search

kubernetes-sigs / cluster-api

Home for Cluster API, a subproject of sig-cluster-lifecycle
https://cluster-api.sigs.k8s.io
Apache License 2.0
3.57k stars 1.31k forks source link

Add conditions to the KubeadmConfig object #3110

Closed fabriziopandini closed 4 years ago

fabriziopandini commented 4 years ago

User Story

As a developer/user/operator I would like to have conditions documenting the operational state of KubeadmConfig objects

Detailed Description

The KubeadmConfig object drives the process of generating a BootstrapSecret; this process waits for the cluster infrastructure to be ready first and then the KubeadmConfig for first control plane machine is processed; instead, the KubeadmConfig objects for additional control plane nodes and the KubeadmConfig for workers should wait for that the first control plane machine to be initialized before being processed. Once a BootstrapSecret secret is generated, no further actions are taken for a KubeadmConfig.

As a consequence, I'm proposing to implement a single condition for the KubeadmConfig object

// DataSecretGeneratedCondition provides an observation of the bootstrap secret generation process.
// The condition gets generated at the first reconciliation.
DataSecretGeneratedCondition clusterv1.ConditionType = "DataSecretGenerated"

State=True represents a properly generated BootstrapSecret, while State=False represents the process of waiting for the preconditions for generating the BootstrapSecret and this phase can be further detailed by the following reasons:

// WaitingForClusterInfrastructure (Severity=Info) reason documents a bootstrap secret generation process waiting for the
// cluster infrastructure to be ready.
WaitingForClusterInfrastructure = "WaitingForClusterInfrastructure"

// WaitingForControlPlaneInitialized (Severity=Info) reason documents  a bootstrap secret generation process waiting for the
// first control plane machine to be ready.
WaitingForControlPlaneInitialized = "WaitingForControlPlaneInitialized"

When the BootstrapSecret generation starts the process completes immediately and within the same reconciliation, so the user will always see a transition from Wait to Succeed without having evidence that BootstrapSecret generation is started.

TBD if to add a reason Severity=Warning or Error to surface problems during this operation.

TBD if to add additional conditions reporting if/when certificates are generated; this condition applies only to the fist control plane machine when certificates are not provided by the users

Anything else you would like to add:

As required by the condition CAEP, the KubeadmConfig objects should provide a Ready condition describing the overall state of the object. However, given that the KubeadmConfig has only a condition I see two options here: A) have a Ready condition mirroring exactly the BootstrapSecretGenerationSucceeded condition B) have only the Ready condition that acts as the BootstrapSecretGenerationSucceeded described above

I would like to have more opinions here.

/kind feature

vincepri commented 4 years ago

/milestone v0.3.x

vincepri commented 4 years ago

+1 to surface errors and exposing a generic condition when certs are generated, we should do the same in KCP later.

fabriziopandini commented 4 years ago

/assign /lifecycle active