Dissociating Machines from Kubernetes #721
Comments
|
Managing legacy applications is one motivation, but here is a different one: Today, a machine actuator provisions both the machine (e.g. by calling the EC2 API) and the software (e.g. by invoking One way to provide this common piece is by splitting the machine actuator into two actuators, one for machine provisioning, another for software provisioning. A Machine object without Kubernetes-related fields could be a good match for the first actuator, and an object like This works for environments where software provisioning follows machine provisioning. In other environments, machine and software provisioning happen together (e.g. the latter is done as a cloud-init script injected during machine provisioning). That's where the "cloud-init script" field can be used. |
|
I agree with @maisem , we generally prefer to separate definition of a machine from the kubelet software version. making the machine<->node linkage optional is a preferred outcome for us. |
|
Adding @enxebre for his input as well. |
timothysc
added
the
priority/important-longterm
|
Historically the Cluster API has avoided making any assumptions about the infrastructure and software provisioning except I think we have always assumed we are provisioning Kubernetes clusters and not arbitrary resources. Looking at the Instead of creating a common controller for the @detiber, @dlipovetsky: ^^ |
|
I can see making attempts to separate k8s bootstrapping from machine provisioning as a way to leverage commonalities similar to @dlipovetsky mentions. That said, I definitely worry about extending the scope of the Machine Actuator to support managing machines that are not part of a k8s cluster. @derekwaynecarr If you remove the ability to link machines to nodes, then don't you also lose the ability to leverage higher level abstractions like the cluster autoscaler? |
|
Generally a huge +1 to decoupling, but before designing it, I'll note that there are at least 3 components that could be split out: {physical,virtual} machine management, base OS management, shared inside-the-OS software, and app-specific software. So before we go much further, I'd suggest we come up with some specific user-focused cases that we decide should be supported (or explicitly not supported). What is the problem we're solving for users? (1) When we say arbitrary machines, what do we mean by that? I'd love a world where one could use k8s Machine APIs to manage e.g. a virtual or physical machine that runs an arbitrary OS (linux, windows, *bsd, plan 9, whatever). Another version of arbitrary is "any arbitrary OS as long as it's a linux that uses cloud-init". Which is it? (2) If I want to run MS SQL Server on Windows, can I do that? (3) If my company has a separate machine management team, a separate company-wide Linux OS team, and I'm an App Dev on a third team, do the various Cluster and Machine APIs cleanly decompose into objects (or at least responsibilities) that map to their responsibilities? |
|
@davidewatson I do like the idea of making the software provisioning/k8s bootstrapping more re-usable, but I also don't want to fully preclude the ability to do the provisioning/bootstrapping through cloud-init or other methods that wouldn't require connecting to the hosts via a remote session (or 100% full decoupling) |
|
This issue sounds a little out of scope for the cluster-api project, at least from my point of view. Decoupling Machines from a Kubernetes Machine effectively means that cluster-api should now support a variety of use cases which have different requirements, therefore increasing the scope exponentially. On the other hand, I do like the idea of having a pluggable interface for software provisioning, but I think that should be captured in a different issue. |
@alex-mohr this sounds good in theory, but how do you separate machine management from base OS management? After provisioning a machine (at least in the majority of cloud environments) you have a base OS.
I think you can have some items that are split amongst different teams (such as re-using networking, security groups, etc), but I think the idea of extending that separation of concerns down into the actual spinning up and bootstrapping of hosts into a k8s cluster is taking it a bit too far. |
|
I think separating the machine provisioning from the software provisioning implies there's a standard way for the software provisioning controller to connect to the machine. As @detiber said that might not be necessary or even possible in all cases. |
|
Related to #683 |
|
While I think the idea @maisem proposes is worth discussing, I agree with @vincepri that it implies significant "feature creep" and thus can be seen as out of scope. I'm glad we are reflecting on the fact that machine and software provisioning are currently coupled. I recognize that coupling the two (e.g. cloud-init) can be desirable or necessary. But decoupling is sometimes necessary, e.g. in an environment without an infrastructure API, where software must be provisioned after the machine is. Decoupling can also be desirable, if it makes it easy to re-use the software provisioning piece. I agree with @detiber that we should consider both use cases, and not push one at the expense of the other. I agree with @dwat that webhooks may in fact work to decouple the two while keeping the existing machine actuator. But the project is still young, I think it's worth considering alternative actuator designs, too. |
@pablochacin I think that keeping the two together also implies a standard; the de facto one is cloud-init. But your comment implies that, if we want to make "software provisioning" something common for providers to easily consume, we'll need to support both the coupled/decoupled use case. For example, we could maintain standard cloud-init scripts, and a standard library for bootstrapping with ssh. |
|
We should discuss at the next meeting and see what we, as a group, want to do regarding this issue. In the meantime, I'd open a new issue to offer software provisioning tools / methodologies which would be responsible for installing Kubernetes binaries, etc. |
|
Instead of discussing this at the next meeting, maybe we should use the time to more formalize a proposal period for after v1alpha1 where major changes like this can be discussed? |
|
After hearing from others, I withdraw my undeleted comment. There are valid use cases for creating non-k8s VMs. |
Not really @dlipovetsky. Provisioning together means that we have an standard way to communicate with the provisioner and ask for a new instance to join the cluster, but not necessarily with the machine itself. We don't need, for instance, to manage any kind of credentials for accessing the machines, do we? Maybe I'm misunderstanding something in the meaning of this paragraph:
That said, the idea of having a |
|
Maybe this work in the gardener project is relevant for this discussion:
This is the implementation of this concept for CoreOS machines: |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
the
lifecycle/stale
|
Stale issues rot after 30d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-testing, kubernetes/test-infra and/or fejta. |
k8s-ci-robot
added
lifecycle/rotten
timothysc
added
lifecycle/frozen
|
/milestone Next |
|
We can close out this issue, we've discussed it at length during Q1/Q2 and stated that this is a non-goal for this project as outlined in https://github.com/kubernetes-sigs/cluster-api/blob/master/docs/scope-and-objectives.md#non-goals. /close |
|
@vincepri: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
…-updates HAProxy load balancer OVA updates
Today, when we talk about machines we implicitly mean that they represent Kubernetes Nodes. As such we have fields in the
MachineSpeclike theMachineVersionInfo.I don't think this is the right abstraction i.e. there is no reason for a Machine to equate to a Kubernetes Node. Dissociating this would make the Machines API standalone and more robust especially in light of #490.
The dissociation will also help in the independent adoption of Machines API as it can then be used for managing non-containerized workloads (e.g. legacy applications).
One way of doing this would be to add a reference to the cloud-init script in the MachineSpec. We introduce a new type called
KubernetesMachinewhich would contain the equivalent of MachineVersionInfo and would internally create theMachineDeplyomentresource with the corresponding cloud-init scripts for the desired Kubernetes version.cc @roberthbailey @dlipovetsky @justinsb
The text was updated successfully, but these errors were encountered: