kcp-dev / contrib-tmc

An experimental add-on readding some Kubernetes compute APIs and impement transparent multi-cluster scheduling
Apache License 2.0
5 stars 3 forks source link

feature: syncer able to create self-sufficient targets #60

Open MikeSpreitzer opened 1 year ago

MikeSpreitzer commented 1 year ago

Feature Description

Background: in edge-mc, we want each edge cluster to be able to operate independently of the center and any service providers. This is so the edge cluster can tolerate long periods of disconnection and support data sovereignty requirements.

The feature request here is to generalize the syncer so that it has the option for the containers it creates in the pcluster to not be connected to the apiserver back in the source workspace but rather be connected to the apiserver in the pcluster.

Proposed Solution

Extend the syncer's configuration with a boolean option regarding this behavior.

Alternative Solutions

Want to contribute?

Additional Context

https://github.com/kcp-dev/edge-mc/pull/148

ncdc commented 1 year ago

For clarity: the ask is for a workload (e.g. Deployment) to optionally not go through the deployment mutator to change KUBERNETES_SERVICE_HOST and other relevant settings. In other words, the deployment synced to the workload cluster needs to talk to the workload cluster, not back to kcp.

MikeSpreitzer commented 1 year ago

Yes, and it is not just about Deployment. It is about anything that leads to Pods in the workload cluster.

MikeSpreitzer commented 1 year ago

When discussed at the Jan 31 community meeting, it was agreed to pursue the following alternate approach. Let TMC and EMC each maintain their own syncer binary that behaves in the way appropriate for each, while sharing as much code as possible (which is expected to be very nearly all at first, probably diverging more as time goes on).

MikeSpreitzer commented 1 year ago

On second thought, making self-sufficient edge clusters raises deeper issues --- briefly outlined at https://github.com/kcp-dev/edge-mc/pull/148#issuecomment-1424734973

ezrasilvera commented 1 year ago

@MikeSpreitzer I'm not sure what's the bottom line here - should we proceed and implement this and deal with the necessary RBAC and permission support needed on the pCluster later? Or should we pause with this? I think we should proceed (and wanted to start working on that), what do you think ?

MikeSpreitzer commented 1 year ago

We should proceed without delay to figure out how to do the things we know we need. No one of these things needs to block the others, but they all will involve learning about the existing syncer code.

mjudeikis commented 1 year ago

/transfer-issue contrib-tmc