Strimzi Gatekeeper plugin system#220
Conversation
Signed-off-by: Jakub Scholz <www@scholzj.com>
scholzj
requested review from
Frawless,
PaulRMellor,
im-konge,
katheris,
ppatierno,
samuel-hawker,
see-quick,
sknot-rh,
tinaselenge and
tombentley
PaulRMellor
left a comment
PaulRMellor
left a comment
There was a problem hiding this comment.
The motivation and intended benefits are clearly explained, especially around reducing reconciliation complexity and improving extensibility.
I think the implementation details could be expanded further for such a significant change. For example, sequence diagrams or example flows for validating and mutating plugins to show execution order, mutation behaviour, and success/failure handling.
Co-authored-by: PaulRMellor <47596553+PaulRMellor@users.noreply.github.com> Signed-off-by: Jakub Scholz <www@scholzj.com>
Signed-off-by: Jakub Scholz <www@scholzj.com>
|
@PaulRMellor Thanks for the review. I tried to address your comments and also added some more diagrams and examples. |
im-konge
left a comment
im-konge
left a comment
There was a problem hiding this comment.
Thanks for the proposal, it LGTM. I have just few questions.
| While we currently do not have any specific use case, such a feature might be useful in the future. | ||
| * **Access Operator alternative:** A validating Gatekeeper plugin for `Kafka` and `KafkaUser` could be used to copy cluster or user information into different namespaces or clusters. | ||
| The plugin would wait for the reconciliation to complete and in the _exit_ method it would distribute the credentials or cluster coordinates to places defined in annotation. | ||
| _(Included as an example only - the actual replacement of Access Operator by a Gatekeeper plugin would require a separate proposal.)_ |
There was a problem hiding this comment.
Should we start thinking about it now instead giving more effort to Access Operator?
There was a problem hiding this comment.
I'm happy to think about it. But:
- It would be completely different model (I think that better, but who knows)
- This proposal has 2 reviews and 0 approvals - so it would be premature to think it replaces anything
- If we do that, it should likely be a separate proposal -> Different interest groups, different topic, managing the scope, etc.
There was a problem hiding this comment.
Yeah I know it is premature to think about it and something for different proposal etc., but I just wanted to mention it, as we already discussed to have the Access Operator work a bit differently with different model.
So maybe we should think about this now before we will plan for some more changes in the Access Operator repo - CC @katheris
PaulRMellor
left a comment
PaulRMellor
left a comment
There was a problem hiding this comment.
Thanks for addressing my comments.
The example flow and diagrams are a great help
im-konge
left a comment
im-konge
left a comment
There was a problem hiding this comment.
The proposal LGTM, thanks a lot.
Signed-off-by: Jakub Scholz <www@scholzj.com>
4 participants
Inspired by Kubernetes Admission webhooks and other Kubernetes tools, the Strimzi Gatekeeper plugins suggested by this proposal provide a strong abstraction that should help us to better structure our own code base, remove complexity, split it into separate layers, and improve tests. But it should also be useful for all kinds of external use cases presented by Strimzi users and vendors.