In the release notes for the old CCS we strongly recommended that the user created a service account or at least a service 'user'. Ultimately it has to be on the user to control 'who' can do what.
paul.an...@shapeblue.com www.shapeblue.com 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue -----Original Message----- From: David Jumani <david.jum...@shapeblue.com> Sent: 13 October 2020 11:39 To: dev@cloudstack.apache.org Subject: Re: [DISCUSS] CloudStack Kubernetes Cluster Auto-Scaler support Thanks Daan. Users within the same account can alter the cluster, so I'm thinking of a service user within the same account and use the service user's keys. This will also prevent any mess up if the user provides his keys and then later regenerates them. ________________________________ From: Daan Hoogland <daan.hoogl...@gmail.com> Sent: Tuesday, October 13, 2020 3:28 PM To: dev <dev@cloudstack.apache.org> Subject: Re: [DISCUSS] CloudStack Kubernetes Cluster Auto-Scaler support That is a good question. Is the user going to be the only user responsible for messing up the k8 cluster, or will other users be able to as well? For convenience and if audit is to not lay false balme on a user, I'd say create a system/service account, if several users can mess up each other with it... makes sense? On Tue, Oct 13, 2020 at 11:10 AM David Jumani <david.jum...@shapeblue.com> wrote: > Sounds good. And do you think it would be better to have the user > provide the API keys or create a service account and use its keys? > ________________________________ > From: Daan Hoogland <daan.hoogl...@gmail.com> > Sent: Monday, October 12, 2020 6:28 PM > To: dev <dev@cloudstack.apache.org> > Subject: Re: [DISCUSS] CloudStack Kubernetes Cluster Auto-Scaler > support > > Davis, how about a separate API called setAutoScalingParameter or > setAutoScalingLimits? > > On Mon, Oct 12, 2020 at 2:19 PM David Jumani > <david.jum...@shapeblue.com> > wrote: > > > Thanks Rakesh. > > Do you think it would be better to have the user provide the API > > keys or create a service account and use its keys? > > > > ________________________________ > > From: Rakesh v <<http://>www.rakeshv....@gmail.com< > http://www.rakeshv....@gmail.com>> > > Sent: Monday, October 12, 2020 5:12 PM > > To: dev@cloudstack.apache.org <dev@cloudstack.apache.org> > > Subject: Re: [DISCUSS] CloudStack Kubernetes Cluster Auto-Scaler > > support > > > > I prefer providing an API to customers with necessary parameters > > rather than providing yaml files to them. Using API we can do > > automation also > and > > editing yaml files can be sometimes messy > > > > Sent from my iPhone > > > > > > david.jum...@shapeblue.com > > www.shapeblue.com<http://www.shapeblue.com> > > 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK > > @shapeblue > > > > > > > > > On 12-Oct-2020, at 1:13 PM, David Jumani > > > <david.jum...@shapeblue.com> > > wrote: > > > > > > Hi Daan, > > > > > > Thanks for your feedback! > > > Wrt the ideas, Submitting a yaml to an API would be redundant > > > since the > > user can deploy it himself. > > > The API proposal was to simplify it for the user so they can just > > > pass > > min / max size as well as API keys if needed (so no tweaking a yaml > > file) > > > The scaleAPI could have a flag to indicate whether it enables > > autoscaling or not, and if enabled, the additional fields provided. > > > > > > Thanks, > > > David > > > ________________________________ > > > From: Daan Hoogland <daan.hoogl...@gmail.com> > > > Sent: Monday, October 12, 2020 4:36 PM > > > To: dev <dev@cloudstack.apache.org> > > > Subject: Re: [DISCUSS] CloudStack Kubernetes Cluster Auto-Scaler > support > > > > > > David, > > > as a general principle an API called scale<something> should not > > > be > used > > to > > > configure autoscaling of <something> in my opinion. > > > So option 1 seems the best to me (an submitYamlForKubernetes-API?) > > However > > > instead of requiring an yaml we could just ask for the required > > > fields > > > > > >> On Mon, Oct 12, 2020 at 12:51 PM David Jumani < > > david.jum...@shapeblue.com> > > >> wrote: > > >> > > >> Hi, > > >> > > >> I'm currently working on adding support for CloudStack as a cloud > > provider > > >> for Kubernetes to allow it to dynamically scale the cluster size > > >> based > > on > > >> capacity requirements. > > >> It runs as a separate pod in its own deployment and requires an > > >> API > and > > >> Secret key to communicate with CloudStack. > > >> > > >> While that's going on, I'd like some feedback on how it can be > > integrated > > >> and even deployed from the CloudStack side. I have three > > >> proposals and would like your input : > > >> > > >> 1. Provide the deployment yaml file to the user, have them > > >> change > the > > >> min and max cluster size to suit their requirement, provide the > > >> API > > keys as > > >> Kubernetes secrets and deploy it themselves. (Most flexible as > > >> the > user > > can > > >> change several autoscaling parameters as well) 2. Deploy it via > > >> the scaleKubernetesCluster API. This will require adding > > >> additional parameters to the API such as minsize, maxsize, > apikey > > >> and secretkey for the service to communicate with CloudStack. > > >> (Uses > > default > > >> autoscaling parameters, api keys provided by the user) 3. > > >> Deploy it via the scaleKubernetesCluster API, but also create a > > >> service account and use its API keys to communicate with CloudStack. > The > > >> user will still need to provide the minsize and maxsize to the API. > > (Uses > > >> default autoscaling parameters, api keys generated and used by a > service > > >> account, which if deleted could cause issues) > > >> > > >> The design document can be found here : > > >> > > >> > > > https://cwiki.apache.org/confluence/display/CLOUDSTACK/Cluster+Autosca > ler+for+CloudStack+Kubernetes+Service > > >> > > >> Additional info can be found here : > > >> > > >> > > > https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscale > r/FAQ.md > > >> > > >> Look forward to hearing from you! > > >> > > >> Thanks, > > >> David > > >> > > >> david.jum...@shapeblue.com > > >> www.shapeblue.com<http://www.shapeblue.com> > > >> 3 London Bridge Street, 3rd floor, News Building, London SE1 > > >> 9SGUK @shapeblue > > >> > > >> > > >> > > >> > > > > > > -- > > > Daan > > > > > > david.jum...@shapeblue.com > > > www.shapeblue.com<http://www.shapeblue.com> > > > 3 London Bridge Street, 3rd floor, News Building, London SE1 > > > 9SGUK @shapeblue > > > > > > > > > > > > > > -- > Daan > > david.jum...@shapeblue.com > www.shapeblue.com<http://www.shapeblue.com> > 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK > @shapeblue > > > > -- Daan david.jum...@shapeblue.com www.shapeblue.com 3 London Bridge Street, 3rd floor, News Building, London SE1 9SGUK @shapeblue
