You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/proposal/controller-and-user-tags.md
+10-7Lines changed: 10 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -24,16 +24,19 @@ This proposal presents adding two kinds of tags to the resources created by cont
24
24
25
25
26
26
### Controller tags
27
-
Tags of format`powervs.cluster.x-k8s.io/owner: <cluster-name>` and `powervs.cluster.x-k8s.io/cluster-uuid: UUID` will be added by the controller to newly created cloud resources marking the resource as created by controller. When cluster creation is triggered with clustername "test-cluster", resources "test-cluster-serviceInstance, test-cluster-VPC, test-cluster-loadbalancer, test-cluster-TransitGateway, test-cluster-COSInstance" are created
28
-
When new cluster creation is triggered, if the resources are already present with same name in the cloud. It will lead to security issues because there is a possibilty the existing resources in the cloud belong to different user. So to handle this scenario this tag `powervs.cluster.x-k8s.io/cluster-uuid: UUID` is added. During deletion phase the system will look for the presence of both the
29
-
tags and match inorder to proceed with deletion or to keep as it is. UUID in tag `powervs.cluster.x-k8s.io/cluster-uuid: UUID` is cluster object ID
30
-
We will be adding two tags. Below are the cluster creation scenarios.
27
+
When cluster creation is triggered, resources gets created in the cloud. So to distinguish whether resources are newly created or user has given pre-existing resources,
28
+
tags of format`powervs.cluster.x-k8s.io/owner: <cluster-name>` and `powervs.cluster.x-k8s.io/cluster-uuid: UUID` will be added by the controller to newly created cloud resources marking the resource as created by controller.
29
+
During cluster creation with infrastructure creation if the resources are already present with the same name in the cloud. It will lead to security issues because there is a possibilty the existing resources in the cloud belong to different user. So to handle this scenario this tag `powervs.cluster.x-k8s.io/cluster-uuid: UUID` is added. UUID in tag `powervs.cluster.x-k8s.io/cluster-uuid: UUID` represents cluster object ID.
30
+
31
+
During deletion phase the system will look for the presence of both the tags and match inorder to proceed with deletion or to keep as it is.
32
+
33
+
Below are the cluster creation scenarios.
31
34
#### Creating a new cluster
32
-
- When resources will be created for new cluster in the cloud both the tags will be attached.
35
+
- When resources will be created for new cluster in the cloud both the tags will be attached. During deletion flow, will check for both tags `powervs.cluster.x-k8s.io/owner: <cluster-name>` and `powervs.cluster.x-k8s.io/cluster-uuid: UUID` and delete the resources.
33
36
#### Creating a new cluster with reusing pre-created resources
34
-
- When cluster is created using existing resources, no tags will be attached.
37
+
- When cluster is created using existing resources, no tags will be attached. We won't delete these resources, as these were not created by controller.
35
38
#### Creating a new cluster with reusing pre-created resources from old cluster.
36
-
- When creating the resources in the cloud, first will check this tag is matching `powervs.cluster.x-k8s.io/owner: <cluster-name>` since resources already exists with same name but this tag `powervs.cluster.x-k8s.io/cluster-uuid: UUID` won't match. So will error out to user that resources with similar name already exist, he has to provide different name to cluster.
39
+
- When cluster creation is triggered with clustername "test-cluster", resources like "test-cluster-serviceInstance, test-cluster-VPC, test-cluster-loadbalancer, test-cluster-TransitGateway, test-cluster-COSInstance" are created. When creating the resources in the cloud, first will check if this tag is matching `powervs.cluster.x-k8s.io/owner: <cluster-name>` since resources already exists with same name but second tag `powervs.cluster.x-k8s.io/cluster-uuid: UUID` won't match because UUIDs of cluster object will be different. So will error out to user that resources with similar name already exist, user has to provide different name to cluster.
0 commit comments