search

aws-controllers-k8s / community

AWS Controllers for Kubernetes (ACK) is a project enabling you to manage AWS services from Kubernetes
https://aws-controllers-k8s.github.io/community/
Apache License 2.0
2.44k stars 258 forks source link

Read-only Resources Feature Request #2008

Open eadasiak opened 10 months ago

eadasiak commented 10 months ago

Is your feature request related to a problem? Let's say I have a resource that was either:

Describe the solution you'd like I'd like the ability to create a read-only instance of the resource through the adoption procedure. What I'm looking for is similar to the Observe-Only Resource in Crossplane: https://github.com/crossplane/crossplane/issues/1722

A similar feature is available in the Azure Service Operator with the serviceoperator.azure.com/reconcile-policy annotation: https://azure.github.io/azure-service-operator/guide/annotations/#serviceoperatorazurecomreconcile-policy. Setting the reconcile-policy to skip effectively makes it read-only.

Either there could be a way to adopt a resource with a label/annotation that designates it as read-only and prevents the controller from making changes to it, or perhaps a new resource type altogether.

Describe alternatives you've considered I haven't been able to identify any alternatives thus far.

gecube commented 10 months ago

something probably related

1965

1896

1862

gecube commented 10 months ago

and finally - #1381

a-hilaly commented 10 months ago

Also related: https://github.com/aws-controllers-k8s/community/issues/1585

reegnz commented 9 months ago

+1 I think this is a must-have feature. I'm looking into ways of replacing terraform with ACK, but without something equivalent to a data source, I can't do even the slightly complex stuff. eg. VPC is created in a central account, shared with AWS RAM to other accounts, so only a single cluster can own the VPC creation of it. Ideally discovery of the resource should be possible with things like aws tags, not just the vpc id because then I need to hardcode a vpc id that might not be the same for all clusters, vs. a uniform tag across all clusters, no hardcoding of vpc id is required.

ack-bot commented 3 months ago

Issues go stale after 180d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 60d of inactivity and eventually close. If this issue is safe to close now please do so with /close. Provide feedback via https://github.com/aws-controllers-k8s/community. /lifecycle stale

gecube commented 3 months ago

/remove-lifecycle stale