Support running multizone global and zone CPs in the same k8s cluster

bdecoste commented 3 years ago

Summary

Id like to be able to deploy multizone global CP and remote CP to the same k8s cluster

Steps To Reproduce

Deploy global multizone CP to a k8s cluster
Deploy remote multizone CP to the same k8s cluster. This is not possible as of 1.0.6

Additional Details & Logs

Version
Error logs
Configuration
Platform and Operating System

github-actions[bot] commented 2 years ago

This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.

coreywagehoft commented 2 years ago

I would like to see Kuma support this so that we don't have to operate a completely separate Kubernetes cluster for the global control plane.

github-actions[bot] commented 2 years ago

This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.

github-actions[bot] commented 2 years ago

This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.

github-actions[bot] commented 2 years ago

This issue was inactive for 30 days it will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant please comment on it promptly or attend the next triage meeting.

lahabana commented 2 years ago

xrefs:

3247
2921
2780
738

github-actions[bot] commented 1 year ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

lahabana commented 1 year ago

This is planned but we first need to move all the policies to be namespace scoped.

github-actions[bot] commented 1 year ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

lahabana commented 1 year ago

Policies still needing to be migrated:

deployments/charts/kuma/crds/kuma.io_externalservices.yaml: (talked about removing tags for example or at least do something better here). deployments/charts/kuma/crds/kuma.io_meshes.yaml: deployments/charts/kuma/crds/kuma.io_meshgatewayconfigs.yaml: --> Required by GatewayAPI shouldn't change deployments/charts/kuma/crds/kuma.io_meshgateways.yaml: deployments/charts/kuma/crds/kuma.io_serviceinsights.yaml: deployments/charts/kuma/crds/kuma.io_virtualoutbounds.yaml: deployments/charts/kuma/crds/kuma.io_zoneinsights.yaml: deployments/charts/kuma/crds/kuma.io_zones.yaml:

All our configMaps/Secrets are namespace scoped already.
Need to figure out a way to deal with webhooks. (Does a namespace have a zone reference?) -- Only needed to run multiple zones in the same cluster.
Tests

github-actions[bot] commented 1 year ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] commented 12 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

github-actions[bot] commented 8 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

lahabana commented 7 months ago

Random thoughts we had with @jakubdyszkiewicz :

We can do so that KDS figures that the synced cluster scope resources are already in the cluster (using uid for example, or just not fetching them with an explicit flag)
We can skip reconciling policies in other namespaces annotated with kuma.io/system-namespace: true
Webhooks remains a question or maybe it just relies on system-namespace too or global has a webhook only for its system namespace.

The only reason for not having mesh cluster scope seems to be able to do this, which in the end might possible even with cluster scoped policies.

Though you'd only be able to run 1 zone per cluster. To be able to run multiple zones you'd probably need to say which zone your namespace is managed by (with an annotation for example).

github-actions[bot] commented 4 months ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

slonka commented 4 months ago

Isn't this partly solved by https://github.com/kumahq/kuma/issues/5907 ? The original issue did not say that both of them have to be backed by k8s storage.

jakubdyszkiewicz commented 4 months ago

Triage: it's about deploying global and zone cp with k8s storage

github-actions[bot] commented 1 month ago

This issue was inactive for 90 days. It will be reviewed in the next triage meeting and might be closed. If you think this issue is still relevant, please comment on it or attend the next triage meeting.

lahabana commented 6 days ago

Is this something people still ask for?

kumahq / kuma