Create Position around Management Cluster #8210
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| # Hub Cluster - SIG Multicluster Position Statement | ||
|
|
||
| Author: Corentin Debains (**[@corentone](https://github.com/corentone)**), Google | ||
| Last Edit: 2025/01/25 | ||
| Status: DRAFT | ||
|
|
||
| ## Goal | ||
| To establish a standard definition for a central cluster that is leveraged by multicluster | ||
| controllers to manage multicluster applications or features across an inventory of clusters. | ||
|
|
||
| ## Context | ||
| Multicluster controllers have always needed a place to run. This may happen in external | ||
| proprietary control-planes but for more generic platforms, it has been natural for the | ||
| Kubernetes community to leverage a Kubernetes Cluster and the existing api-machinery | ||
| available. There has been a variety of examples of which we can quote ArgoCD, MultiKueue | ||
| or any of the Federation effort (Karmada, KubeAdmiral), all of them not-naming the "location" | ||
| where they run or not aligning on the name (Admin cluster, Management Cluster, Command Cluster, Manager Cluster...). | ||
| The [ClusterInventory](https://github.com/kubernetes/enhancements/blob/master/keps/sig-multicluster/4322-cluster-inventory/README.md) | ||
| (ClusterProfile CRDs) is also the starting point for a lot of multicluster controllers and, | ||
| being a CRD, it requires an api-machinery to host it. The functionality of this cluster is also | ||
| defined in separation to what a "workload" cluster does, which is to run the business applications, | ||
| when hub runs infrastructure components. | ||
|
|
||
| ## Definition | ||
|
|
||
| A (multicluster) hub cluster is a Kubernetes cluster that acts as a | ||
| control-plane for other Kubernetes clusters (named Workload Clusters to differentiate | ||
|
There was a problem hiding this comment. Could we maybe say something like "workload execution cluster", to differentiate it from central cluster(s) that hold the central description of the desired workload and centrally reported state of the workload? |
||
| them). It MUST have the ClusterProfiles written on it MAY have access to the api, metrics or | ||
|
There was a problem hiding this comment. Is this definition intended to cover what Open Cluster Management does? OCM has its own representation of a workload (execution) cluster, called |
||
| workloads of the workload clusters and MAY have administrative privileges over them. It | ||
| SHOULD not be part of workload clusters or running as mixed mode (workload and hub) to provide a better | ||
| security isolation, especially when it has any administrative privileges over them. | ||
| There MAY be multiple hub clusters overseeing the same set of Workload Clusters | ||
| and it is left to the administrator to guarantee that they don't compete in their | ||
| management tasks. There SHOULD be a single [clusterset](https://multicluster.sigs.k8s.io/api-types/cluster-set/) | ||
| managed by a hub cluster. Hub clusters can be used for multicluster controllers relative to platform-running features, | ||
| for example: managing the clusters, or application-running features, for example: scheduling business | ||
| applications dynamically. | ||
|
|
||
| ### Rationale on some specific points of the definition | ||
|
|
||
| * Multiple hub clusters: While it often makes sense to have a single "Brain" overseeing | ||
| a Fleet of Clusters, there is a need for flexibility over the number of hub clusters. To | ||
| allow redundancy to improve reliability, to allow sharding of responsibility (for regionalized | ||
| controllers), to allow for separation of functionality (security-enforcer hub cluster vs | ||
| config-delivery hub cluster), to allow for migrations (from old hub cluster to new | ||
| hub cluster) and likely more. | ||
| * Hub cluster also being part of the workload-running Fleet: We do recommend that the | ||
| hub cluster(s) be isolated from the running Workload Fleet for security and hub | ||
| concerns. But there may be specific cases or applications that require to mix the two. For example, | ||
| controllers that take a "leader-election" approach and want a smaller footprint. | ||
| * Application-running features vs platform-running features: Hub clusters can run controllers | ||
| that are catering to a "Platform" type of user, effectively using a central cluster to manage other clusters and | ||
| other infrastructure. For example, centrally monitoring health of clusters of a clusterset. It can also run | ||
| controllers that are helping run business applications globally. For example, having a definition of a multicluster | ||
| application and scheduling replicas of the application to the different clusters of the clusterset. | ||
| This means that access control to the hub cluster and permissions given to controllers on the hub | ||
| clusters must be carefully designed. | ||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Shouldn't Open Cluster Management be included in this list?