Conversation
auhlig
requested review from
IvoGoman,
artherd42,
databus23,
drochow,
kengou,
richardtief,
timojohlo and
viennaa
| ## Decision Drivers | ||
|
|
||
| * **Network Compatibility** | ||
| It assumes that the network zone of the central Greenhouse cluster is suitable for all organizations and cloud providers. |
There was a problem hiding this comment.
Explicit mention: This would enable use cases residing in different hyperscalers.
|
|
||
| * No user-configurable plugins should be allowed in the Greenhouse central cluster. | ||
| * Maintain restrictive permissions within the central cluster limited to Greenhouse resources. | ||
| * Introduce `AdminPlugins` to utilize the plugin concept for handling core responsibilities. |
There was a problem hiding this comment.
Adding context from Slack DMs: AdminPlugins in this case could be Plugins such as IdP Integration, Cluster Registry, Greenhouse Teams to Slack syncing, ... . These would all be Plugins which are close the backend (e.g. use Greenhouse CRDs) but are developed separately from the Core Operators.
There was a problem hiding this comment.
TODO: Sharpen definition AdminPlugins.
kubeconfig generator, CAM integration - things not directly configurable by the user
TODO:
|
| Thus workload in the central cluster is charged on the provider. | ||
|
|
||
| Moreover, workload within the central cluster is neither transparent nor accessible to the customer. | ||
| It cannot be configured, its metrics, logs, etc. are not exposed and access (kubectl exec/delete pod) is restricted. |
There was a problem hiding this comment.
| It cannot be configured, its metrics, logs, etc. are not exposed and access (kubectl exec/delete pod) is restricted. | |
| It cannot be configured, and its metrics and logs are not exposed. Access to operations like 'kubectl exec' or 'kubectl delete pods' is restricted in the central cluster. |
|
This PR is stale because it has been open for 45 days with no activity. |
|
This PR is stale because it has been open for 45 days with no activity. |
|
This PR is stale because it has been open for 45 days with no activity. |
|
This PR was closed because it has been inactive for 14 days since being marked as stale. |
|
This PR is stale because it has been open for 45 days with no activity. |
|
This PR was closed because it has been inactive for 14 days since being marked as stale. |
5 participants
This PR introduces an ADR for the central clusters.
TLDR: I'd like to disallow plugins in the central cluster and move them to a customer-owned cluster to address the various disadvantages and risks the current situation imposes. This should be decided and implemented asap.