✨ Add Upsync controller #2214
✨ Add Upsync controller #2214
Conversation
|
@bipuladh if a PR was not yet in a reviewable state (which was the case of this PR in its initlal state if I understood correctly what you told me), then you can also created it as a DRAFT PR, which makes it even clearer for other team members. |
6a4456e
to
ea4ec3d
Compare
50e77f4
to
c121343
Compare
c121343
to
9c282ec
Compare
b3fffbf
to
c873af2
Compare
1409cc7
to
1e0ceaa
Compare
| resourceVersionDownstream := downstreamResource.GetResourceVersion() | ||
| markedForDeletionDownstream := downstreamResource.GetDeletionTimestamp() != nil | ||
|
|
||
| if upstreamObject == nil && !markedForDeletionDownstream { |
There was a problem hiding this comment.
downstreamObject would match upstreamObject
Signed-off-by: David Festal <[email protected]>
Signed-off-by: David Festal <[email protected]>
Signed-off-by: David Festal <[email protected]>
8fe94d0
to
80a228b
Compare
Signed-off-by: David Festal <[email protected]>
| var namespaceGVR schema.GroupVersionResource = corev1.SchemeGroupVersion.WithResource("namespaces") | ||
|
|
||
| // NewUpSyncer returns a new controller which upsyncs, through the Usyncer virtual workspace, downstream resources | ||
| // which are part of the upsyncable resource types (fixed limited list for now), and provide |
There was a problem hiding this comment.
question: What are the upsyncable resource types?
There was a problem hiding this comment.
I think upsyncable resources are limited to pods, endpoints and persistentvolumeclaims. Both experimentation and code support my understanding:
There was a problem hiding this comment.
That's right, for now only these 3 resources are upsynced, since they correspond to the use-cases forseeable short-term.
Mid-term / long-term, we should have followup work that would allow customizing this list at the KCP level (and possibly storing it to the Synctarget status), but this still needs further design and discussion, especially to keep security in mind.
We should probably open a dedicated issue for this, to track the first thoughts we had in the regard, and further discuss the details.
There was a problem hiding this comment.
The upsync controller is agnostic which GVRs are upsynced. But we are very opinionated in the wiring into the syncer for the moment. Whether we open that up eventually in some way, we will see.
There was a problem hiding this comment.
Thanks @davidfestal @sttts
We should probably open a dedicated issue for this, to track the first thoughts we had in the regard, and further discuss the details.
I can take care of that.
There was a problem hiding this comment.
Any thoughts on how we could address Crossplane use cases ? (this is a similar use case to the one demoed by @sttts at Kubecon NA 2022 for Kube-bind). In this use case, Crossplane is installed in the physical cluster and Crossplane claims CRDs are imported in the kcp workspace. Crossplane claims typically create connection secrets, which are created in the backend cluster. But to give access to the resources created by those claims, the developer need to have access to the connection secret. Therefore, the connection secret should be up synced to the workspace where the claim lives. I created a PoC for a controller that runs downstream and for each Crossplane connection secret finds the owner (the down-synced claim) and can add the UpsSync label to the connection secret. I was hoping to use this PR to now close the loop and be able to up sync the connection secret. But it looks like with the current restriction that will not be possible unless I create my own fork for the syncer.
There was a problem hiding this comment.
I created the related issue here: https://github.com/kcp-dev/kcp/issues/2804
Let's discuss in this new issue.
There was a problem hiding this comment.
Thanks ! I will copy the Crossplane use case description there.
There was a problem hiding this comment.
Thanks for creating the issue @davidfestal you were faster than me 🙇🏻
Signed-off-by: David Festal <[email protected]>
Signed-off-by: David Festal <[email protected]>
|
/lgtm |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: sttts The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Signed-off-by: Bipul Adhikari [email protected]
Summary
Adds Upsync controller
Creates resources in the Upstream workspace for labelled resources.