Meridio icon indicating copy to clipboard operation
Meridio copied to clipboard

Published 20 hours ago verified publisher icon Nordix

Allow child resources to be deployed before trench

Open LionelJouin opened this issue 1 year ago • 1 comments

Is your feature request related to a problem? Please describe.

Currently, deploying an attractor, gateway, conduit, stream, flow and vip requires the user to specify an existing trench. If the trench is not existing, then the webhook will prevent the resource to be applied and will return an error message. Also, as of now, if a trench is removed, then the child custom resources will also be removed.

There is currently no official feature to specify the order the custom resources will be deployed with Helm, this means if a conduit is deployed before a trench via Helm Chart, then the deployment will fail. It would then be easier for the users to remove the restriction for the trench to exist before the other CRs. With helm it could also be a problem if the trench is part of another helm chart, the helm chart with the trench will have to be installed before the other ones.

For solution with only helm chart and no new implementation, refer to alternative 3.

Describe the solution you'd like

Describe alternatives you've considered

1. Update of the child resources on the fly

a. For now, the only property of the trench CR is the ip-family. This will be applied to the resources deployed with the child CR. For instance, if a trench is deployed with IPv4, then the internal IPs assigned to stateless-lb-frontend, proxy and target will only be IPv4. If the user remove and re-add the trench, then the IPs must be updated:

  • Because the IPAM has been reset (IPAM is deployed with the trench)
  • Because user might have changed the IP family in the trench

b. The webhook must work in both direction, when deploying a flow, attractor, gateway, we might want to verify none is using a not supported IP family, and the same when applying a trench, we should verify none of the child is using non supported IP Family.

2. Not deploying resources if no trench

This solution solve 1.a. but not 2.b. If the trench does not exist, then the resources of the child are not deployed. If a trench is removed, then the resources deployed with the child are removed.

3. Helm Chart support ordering of custom resources

https://github.com/helm/helm/issues/8439 https://github.com/helm/helm/pull/8448 https://helm.sh/docs/topics/charts_hooks/#the-available-hooks

For now, there is 2 possible solution with helm: i. pre-install hook: https://helm.sh/docs/topics/charts_hooks/#the-available-hooks

---
apiVersion: meridio.nordix.org/v1
kind: Trench
metadata:
  name: trench-a
  namespace: red
  annotations:
    "helm.sh/hook": pre-install
spec:
  ip-family: dualstack

ii. List: https://kubernetes.io/docs/reference/using-api/api-concepts/#collections

apiVersion: v1
kind: List
items:
- apiVersion: meridio.nordix.org/v1
  kind: Trench
  ...

Here are examples showing the problem, and the 2 possible solutions: Examples.zip

Additional context /

LionelJouin avatar Feb 22 '23 14:02 LionelJouin