-
Story
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
Product / Portfolio Work
-
False
-
-
False
-
5
-
None
-
None
-
None
This is the MachineSet half of 2640.{}
Background
We will need to validate creation requests for Cluster APIĀ MachineSets.
In particular, if a Cluster API resource is created, and there already exists a Machine API equivalent resource:
- And the MAPI resource is authoritative
- The CAPI resource may only be created as paused
- And the CAPI resource is authoritative
- The CAPI resource may only be created if the MAPI resource is marked as Paused
Determine if we can leverage ValidatingAdmissionPolicy for this use case, given we need information from a different resource. If we cannot use VAP, a webhook validation must be created for this.
https://kubernetes.io/docs/reference/access-authn-authz/validating-admission-policy/
Behaviours
- If a MAPI resource exists and .status.authoritativeAPI == MachineAPI
- Only allow creation of CAPI resource if it is paused
- If a MAPI resource exists and .status.authoritativeAPI == ClusterAPI
- Expect resource has just been created, so allow creation of CAPI resource
- MAPI resource should be paused to allow creation
Steps
- Determine if we can use VAP
- If we cannot use VAP, ensure or build out webhook for the use case.
- Implement behaviours for CAPI creation as per above description.
Stakeholders
- Cluster Infra
Definition of Done
- When creating a CAPI resource that has an equivalent MAPI resource, above rules on pausing are observed
- Docs
- <Add docs requirements for this card>
- Testing
- <Explain testing that will be added>
- clones
-
-
- In Progress
-
