-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support For Cluster Addons #400
Comments
@mhenriks It's hard to say if the SDK could support something like this. First off I'm assuming the operator would have to be a cluster-wide operator that watches all namespaces. I don't know if it's possible to restrict the creation of any new CRs. Maybe through an Admission Webhook but I think that would be beyond the scope of what an operator is expected to do. The operator could possibly ignore all CRs after the first one. But I'm not clear on the implementation details. Sounds a bit like leader election between CRs of the same type. If you could elaborate any ideas that you might have on how this restriction could be implemented in an operator that might give us more context to see if the SDK would be the right place for this. /cc @ecordell I don't know if this is something that could be enforced via OLM. Or if this model of a |
Maybe it helps to say that I could imagine that the specific namespace the add-on should run in is fixed, and not variable. |
xref #236 |
@mhenriks I think the best approach here would be to use ResourceQuotas: (see kubernetes/kubernetes#64201 for enabling ObjectCount quotas for CRs). If you need to restrict the number before that feature is ready, I would just check the cluster state in the operator and write out a status ("status: failed, reason: there's already one in the namespace")
I'd like to chat more offline about the requirements for kubevirt, there might be some things we want to change to better support kubevirt's deployment with OLM |
+1 and let me highlight that kubevirt is just one example of an add-on. hopefully there is no need to highlight this ;) |
I think some work that needs to happen before the operator is adjusted is to work out how addons should be layed out in general. In the past we saw that infrastructur ecomponents land in The insight might be that the creation of certain CRs is limited to a namespace. OR that the corresponding CRDs are namespaced. |
@dmage I imagine we'd also want to enforce that there is exactly one instance of the registry operator (running in the openshift-image-registry namespace). Presumably that is also true for other cluster singleton operators. For 4.0 I suspect we're just going to live with "don't install the operator in another namespace and don't create extra registry CR instances" though. |
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
/remove-lifecycle rotten
I think it's still worth formalizing this a little more - otoh it look
slike we have much more possibilities than 6mths ago.
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
@openshift-bot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
KubeVirt [1] is a cluster addon for running virtual machines in Kubernetes. I am looking into creating an Operator and integrating with OLM in order to better manage the lifecycle of KubeVirt installations. But since Kubevirt is a cluster addon, it has some unique requirements/restrictions.
The main thing is that I only want a single instance of the KubeVirt application to exist in the entire cluster. It can be installed into any namespace. But only once. So, if I create an instance of my KubeVirtApplication CRD in namespace "kubevirt-system" I shouldn't be able to create another instance in that namespace. Or in any other namespace. I'm sure that there are ways to implement this restriction in code. But I think some SDK support would be nice, assuming this is in line with the philosophy of the Operator Framework.
What do you think? Is this within the scope of the Operator Framework? Should there be additional support in the SDK/OLM for this case?
[1] https://github.com/kubevirt/kubevirt
The text was updated successfully, but these errors were encountered: