Cluster-api: Support composition of bootstrapping of kubeadm, cloud-init/ignition/talos/etc... and secrets transport
User Story
As a Kubernetes distribution developer, I would like to support different bootstrappers to CloudInit as well as ensure Cluster API's secret data is delivered to the instance securely and is not readable by unauthorised persons. I however do not want to re-implement all of kubeadm bootstrap provider, or make big assumptions about what the instance initialisation system is.
Detailed Description
Provide a method by which different parts of a bootstrapping mechanism could be composed together:
- The part of the bootstrapping process that launches Kubernetes, i.e. kubeadm
- The machine's bootstrapping system, e.g. Cloud-Init, Cloud-Base, Ignition, Talos
- The infrastructure provider's mechanism to secure the bootstrap data: AWS Secrets Manager, Azure etc...
- Something on the machine that is able to download from the secure source
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
/kind feature
randomvariable
All 11 comments
Related to #3430
randomvariable
on 7 Oct 2020
/milestone v0.4.0
/kind design
vincepri
on 16 Oct 2020
@vincepri what is the approach needed to move this forward? (happy to help)
vbatts
on 2 Dec 2020
We'll probably need to meet + have a conversation on what the actual deliverable we'd expect from this initiative is
@randomvariable might have some ideas, we might want to schedule a one off meeting to discuss it a bit
vincepri
on 2 Dec 2020
like in today's community call?
vbatts
on 2 Dec 2020
Maybe, I think I'm zoom'd out today already though.
randomvariable
on 2 Dec 2020
@randomvariable that's fair
vbatts
on 2 Dec 2020
Discussed this a little in today's CAPI call
next steps here are best to be a working group, beginning with a gdoc based on KEP template. Based on goals and use-cases so we can have measurable success criteria.
Since this spans infrastructure providers, there is consideration here for composition (composable extensions).
cc @lorbuschris @detiber (who said they are interested in being involved)
vbatts
on 2 Dec 2020
Count me in, and can help with the CAEP process, just got too many proposals in flight to lead.
randomvariable
on 3 Dec 2020
I know we don't have a label for it, but just for tracking
/area node-agent
randomvariable
on 19 Jan 2021
@randomvariable: The label(s) area/node-agent cannot be applied, because the repository doesn't have them
In response to this:
I know we don't have a label for it, but just for tracking
/area node-agent
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
k8s-ci-robot
on 19 Jan 2021
Related issues
timothysc
路
6Comments
bgoareguer
路
5Comments
ncdc
路
5Comments
oneilcin
路
6Comments
dlipovetsky
路
5Comments
Most helpful comment
Discussed this a little in today's CAPI call
next steps here are best to be a working group, beginning with a gdoc based on KEP template. Based on goals and use-cases so we can have measurable success criteria.
Since this spans infrastructure providers, there is consideration here for composition (composable extensions).
cc @lorbuschris @detiber (who said they are interested in being involved)