Put TenantControlPlane in Read-Only mode #407
prometherion
started this conversation in
Feature Requests
Replies: 1 comment
-
|
@prometherion it makes sense |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
At the current state (v0.4.1) the R/O mode is put in place only upon a specific circumstance such as the migration of the TCP to a different Datastore.
There could be use cases where the TCP should be put in R/O mode for several reasons and domain logic which are not scoped to Kamaji itself.
To avoid bumping up the
TenantControlPlaneAPI type we could introduce a knob as a new specification field, such asspec.readOnlyModewith afalsedefault. All the write actions on all the objects must be blocked, except for theLeaseones which would cause, otherwise, a cascading failure of operators, and the kubelet nodes. Furthermore, all the write actions performed by ServiceAccount in thekube-systemshould be allowed, although the R/O mode, to keep pods up and running despite the failures.Beta Was this translation helpful? Give feedback.
All reactions