[thought-experiment] single-node cluster static pod creation #302
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,92 @@ | ||
| --- | ||
| title: static-pods-for-single-node-via-ignition | ||
| authors: | ||
| - "@deads2k" | ||
| reviewers: | ||
| approvers: | ||
| creation-date: yyyy-mm-dd | ||
| last-updated: yyyy-mm-dd | ||
| status: provisional|implementable|implemented|deferred|rejected|withdrawn|replaced | ||
| see-also: | ||
| - https://github.com/sjenning/rhcos-kaio | ||
| replaces: | ||
| superseded-by: | ||
| --- | ||
|
|
||
| # Static Pods for Single Node Cluster via Ignition | ||
|
|
||
| ## Release Signoff Checklist | ||
|
|
||
| - [ ] Enhancement is `implementable` | ||
| - [ ] Design details are appropriately documented from clear requirements | ||
| - [ ] Test plan is defined | ||
| - [ ] Graduation criteria for dev preview, tech preview, GA | ||
| - [ ] User-facing documentation is created in [openshift-docs](https://github.com/openshift/openshift-docs/) | ||
|
|
||
| ## Open Questions [optional] | ||
|
|
||
| 1. Do we even have a use-case for spending the time building this thought experiment? | ||
| 2. Do we want to be able to run other operators on top of this? | ||
| 3. Do we want things like must-gather to function properly? | ||
|
|
||
| ## Summary | ||
|
|
||
| A while back, Seth Jennings had a cool idea for trying to create a single node cluster using ignition. | ||
| The cluster would be non-configurable after "creation", non-upgradable, non-HA. | ||
| The cluster would only have etcd, kube-apiserver, kube-controller-manager, kube-scheduler. | ||
| This is a description of how we could generate supportable static pods. | ||
|
There was a problem hiding this comment. What would be the outcome? Not really understanding the 'static pod' and 'supportability' in this context. The summary and motivation lack a justification and a why ... |
||
|
|
||
| ## Motivation | ||
|
|
||
| Documenting a thought experiment about single node clusters. | ||
|
Contributor
There was a problem hiding this comment. Single node kubernetes clusters. Not OpenShift clusters. There was a problem hiding this comment. Right, I'd be curious to know why we care about having a k8s cluster which is somewhat similar to OpenShift cluster but that much. Is the goal to provide a k8s cluster which control plane is managed similarly how the OpenShift control plane or something else that I'm missing here.
Member
There was a problem hiding this comment. Will there be a way to start core operators of OpenShift? |
||
|
|
||
| ### Goals | ||
|
|
||
| 1. Create a supportable static pod. | ||
| Ideally, this looks very similar to our existing static pods. | ||
| 2. Some amount of configuration is important, how flexible can we be? | ||
|
|
||
| ### Non-Goals | ||
|
|
||
| 1. Try to run a kube control plane operator. | ||
| This is unopinionated about what goes on top, but the kube control plane will not be reconfigured after the fact. | ||
|
|
||
| ## Proposal | ||
|
|
||
| We can create a new kind of render command which takes existing inputs *and* config.openshift.io resources. | ||
| Similar to how we built the original disaster recovery for certificates, we can factor the command to run the various | ||
| control loops "in order". | ||
| We can initialize our control loops using fake clients and wire listeners to synthetically update indexers backing fake | ||
| listers. | ||
| This is like we do for unit tests, only wired into the update reactors for the client. | ||
| If we separate the reactive bits of the control loops, the informer watch triggers adn the like, from the data input bits | ||
|
|
||
| (I think this is possible), we can have very high fidelity. | ||
| In the kube-apiserver, the ordering would like this for instance: | ||
|
|
||
| 1. cert-rotation - we need to create certs | ||
| 2. encryption - this would need a special mode to say: just encrypt it right away | ||
| 3. bound tokens - this creates some secrets for us | ||
| 4. static-resources - this creates targets, SAs, and stuff | ||
| 5. config observation - we need to set the operator observed config to be able to generate the final config. | ||
| 6. target config - writes the kube-apiserver configmap | ||
| 7. resource sync - copies bits from A to B | ||
| 8. loop through config observation, target config, resource sync one more time (yeah, cycles) | ||
| 9. revision controller | ||
|
|
||
| Now we do a couple neat things: | ||
| 1. Export all content from the fake clients to produce resource manifests that will be created bootkube style against | ||
| the kube-apiserver. | ||
| Someone will have grown a dependency and we know for sure that the next operator will require input from the previous one. | ||
| 2. Wire up the fake clients to our installer command. | ||
| In theory, this command will create an exact copy of the "normal" kube-apiserver static pod that we create. | ||
|
|
||
| This gives leaves supporting only one shape of static pods, which makes support of these static pods much easier. | ||
|
Comment on lines
+56
to
+82
Contributor
There was a problem hiding this comment. Is this in theory supportable so during a 4.y release cycle we could define static versions that people can templatize (minimally) with things like on disk certs? I.e. would this "shape" to be roughly supportable with limited flexibility to change, without having to change the existing operator dramatically?
Contributor
Author
There was a problem hiding this comment. I think our first attempt would be to get people to run this installer with an input that looks exactly like what they would use in a "real" cluster. So we would accept a manifest containing their serving cert and a manifest containing their apiserver.config.openshift.io that says how to use it. This would allow us...
If we start trying to allow injection of disk certs, our on-disk static pods become an API we need to support. |
||
|
|
||
|
|
||
| ### Restrictions | ||
| Some things become impractical once we cannot reconfigure the kube-apiserver, they include... | ||
| 1. short lifespan of kcm and ksch client certificates - we can no longer rotate these | ||
|
Contributor
There was a problem hiding this comment. some would be rotated after expiry as the recovery cert rotation is embeded |
||
| 2. imageregistry causes kube-apiserver reconfiguration - we don't have an operator to manage this | ||
| 3. authentication reconfiguration - it may be possible to support *some* level of authentication, but without the ability | ||
| to react, options are pretty limited. | ||
|
|
||
|
|
||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@mrguitar @imcleod do you have any?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The ILT is working on collecting use cases for single node clusters. Progress has been slow on my side with other commitments but we'll have this put together soon. In the absence of this, people keep wanting to take a single physical server and create a 3 node cluster w/ three VMs on the single node. The overhead of that is insane IMO. Regardless, single node clusters are on the roadmap so please spend the cycles on this.