-
Notifications
You must be signed in to change notification settings - Fork 296
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce Cluster reference field in the ProviderServiceAccount API type #2284
Comments
Sounds good to me overall. I would:
|
My original thought was to have it as part of the conversion webhook, but since it isn't possible, I was proposing of doing this as part of the controller reconcile logic itself. |
We are not setting the cluster label, just like we do not for VSphereVM right now. It should be straight forward to setup this label as well, and IMO it is a good idea to do it. Since there is no such CAPI contract that exists, it is the responsibility of the provider to set the label. Do you want to create an issue to track adding the CAPI |
Let's add it to the issue you already created for other CRDs?
Yup conversion only works between API versions. I think the problem with rewriting it in the controller is that it's easy to end up in infinite reconciles between CAPV and other controllers (eg gitops or whoever creates the objects). Also means that our controller would own the field (managed fields / SSA) Also not sure how it makes the transition smoother 😀. Folks have to change it on their side anyway and we would support the old field in v1beta1 in any case (and dropping support in v1beta2) |
@srm09 If you want we can now also return a warning via the validation webhook when the ref instead of the clusterRef is set. But I think that is optional. |
/retitle Introduce Cluster reference field in the ProviderServiceAccount API type |
/assign |
@zhanggbj Please wait a bit with this issue. I think in general it is still valid I just recently noticed a bit of weirdness in the corresponding controller and would like to refactor it first. I should get around do it in the next few days. I think this refactoring will have impact on this change. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale Will revisit this soon |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues. This bot triages un-triaged issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
/remove-lifecycle stale |
/kind feature
Describe the solution you'd like
The ProviderServiceAccount API type uses the VSphereCluster ref to sync the service account secret back to the workload cluster. Before ClusterClass, the VSphereCluster reference was easy to determine since it was expected to be created by an end user. With the advent and popularity of ClusterClass, this name generation is done dynamically by the topology controller and not easily determinable.
Since the internals of the controller use the VSphereCluster reference to obtain the name of the
Cluster
object itself, and use the remote client of the cluster to sync the service account secret back to the workload cluster, it makes sense to update the API type to reference the name of theCluster
instead of theVSphereCluster
.Anything else you would like to add:
VSphereCluster
object:cluster-api-provider-vsphere/apis/vmware/v1beta1/providerserviceaccount_types.go
Line 29 in ea5331d
Cluster
object from theVSphereCluster
object reference:cluster-api-provider-vsphere/controllers/serviceaccount_controller.go
Lines 188 to 213 in ea5331d
The proposal is to update the API to include
Add a new webhook to allow setting either
Ref
orClusterRef
in the ProviderServiceAccount object. We could go one step further and introduce logic to automatically set theClusterRef
when theRef
is set in the Spec. This would allow the transition to the new proposed API field to be much smoother.Environment:
kubectl version
):/etc/os-release
):The text was updated successfully, but these errors were encountered: