Comments (6)
chrigl
commented on September 24, 2024
I will start working on it this week if there are no concerns.
from cluster-api-provider-openstack.
gdoctor
commented on September 24, 2024
@chrigl I am currently working on the security group aspect, very similar to the aws implementation if you want to keep that our of your scope for now. You could just let me know what you had in mind for security groups within the cluster actuator, because right now most of that logic exists in the machine actuator. Up to you
from cluster-api-provider-openstack.
chrigl
commented on September 24, 2024
@gdoctor I definitely appreciate help on this. I think, all building blocks necessary for a cluster should go into the cluster actuator, because they are not tight to a specific machine. I count SecurityGroups also as building block, because it is created once (at cluster level) and then used individually in the machines.
I am starting with getting the types in apis/openstackproviderconfig/v1alpha1 to support a cluster config and status, and get this landed in master. I want to have as many small-ish PRs as possible. You could build on top of this, then... Does this sound legit?
from cluster-api-provider-openstack.
gdoctor
commented on September 24, 2024
@chrigl sorry this got lost for me during the holidays here in the US. So is your idea that the cluster actuator actually creates the Security Groups within OpenStack? And then the machine actuator would manage which security groups exist, are added, or are removed on a per machine/machineset basis? I see this working well
from cluster-api-provider-openstack.
chrigl
commented on September 24, 2024
@gdoctor No problem. Hoping you had a great vacation :)
Yes this is the basic idea. I already have custom cluster actuator running, which creates network, subnet and external router. If successful, it writes it back to the ProviderStatus:
Example:
apiVersion: cluster.k8s.io/v1alpha1
kind: Cluster
[...]
status:
apiEndpoints:
- host: 185.116.245.190
port: 443
providerStatus:
metadata:
creationTimestamp: null
network:
id: acbeb99e-eee0-4ddd-9544-ab88406eff2b
name: k8s-cluster-test1
subnets:
- cidr: 10.1.0.0/24
id: 6bdad12c-6aa4-46b9-9671-fededafeece5
name: k8s-cluster-test1
So the machine actuator can pick up the network, and there is no need to configure the network per node. The same I would do for SecurityGroups... so there will be a field securityGroups at the same level as subnets.
Maybe we create a map here. For securityGroups["master"] and securityGroups["node"]... at least the AWS provider does it this way. We also maybe provide a way to configure additional SecurityGroups by node (which the AWS provider does as well).
I'm currently waiting for #109 to continue here.
from cluster-api-provider-openstack.
chrigl
commented on September 24, 2024
/assign @chrigl
from cluster-api-provider-openstack.
Related Issues (20)
- Control plane node is up, but worker node is stuck in pending state in openstack. HOT 10
- Nodeports open from 0.0.0.0/0 by default, causing unexpected behaviour together with Floating IPs HOT 5
- User provided router is not reconciled HOT 6
- Cannot create cluster by Application Credentials without role admin HOT 7
- Upgrade issues HOT 1
- Down-converting v1beta1 to v1alpha6 doesn't set identityRef.kind
- OpenStackIdentityReference in v1beta is missing minimum length validations on its fields
- Optional floating IPs in cluster machines HOT 1
- Ginkgo version mismatch in E2E tests
- CAPI v1.8.0-beta.0 has been released and is ready for testing
- Cluster Erroneously Stuck in Failed State HOT 3
- Loadbalancer not created in its specified subnet HOT 1
- race: deadlock between OpenStackCluster and OpenStackServer
- Keep Floating IP when deleting bastion host HOT 1
- Impossible to disable portSecurity on a port in OpenStackMachine
- March 18, 2025, Google's Container Registry will be shut down
- `additionalBlockDevices` should consider the flavor's `OS-FLV-EXT-DATA:ephemeral` property HOT 2
- Cloud init/user data support v1beta1?
- Cloud init support v1beta1? HOT 6
- Port trusted VIF moved to a Neutron extension
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cluster-api-provider-openstack.