to swap kubeadm with a different tool?

[musaprg]

It might be better to replace etcdadm based provider with etcdadm based etcd provider to avoid confusion. IMO calling etcdadm here would be fine because that's one of the reference implementations of the etcd provider.

[vincepri]

This imports a config that we have no control over, could we instead offer a translation layer between what we want to expose to Cluster API users, and have etcdadm be an implementation detail?

[g-gaston]

Ah I see what you are saying. But that sounds like a paradigm change, which I'm not opposed to, but it does change the high level approach slightly. If I'm getting this right, you are suggesting making this API almost like a generic interface for an etcd provider, as opposed to the API for a concrete implementation using etcdadm (which is what this design tries to do). This design follows the same idea as the CP provider and the KCP, where the KCP API is specific to kubeadm.

What's the benefit you see on doing this? Or is it more that you have a concern with etcdadm.

[vincepri]

These should probably be conditions?

[g-gaston]

Yeah, I would agree. Let me take a note and revisit this.

[g-gaston]

Thanks for the review @vincepri!

[k8s-ci-robot]

@g-gaston: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cluster-api-verify-main	71e9661	link	true	/test pull-cluster-api-verify-main

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[fabriziopandini]

@g-gaston what is the plan for this PR?
Since it is not active since some time now I would suggest closing it and revive the effort as soon someone has bandwidth/there is critical mass to make this move forward

[g-gaston]

@g-gaston what is the plan for this PR? Since it is not active since some time now I would suggest closing it and revive the effort as soon someone has bandwidth/there is critical mass to make this move forward

Yeah, agreed.

I still have interest in moving this forward but I don't have the bandwidth to make enough progress right now :(. If someone is interested in collaborating, please reach out. If not, I'll reopen once me or someone else on the eks-a side starts working on this again.