-
Notifications
You must be signed in to change notification settings - Fork 919
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Joe Nathan Abellard <[email protected]>
- Loading branch information
Showing
1 changed file
with
67 additions
and
0 deletions.
There are no files selected for viewing
67 changes: 67 additions & 0 deletions
67
docs/proposals/karmada-operator/api-server-sidecard-containers/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,67 @@ | ||
| --- | ||
| title: Support for API Server Sidecar Containers in Karmada Operator | ||
| authors: | ||
| - "@jabellard" | ||
| reviewers: | ||
| - "@RainbowMango" | ||
| approvers: | ||
| - "@RainbowMango" | ||
|
|
||
| creation-date: 2025-02-07 | ||
|
|
||
| --- | ||
|
|
||
| # Support for API Server Sidecar Containers in Karmada Operator | ||
|
|
||
| ## Summary | ||
|
|
||
| This proposal aims to enhance the Karmada operator by introducing support for configuring additional containers for the Karmada API server component. | ||
| By allowing users to define additional containers, this feature unlocks new use cases such as integration with Key Management Service (KMS) plugins for configuring encryption at rest. | ||
| This enhancement provides greater flexibility while maintaining the declarative nature of the Karmada operator’s deployment model. | ||
|
|
||
| ## Motivation | ||
|
|
||
| Currently, the Karmada operator provisions the API server as a standalone container within a pod. While the API server supports configurability via extra arguments, additional volumes, and volume mounts, it lacks built-in support for defining additional containers. | ||
| By introducing explicit support for additional containers, this feature enables: | ||
|
|
||
| - Seamless integration of auxiliary services such as KMS-based encryption providers. | ||
| - Greater deployment flexibility by enabling users to extend the API server’s functionality without modifying the core operator logic. | ||
|
|
||
| ### Goals | ||
| - Introduce support for configuring sidecar containers for the Karmada API server. | ||
|
|
||
| ### Non-Goals | ||
|
|
||
| - Introduce changes beyond the scope of what is needed to support additional containers for the Karmada API server component. | ||
|
|
||
| ### API Changes | ||
|
|
||
| ```go | ||
| // KarmadaAPIServer holds settings for the Karmada API server. | ||
| type KarmadaAPIServer struct { | ||
| // CommonSettings holds common settings for the Karmada API server. | ||
| CommonSettings `json:",inline"` | ||
|
|
||
| // ExtraContainers specifies a list of additional containers to be deployed | ||
| // within the Karmada API server pod. | ||
| // This enables users to integrate auxiliary services such as KMS plugins for configuring encryption at rest. | ||
| // +optional | ||
| ExtraContainers []corev1.Container `json:"extraContainers,omitempty"` | ||
| } | ||
| ``` | ||
|
|
||
| ### User Stories | ||
|
|
||
| #### Story 1 | ||
| As an infrastructure engineer, I want to integrate with my organization's KMS to configure encryption at rest for managed Karmada control planes. | ||
|
|
||
|
|
||
| ## Design Details | ||
|
|
||
| During the reconciliation process, the Karmada operator will: | ||
|
|
||
| - Check if `ExtraContainers` is specified in the KarmadaAPIServer spec. | ||
| - If specified: | ||
| - Append the defined containers to the API server pod specification. | ||
| - If not specified: | ||
| - Maintain the current deployment behavior with only the API server container. |