-
Notifications
You must be signed in to change notification settings - Fork 278
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Vitor Savian <[email protected]>
- Loading branch information
1 parent
c5abf84
commit 6dbc6ff
Showing
1 changed file
with
47 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,47 @@ | ||
| # Add kine support to RKE2 | ||
|
|
||
| ## Established | ||
|
|
||
| ## Revisit by | ||
|
|
||
| ## Status | ||
|
|
||
| Proposed | ||
|
|
||
| ## Context | ||
|
|
||
| This ADR is a introduction of kine support for RKE2. However, for this support to be implemented, it was necessary to add kine with TLS in K3s. | ||
| Which was done in this [PR](https://github.com/k3s-io/k3s/pull/9572), It was needed since rke2 cannot connect to kine without tls via the api server. | ||
|
|
||
| When rke2 is started with the `--datastore-endpoint` flag, it will disable the etcd pod and set the `cluster-init` flag to be `false`, to avoid the etcd part of k3s to be started. | ||
| Kine will use the etcd client certificate to authenticate the connection to the kine server that will be a `unixs` socket type. | ||
|
|
||
| ### Pros | ||
|
|
||
| - With the integration of kine, it is now possible to use the `--datastore-endpoint` flag among others related to kine. This allows for a more versatile configuration of the datastore, | ||
| providing users with the flexibility to choose their preferred storage backend. | ||
|
|
||
| ### Cons | ||
|
|
||
| - Kine can only be utilized with TLS due to the requirements of the API server. | ||
|
|
||
| ## Other changes needed in k3s to better support kine in rke2 | ||
|
|
||
| When testing rke2 with kine, there was some changes to avoid panics (specially when we are talking about `etcd`) and to make it work with tls. The changes are that when the user | ||
| uses `--database-endpoint` and other flags related to `etcd only` nodes, we have to ignore this flags or simply end the process with a error message. | ||
|
|
||
| ### Pros of Ignoring the flags | ||
|
|
||
| - It is possible to avoid panics and rke2 will run as expected. | ||
|
|
||
| ### Cons of Ignoring the flags | ||
|
|
||
| - It will be not very clear to the user that the flags are being ignored. | ||
|
|
||
| ### Pros of Ending the process with a error message | ||
|
|
||
| - Rke2 will run as expected with transparency to the user. | ||
|
|
||
| ### Cons of Ending the process with a error message | ||
|
|
||
| - The user will have to change the flags to make rke2 run. |