Implement basic cluster actuator

[chrigl]

So far, the cluster actutor is not yet implemented, except for basic types.

I would like to see a way to set up Networks, SecrityGroups and Loadbalancers for the cluster. In a first step, a single subnet for all nodes (master and worker) would IMHO be enough. Created Machines should use the created infrastructure.

Todo:

• Create Network with subnet with a configured CIDR
• Create a router connected to a configured external network, as well as the just created subnet
• Create SecurityGroups for master and nodes
• Create a loadbalancer with floating IP

LB Floating IP and NetworkID must go to cluster status. SecurityGroups also somehow, but I am currently not sure yet how. Edit: Floating IP not needed because there is an APIEndpoint on ClusterStatus.

The loadbalancer should be used as the entry point for the apiserver, so we are able to create HA control planes.

If we are done with this, we can update the machine actuator to use the infrastructure.

See also: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/master/pkg/cloud/aws/actuators/cluster/actuator.go

[chrigl]

I will start working on it this week if there are no concerns.

[gdoctor]

@chrigl I am currently working on the security group aspect, very similar to the aws implementation if you want to keep that our of your scope for now. You could just let me know what you had in mind for security groups within the cluster actuator, because right now most of that logic exists in the machine actuator. Up to you

[chrigl]

@gdoctor I definitely appreciate help on this. I think, all building blocks necessary for a cluster should go into the cluster actuator, because they are not tight to a specific machine. I count SecurityGroups also as building block, because it is created once (at cluster level) and then used individually in the machines.

I am starting with getting the types in apis/openstackproviderconfig/v1alpha1 to support a cluster config and status, and get this landed in master. I want to have as many small-ish PRs as possible. You could build on top of this, then... Does this sound legit?

[gdoctor]

@chrigl sorry this got lost for me during the holidays here in the US. So is your idea that the cluster actuator actually creates the Security Groups within OpenStack? And then the machine actuator would manage which security groups exist, are added, or are removed on a per machine/machineset basis? I see this working well

[chrigl]

@gdoctor No problem. Hoping you had a great vacation :)

Yes this is the basic idea. I already have custom cluster actuator running, which creates network, subnet and external router. If successful, it writes it back to the ProviderStatus:
Example:

apiVersion: cluster.k8s.io/v1alpha1
kind: Cluster
[...]
status:
  apiEndpoints:
  - host: 185.116.245.190
    port: 443
  providerStatus:
    metadata:
      creationTimestamp: null
    network:
      id: acbeb99e-eee0-4ddd-9544-ab88406eff2b
      name: k8s-cluster-test1
      subnets:
      - cidr: 10.1.0.0/24
        id: 6bdad12c-6aa4-46b9-9671-fededafeece5
        name: k8s-cluster-test1

So the machine actuator can pick up the network, and there is no need to configure the network per node. The same I would do for SecurityGroups... so there will be a field securityGroups at the same level as subnets.
Maybe we create a map here. For securityGroups["master"] and securityGroups["node"]... at least the AWS provider does it this way. We also maybe provide a way to configure additional SecurityGroups by node (which the AWS provider does as well).

I'm currently waiting for #109 to continue here.

[chrigl]

/assign @chrigl