Using AWS Controllers for Kubernetes (ACK) for AWS resource reconciliation #3306
Replies: 4 comments 5 replies
-
|
I like the idea of adopting ACK...especially the part about removing duplication of code/effort. A few questions/comments come to mind initially:
I will think some more on this. @sedefsavas - this could be very interesting, especially if we can use the controllers as packages. |
Beta Was this translation helpful? Give feedback.
-
|
Excited to see an ADR for this. We can go over this during our office hours, unfortunately it overlaps with ACK office hours. |
Beta Was this translation helpful? Give feedback.
-
|
I can go to the ACK office hours this Monday if you are happy to host the CAPA office hours? I can then join the CAPA meeting afterwards. |
Beta Was this translation helpful? Give feedback.
-
|
Another think we need to consider is we only make the AWS API fields that we support available to the user. When say through ACK if we create an ELB, all the fields will be available to be changed by the user. |
Beta Was this translation helpful? Give feedback.
-
|
It we use it as a package then we still control what we expose to the user via our API. |
Beta Was this translation helpful? Give feedback.
-
|
Yes, but since AWS services are now individual CRDs, users can go and change Kubernetes CR and we don't have any control over which fields could be modified as guessing ACK has its own webhooks. |
Beta Was this translation helpful? Give feedback.
-
|
Interesting, i had a different view in my head. @mikestef9 - it would be good to dive a bit deeper into the proposal. Would it be possible to arrange a chat to discuss? |
Beta Was this translation helpful? Give feedback.
-
|
We've put some thoughts together on ACK side about making controllers more easily importable into other projects aws-controllers-k8s/community#1299 |
Beta Was this translation helpful? Give feedback.
-
|
Great, thanks @mikestef9 . I'll take a read |
Beta Was this translation helpful? Give feedback.
-
Background
AWS Controllers for Kubernetes (ACK) enables users to define and use AWS service resources using Kubernetes native API resources.
Kubernetes Cluster API for AWS (CAPA) provides consistent deployment and day 2 operations of "self-managed" and EKS Kubernetes clusters on AWS.
ACK service controllers are a direct mapping to AWS service APIs, whereas CAPA operates at a higher level of abstraction than ACK, for example, creating a VPC if one is not specified as part of a cluster definition.
There is duplication of code and effort between ACK controllers and the lower level of CAPA that ensures AWS resources are kept in sync with desired state.
Proposal
ACK now has service controllers for most AWS APIs that CAPA requires:
We propose a refactor of CAPA to import ACK controllers as packages, replacing existing CAPA ↔ AWS reconciliation code. ACK controllers are compatible as Go modules, and CAPA Go packages should be able to take a dependency on the controller packages, and then systematically declare ACK resources. We don’t believe there is anything specific about ACK code paths that requires they need to be run as ACK controllers.
Another potential approach is to generate (using the ack-generate tool) the CAPA resource manager and SDK linkage code (which is similar to how ACK does this for Crossplane's provider-aws).
More info on ACK:
Additional Notes
Beta Was this translation helpful? Give feedback.
All reactions