[jira] [Commented] (YUNIKORN-941) split scheduler and admission controller deployment

Wed, 08 Dec 2021 01:53:52 -0800 


    [ 
https://issues.apache.org/jira/browse/YUNIKORN-941?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17455091#comment-17455091
 ] 

Kinga Marton commented on YUNIKORN-941:
---------------------------------------

[~yuchaoran], [~wilfreds] I suggest to move out this issue from the 0.12 
release. And remove the changes from the release repository from the 0.12 
branch after it will be created.

I am suggesting this because I found the root cause of the failing precommit: 
the secret is not created at the pint we want to mount it. The secret is 
created in the admission_util.sh script, what is running in a post start hook. 
And here we have a chicken and egg problem: 
 * the secret needs the TLS certs, which are creeated fron the admission 
controller code, so in the actual setup we cannot create the secret in an init 
container.

Instead of continuing to hack around the admission controller I suggest to 
remove the admission_util.sh script and use init containers for creating all 
the necessary certificates and secrets, but this is a bigger work. 

There is a good article about how we can create the admission controllers in a 
more elegant way than we are doing it now: 
[https://www.velotio.com/engineering-blog/managing-tls-certificate-for-kubernetes-admission-webhook]

> split scheduler and admission controller deployment
> ---------------------------------------------------
>
>                 Key: YUNIKORN-941
>                 URL: https://issues.apache.org/jira/browse/YUNIKORN-941
>             Project: Apache YuniKorn
>          Issue Type: Improvement
>          Components: shim - kubernetes
>            Reporter: Kinga Marton
>            Assignee: Kinga Marton
>            Priority: Blocker
>              Labels: pull-request-available
>
> To support proper YuniKorn upgrades and restarts we should move the admission 
> controller out of the scheduler deployment and make it a separate deployment.
> This could also allow the admission controller to be made high available and 
> allow simpler no down time upgrades possible. 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@yunikorn.apache.org
For additional commands, e-mail: issues-h...@yunikorn.apache.org

Reply via email to