Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFE: Control plane support for various ways to provide a stable API endpoint #1687

Closed
dlipovetsky opened this issue Oct 30, 2019 · 14 comments · Fixed by #1789
Closed

RFE: Control plane support for various ways to provide a stable API endpoint #1687

dlipovetsky opened this issue Oct 30, 2019 · 14 comments · Fixed by #1789
Assignees
@vincepri
Labels
area/control-plane Issues or PRs related to control-plane lifecycle management kind/proposal Issues or PRs related to proposals. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Milestone
v0.3.0

Comments

@dlipovetsky
Copy link
Contributor

User Story

As an operator, I would like to choose my own way to provide a stable API endpoint, as required by the default control plane management implementation.

Detailed Description

The default control plane management implementation requires a stable API endpoint. This endpoint

  • MUST route API requests to a live kube-apiserver replica, if one is available.
  • MUST be defined before the first control plane replica is created, so that it is added to the SubjectAltNames of the kube-apiserver server certificate.
  • MUST stay the same for the entire life of the cluster.
  • MUST be a DNS record, or an IP.

For reference: Today, the stable API endpoint is provided either by the operator (e.g. using an existing LB, or a VIP backed by keepalived), or by the infra provider (e.g. an ELB created by CAPA). There is a proposal to make an explicit provider for this endpoint: #1250.

/cc @detiber @randomvariable
@vincepri
Copy link
Member

/kind proposal

@k8s-ci-robot k8s-ci-robot added the kind/proposal Issues or PRs related to proposals. label Oct 30, 2019
@ncdc
Copy link
Contributor

ncdc commented Oct 30, 2019

@dlipovetsky the proposed KubeadmControlPlane has .spec.kubeadmConfigSpec.clusterConfiguration.controlPlaneEndpoint. I believe a user should be able to fill that in with any value. How does that figure in to this RFE - does it address it?

@dlipovetsky
Copy link
Contributor Author

@dlipovetsky the proposed KubeadmControlPlane has .spec.kubeadmConfigSpec.clusterConfiguration.controlPlaneEndpoint. I believe a user should be able to fill that in with any value. How does that figure in to this RFE - does it address it?

Yes.

--

We may want to call out the above requirements in the proposal (#1613 . In any case, @detiber asked me to open an issue to anchor the discussion, rather than leaving comments on the PR.

@ncdc
Copy link
Contributor

ncdc commented Oct 31, 2019

I wonder if we need to at least include something in the CAEP to have kubeadmControlPlane.spec.kubeadmConfigSpec.clusterConfiguration.controlPlaneEndpoint be populated from cluster.status.apiEndpoints if the controlPlaneEndpoint is empty? Or, to ask a related question, how do we envision something like CAPA working with KubeadmControlPlane where CAPA creates the ELB + the cluster's api endpoint when the AWSCluster is reconciled - how does ...controlPlaneEndpoint get filled in? Or is that manual?

@detiber
Copy link
Member

detiber commented Oct 31, 2019

Or is that manual?

That would be a major regression from previous releases for providers that support Load Balancers...

@ncdc
Copy link
Contributor

ncdc commented Oct 31, 2019

Right, so until (if) we have a proper LoadBalancer story, should we update the CAEP to add some text to describe how we maintain the existing behavior w/o requiring manual intervention to set the endpoint?

@ncdc ncdc mentioned this issue Oct 31, 2019
Merged
@moshloop
Copy link
Contributor

be populated from cluster.status.apiEndpoints if the controlPlaneEndpoint is empty

Why not have the infra provider create the LB and update the controlPlaneEndpoint if it is empty and then remove cluster.status.apiEndpoints or make it a read-only mirror of controlPlaneEndpoint and then you would have consistent behaviour for both user and infra provided LB's

@detiber
Copy link
Member

detiber commented Oct 31, 2019

Why not have the infra provider create the LB and update the controlPlaneEndpoint if it is empty and then remove cluster.status.apiEndpoints or make it a read-only mirror of controlPlaneEndpoint and then you would have consistent behaviour for both user and infra provided LB's

I think the concern here is that it would require tight coupling with the kubeadmControlPlane rather than being a more generic mechanism that would work across different controlplane and bootstrapping providers.

@ncdc
Copy link
Contributor

ncdc commented Oct 31, 2019

Exactly. I'd like there to be an eventual interaction between a LoadBalancer (LB) resource and the KubeadmControlPlane (KCP), and maybe the Cluster too, where the KCP knows to pull the LB's endpoint if it exists (could be KCP pulls from LB, or KCP gets Cluster, see it has an LBRef, and follows that).

@moshloop
Copy link
Contributor

So then let's make controlPlaneEndpoint a first-level field of cluster itself?

KCP could then wait until it is populated by a LB

@ncdc
Copy link
Contributor

ncdc commented Oct 31, 2019
edited
Loading

then you would have consistent behaviour for both user and infra provided LB's

Also, assuming we proceed with your LB proposal @moshloop, I think a natural progression is that there are no more "infra provided LBs" in the sense that the "cluster + machine infra provider" is separate from "LB provider"

@ncdc
Copy link
Contributor

ncdc commented Oct 31, 2019

xref #1197 - I assume that ties into this

@dlipovetsky
Copy link
Contributor Author

So then let's make controlPlaneEndpoint a first-level field of cluster itself?

KCP could then wait until it is populated by a LB

This seems reasonable.

If an LB provider did exist, I suppose it would, after creating the load balancer, update the status of a CR that the Cluster object would reference. Until we figure out the schema of that CR and use a reference, an inline field works.

@ncdc ncdc added this to the v0.3.0 milestone Nov 6, 2019
@ncdc ncdc added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Nov 6, 2019
@vincepri
Copy link
Member

/priority critical-urgent
/lifecycle active

@k8s-ci-robot k8s-ci-robot added lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. labels Nov 20, 2019
@vincepri vincepri self-assigned this Nov 20, 2019
This was referenced Nov 20, 2019
Closed
Merged
@vincepri vincepri added the area/control-plane Issues or PRs related to control-plane lifecycle management label Mar 23, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@vincepri vincepri

Labels
area/control-plane Issues or PRs related to control-plane lifecycle management kind/proposal Issues or PRs related to proposals. lifecycle/active Indicates that an issue or PR is actively being worked on by a contributor. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Projects
None yet
Milestone
v0.3.0
Development

Successfully merging a pull request may close this issue.

⚠️ Move Status.APIEndpoints to Spec.ControlPlaneEndpoint vincepri/cluster-api
6 participants
@ncdc @detiber @moshloop @vincepri @dlipovetsky @k8s-ci-robot