community icon indicating copy to clipboard operation
community copied to clipboard

Published 20 hours ago verified publisher icon aws-controllers-k8s

Read-only Resources Feature Request

Open eadasiak opened this issue 1 year ago • 4 comments

Is your feature request related to a problem? Let's say I have a resource that was either:

  • created outside of ACK (e.g., CloudFormation, Terraform, etc)
  • created and managed with ACK from another cluster in a multi-cluster environment I'd still like the ability to reference its values or query the live status of it without ever make changes to it or introducing a split-brain management issue. A good example would be a VPC where I'd like to, say, reference subnet ID's within it.

Describe the solution you'd like I'd like the ability to create a read-only instance of the resource through the adoption procedure. What I'm looking for is similar to the Observe-Only Resource in Crossplane: https://github.com/crossplane/crossplane/issues/1722

A similar feature is available in the Azure Service Operator with the serviceoperator.azure.com/reconcile-policy annotation: https://azure.github.io/azure-service-operator/guide/annotations/#serviceoperatorazurecomreconcile-policy. Setting the reconcile-policy to skip effectively makes it read-only.

Either there could be a way to adopt a resource with a label/annotation that designates it as read-only and prevents the controller from making changes to it, or perhaps a new resource type altogether.

Describe alternatives you've considered I haven't been able to identify any alternatives thus far.

eadasiak avatar Feb 01 '24 23:02 eadasiak

something probably related

#1965 #1896 #1862

gecube avatar Feb 05 '24 16:02 gecube

and finally - #1381

gecube avatar Feb 05 '24 16:02 gecube

Also related: https://github.com/aws-controllers-k8s/community/issues/1585

a-hilaly avatar Feb 06 '24 00:02 a-hilaly

+1 I think this is a must-have feature. I'm looking into ways of replacing terraform with ACK, but without something equivalent to a data source, I can't do even the slightly complex stuff. eg. VPC is created in a central account, shared with AWS RAM to other accounts, so only a single cluster can own the VPC creation of it. Ideally discovery of the resource should be possible with things like aws tags, not just the vpc id because then I need to hardcode a vpc id that might not be the same for all clusters, vs. a uniform tag across all clusters, no hardcoding of vpc id is required.

reegnz avatar Feb 09 '24 13:02 reegnz

Issues go stale after 180d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 60d of inactivity and eventually close. If this issue is safe to close now please do so with /close. Provide feedback via https://github.com/aws-controllers-k8s/community. /lifecycle stale

ack-bot avatar Aug 07 '24 14:08 ack-bot

/remove-lifecycle stale

gecube avatar Aug 07 '24 15:08 gecube