community icon indicating copy to clipboard operation
community copied to clipboard

Published 20 hours ago verified publisher icon aws-controllers-k8s

Adopting existing AWS assets (desired state and gitops)

Open dbones opened this issue 1 year ago • 4 comments

Is your feature request related to a problem?

Background/context We use Gitops for deploying all assets

We have a Control cluster (EKS), which deploys into several Compute clusters (EKS, AKS, and K8s), it will also manage (deploy) the EKS clusters using ACK operators (across AWS accounts)

all using Fleet (GitOps)

For this we need the initial EKS Control Cluster to be running (the cluster where our central Gitops is running from)

  1. to do this we prim (initially create) the cluster using Terraform, this creates the EKS, installs Rancher/Fleet and connects Fleet with the base GitRepo

  2. this GitOps then installs all the operators into the Control, and takes then "Adopts" control of the Control EKS cluster (the cluster which we created via Terraform, allowing us to do desired state with GitOps from now on)

Problem this does not work, as the Resource already exists, and the AdoptedResource does not seem to be GitOps compliant in how it works (from my understanding).

the adopted resource, requires us to describe the AWS resource to adopt and it creates the actual K8s/ACK Resource, which is outside the desired state described in the Git Repo.

Describe the solution you'd like with the EKS, RDS, S3, Security Groups, ALB, NLB etc

Can we consider this to be desired state, it should just take control and confirm the resource is there and if anything is misaligned (we should not have to "adopt it")

I think this should work in a consistent way for all scenarios, new, existing, disaster-recovery (where the estate may have some-created/some-not-created), the goal is that we end up with what is described in the Git Repo's.

I believe this would be the most robust method, when working this way.

Describe alternatives you've considered Can we add an annotation? not preferred

i.e. services.k8s.aws/adopt: true - setting this to false would throw an exception if it already exists (can this be true by default)

applied like so

apiVersion: eks.services.k8s.aws/v1alpha1
kind: Cluster
metadata:
  annotations:
    services.k8s.aws/deletion-policy: retain
    services.k8s.aws/adopt: true
  name: control
  namespace: control-local
spec:
  name: control
  version: "1.25"
  # and the rest of the file

dbones avatar May 25 '23 11:05 dbones