kubernetes-retired / cluster-api-provider-nested

Cluster API Provider for Nested Clusters
Apache License 2.0
301 stars 67 forks source link

✨ Sync node taints and labels #305

Closed m-messiah closed 2 years ago

m-messiah commented 2 years ago

What this PR does / why we need it:

Context:

The main reason for these changes is to allow VirtualCluster users to use pod.Spec.NodeSelector in their pods and choose nodes they want to be assigned. This would be extended after to auto-apply this nodeSelector for all pods in syncer if we want to have VirtualCluster fully isolated on the subset of nodes.

Technical description:

The PR adds sync of node Taints from super cluster to VirtualCluster to allow VirtualCluster pods to have tolerations. The PR also extends the list of node labels to be synced to VirtualCluster, providing a new flag --extra-node-labels=<stringslice> to allow an operator to set the list of labels that need to be accessible by VirtualCluster users and used by them as node selectors.

Tests:

The change was tested by passing --extra-node-labels=node-selectors/default,test-label to the syncer, creating VirtualCluster with a pod and checking node labels in node from inside the VirtualCluster. I also edited super-cluster node labels and it was successfully synced to the VirtualCluster.

Fei-Guo commented 2 years ago

VC starts with no nodes in the cluster. How will this PR help with the creation of the first Pod?

m-messiah commented 2 years ago

VC starts with no nodes in the cluster. How will this PR help with the creation of the first Pod?

This PR has nothing to do with pods, and yes, for the first pod you would need to know what selectors are available in the cluster. But this would be a different PR and solution to share the knowledge about nodeselectors. Right now, the first pod could request everything it wants, and the vNode reconciler will bring the node to the VirtualCluster. So this PR just allows labels and taints to be visible in vNode and does nothing with scheduling

Fei-Guo commented 2 years ago

/lgtm /approve

k8s-ci-robot commented 2 years ago

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Fei-Guo, m-messiah

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[virtualcluster/OWNERS](https://github.com/kubernetes-sigs/cluster-api-provider-nested/blob/main/virtualcluster/OWNERS)~~ [Fei-Guo] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment