Über Open CoDE Software Wiki Diskussionen GitLab

Skip to content

Prefix all resources with PREFIX and CLUSTER_NAME

Created by: garloff

As a cluster administrator, I want to be able to identify all IaaS resources that belong to a cluster, so I know what to save and what I can possibly safely delete when cleaning up.

Looking at the various resources at the OpenStack level, we do not consistently prefix everything with (per mgmthost) prefix and clustername. Here's what we find:

MgmtServer:

  • VM: $PREFIX-mgmtcluster (OK)
  • Root Volume: Unnamed (Not Good)
  • AppCred: $PREFIX-appcred (OK)
  • Port: $PREFIX-port (OK)
  • Network: $PREFIX-net (OK)
  • Subnet: $PREFIX-subnet (OK)
  • FloatingIP: Unnamed (but that can't be fixed -- we could assign a tag ... or at least pu a description)
  • SGs: $PREFIX-allow-icmp/ssh, $PREFIX-mgmt (OK)
  • Router: $PREFIX-rtr (OK)
  • Images: ubuntu-capi-image-v1.xx.x (We want this, as these should be shared for performance and cost)

Cluster

  • VMs: PREFIX-CLUSTER_NAME-md/control-plane (OK)
  • Root Volumes: PREFIX-CLUSTER_NAME-*-root (OK)
  • AppCred: PREFIX-CLUSTER_NAME-appcred (OK)
  • Ports: PREFIX-CLUSTER_NAME-md/control-plane-* (OK)
  • Networks: k8s-clusterapi-cluster-CLUSTER_NAME-CLUSTER_NAME (Not good: Lacks $PREFIX)
  • Subnets: dito (Not good)
  • SGs: PREFIX-CLUSTER_NAME-cilium (OK), k8s-cluster-CLUSTER_NAME-CLUSTER_NAME-secgroup-worker/controlplane (Not good: Lacks $PREFIX)
  • Router: k8s-clusterapi-cluster-CLUSTER_NAME-CLUSTER_NAME (Not good: Lacks $PREFIX)
  • Floating IP (kubeapi): Unnamed (we can't fix that. The description has the $CLUSTER_NAME, but not the $PREFIX, cloud also use a tag)
  • Loadbalancers (kubeapi): k8s-clusterapi-cluster-CLUSTER_NAME-CLUSTER_NAME-kubeapi (not good: Lacks $PREFIX)

Ingress

  • Floating IP (ingress): Unnamed (can't be fixed. The description has the $CLUSTER_NAME inside, but not the $PREFIX. Could also use a tag)
  • Loadbalancer (ingress): kube_service_$CLUSTER_NAME_ingress* (Not good: Lacks $PREFIX)
  • SGs (ingress): lb-sg-UUID-ingress* (Not good: Lacks $PREFIX and $CLUSTER_NAME, though the latter finds itself in the description)

Persistent Volumes

  • Volumes (PVs from CSI): pvc-UUID (Not good: Lacks $PREFIX and $CLUSTER_NAME -- and $VOLUME_NAME)

I may have overlooked some resource.

So, we should look at

  • mgmtcluster root volume (terraform)
  • FIP description/tag to mgmtcluster
  • Networks and Subnets pre cluster (lack $PREFIX)
  • Worker/Controlplane SGs (lack $PREFIX)
  • Same for per-cluster router
  • FIPs for kubeapi and ingress: description/tag should container $PREFIX and $CLUSTER_NAME
  • LBs for kubeapi and ingress lack $PREFIX in name
  • SGs (ingress) lack $PREFIX and $CLUSTER_NAME
  • PVs lack everything ...

I am not sure that all of this can easily be addressed without hacking OCCM/CSI. But then we maybe should do that ...