You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/proposal/controller-and-user-tags.md
+13-5Lines changed: 13 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -19,12 +19,20 @@ Though its working as expected and fulfills the purpose, we see some drawbacks.
19
19
20
20
## Proposal
21
21
This proposal presents adding two kinds of tags to the resources created by controller
22
-
1. Controller tag
22
+
1. Controller tags
23
23
2. User tags
24
24
25
25
26
-
### Controller tag
27
-
A tag of format`sigs.k8s.io/cluster-api-provider-ibmcloud/cluster/<cluster-name>: owned` will be added by the controller to newly created cloud resources marking the resource as created by controller. During deletion phase the system will look for the presence of the tag inorder to proceed with deletion or to keep as it is.
26
+
### Controller tags
27
+
Tags of format`powervs.cluster.x-k8s.io/owner: <cluster-name>` and `powervs.cluster.x-k8s.io/cluster-uuid: UUID` will be added by the controller to newly created cloud resources marking the resource as created by controller. During deletion phase the system will look for the presence of both the
28
+
tags and match inorder to proceed with deletion or to keep as it is. UUID in tag `powervs.cluster.x-k8s.io/cluster-uuid: UUID` is cluster object ID
29
+
We will be adding two tags. Below are the cluster creation scenarios.
30
+
#### Creating a new cluster with infrastructure creation
31
+
- When resources will be created for new cluster in the cloud both the tags will be attached.
32
+
#### Creating a new cluster with existing cluster
33
+
- When cluster is created using existing resources, no tags will be attached.
34
+
#### Creating a new cluster with infra creation and resources already exist with same clusterName.
35
+
- So when new cluster creation is triggered with creating infrastructure. Since the resources are already present with same name in the cloud. It will lead to security issues Since there is a possibilty the existing resources in the cloud belong to different user. So to handle this case this tag `powervs.cluster.x-k8s.io/cluster-uuid: UUID` is added. Before creating the resource in the cloud, first will check this tag is matching `powervs.cluster.x-k8s.io/owner: <cluster-name>` since clusterName is same but this tag `powervs.cluster.x-k8s.io/cluster-uuid: UUID` won't match. So will error out to user that resources with similar name already exist, he has to provide different name.
28
36
29
37
30
38
#### Following resources will be getting tagged
@@ -71,13 +79,13 @@ type Tag struct {
71
79
72
80
73
81
### Cluster creation workflow
74
-
1. The controller will attach the `sigs.k8s.io/cluster-api-provider-ibmcloud/cluster/<cluster-name>: owned` tag to the created resources.
82
+
1. The controller will attach the `powervs.cluster.x-k8s.io/owner: <cluster-name>` and `powervs.cluster.x-k8s.io/cluster-uuid: UUID` tag to the created resources.
75
83
2. If user tags are set in the spec, they will be attached to the resources.
The controller will only delete the resources which are having this tag `sigs.k8s.io/cluster-api-provider-ibmcloud/cluster/<cluster-name>: owned` attched to it.
88
+
The controller will only delete the resources which are having tags `powervs.cluster.x-k8s.io/owner: <cluster-name>` and `powervs.cluster.x-k8s.io/cluster-uuid: UUID` attached to it.
0 commit comments