-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
📖 Add ADR on rancher namespace strategy #264
Closed
Danil-Grigorev
wants to merge
1
commit into
rancher:main
from
Danil-Grigorev:namespace-scoped-rancher-adr
Closed
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,42 @@ | ||
| <!-- START doctoc generated TOC please keep comment here to allow auto update --> | ||
| <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE --> | ||
|
|
||
| - [7. Cluster Import Strategy](#7-cluster-import-strategy) | ||
| - [Context](#context) | ||
| - [Decision](#decision) | ||
| - [Consequences](#consequences) | ||
| - [Sequence Diagram](#sequence-diagram) | ||
|
|
||
| <!-- END doctoc generated TOC please keep comment here to allow auto update --> | ||
|
|
||
| # 7. Rancher Namespace Strategy | ||
|
|
||
| - Status: proposed | ||
| - Date: 2023-16-11 | ||
| - Authors: @Danil-Grigorev | ||
| - Deciders: @richardcase @alexander-demicev @furkatgofurov7 @mjura @salasberryfin | ||
|
|
||
| ## Context | ||
|
|
||
| The feature of Rancher Manager allows you to **import** an existing cluster, however, the resources created for the rancher-turtles to use are spawned across randomly generated namespaces, preventing rancher-turtles from using the namespace scoped permissions for the namespace scoped resources within the Rancher Manager cluster. | ||
|
|
||
| ## Decision | ||
|
|
||
| The operator will take the responsibility of placing Rancher resources in a specific namespace, defined by the CAPI cluster resource namespace. | ||
|
|
||
| The namespace will only dictate the designated location of the Rancher Manager cluster resources, such as **provisioning.cattle/v1.Cluster** and **management.cattle/v3.ClusterRegistrationToken**. | ||
|
|
||
| ## Consequences | ||
|
|
||
| To replicate the import steps the operator will need to change the [import strategy][] in steps 1 to 2: | ||
|
|
||
| 1. Create an instance of the **provisioning.cattle/v1.Cluster** in the Rancher Manager cluster in the selected namespace. Wait for the cluster name to be provided in the status subresource. | ||
| 1. Create an instance of the **management.cattle/v3.ClusterRegistrationToken** for the cluster name in the selected namespace. Wait for the **ClusterRegistrationToken** status to be populated AND contain an import URL. | ||
|
|
||
| The rest of the steps of the [import strategy][] are unchanged. | ||
|
|
||
| [import strategy]: ./0006-import-strategy.md#consequences | ||
|
|
||
| ### Sequence Diagram | ||
|
|
||
|  | ||
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rancher Turtles at this stage will only create the provisioning.cattle/v1.Cluster instance. It will continue to rely on the Rancher machinery to create the ClusterRegistrationToken.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you think this may have a fallback scenario of creating the token ourselves? It follows the “random” namespace strategy rancher uses.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Currently we are replicating the UI and token generation is automatic. I'd say we follow that and it that changes in the future we can supercede this version.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
With the current investigation on usage of the managementv3.Cluster to abstract provisioningv1.Cluster it is better to have our priorities stated and clear, in case the behavior would unexpectedly change, or we may loose backwards compatibility.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The current situation is that we create the provisioningv1.Cluster and so its fine for us to state we will create this in a specific namespace.
We rely on the Rancher machinery to create the ClusterRegistrationToken and as it currently stands the ClusterRegistration token is automatically created in a namespace thats the name of the managementv3.Cluster (that is autogenerated from the provisioningv1.Cluster) . So we will not be creating the ClusterRegistration token and so this should be removed from the ADR.
If we change to generate the managementv3.Cluster in the future then this is cluster scoped and not namespace scoped, so we may need to supercede this ADR at a later date.