-
Notifications
You must be signed in to change notification settings - Fork 16
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[REQUEST] Support specifying various PodSpec
properties on the OnionService pods
#17
Comments
Hi @conneryn, thanks for supporting the project and taking the time on providing such detailed explanation! I really like the idea; it'd bring a lot of value for users that want to have more control over the objects created by the controller.
Of course! Feel free to start working on a draft and let's use this ticket to work on it. Keep me posted with your progress, happy to help with any additional question or guidance. Is it ok If I assign you this ticket? If you cannot find the time I can put it on my queue; your call. |
Great, yeah I'll take a stab at an initial PR, but will definitely appreciate your feedback/suggestions once I've got the first pass ready! |
Awesome! Looking forward to hear from you |
I finally had a bit of time to get an initial draft together. The PR adds a Outstanding Items:
A few thoughts/questions:
|
Hi @conneryn! Thank you very much for your awesome work and notes. I've poked around the PR, let me answer some of your questions:
Really nice!
Checked in question 2
I like dippynark's cluster-api-provider-kubernetes, for the time being is a nice workaround. In the future we could append tor-controller's container definition to whatever the user want to use).
I like the approach. What do you think if we use a slighlty simpler version like I'm also considering to start building proper documentation about the usage and features of the project.
I've been revamping alpha2 with more features given that those are optional and shouldn't disrupt old versions of the CRD's installed. It is correct though create a new version when adding big changes; not sure if you've checked kubebuilder's API Multi-Version tutorial already. In short, when adding a new version we should pick which one is the "main" one and then work on conversions to work with multilpe versions in parallel. The idea is that internall you just work with one object representation. Given that your modifications intrododuce optional fields to the schema, just add it to alpha2 for simplicity.
Thanks again for all the time you put into this! Really appreciate it : D |
Is your feature request related to a problem? Please describe.
I need to be able to control some spec properties on the onion service pods. My immediate pain is that I want to ensure the service continues to run even when the cluster comes under memory or CPU pressure, which means I need to be able to specify a higher
priorityClassName
for the pods.It would also be nice to be able to:
Additionally, I currently don't have any specific use-cases in mind, but I could envision other users wanting to set other pod properties (ex:
labels
,annotations
,hostNetwork
,topologySpreadConstraints
, etc). See https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodSpec for a full list ofPodSpec
properties.Describe the solution you'd like
Add a "template" property to the
OnionService
spec:Rather than manually creating this template spec for this project, it may be best to leverage the existing "PodTemplateSpec" (although this may introduce complications/confusion if users try to define the
containers
in the spec?).Describe alternatives you've considered
I considered changing the default
priorityClass
to something higher, and setting all less-crucial workloads to a lower class. This does not work for me, because there are several other 3rd party projects that don't support controlling their workloads' priority, and the OnionService is the only one I would want to be considered a high-priority class.Additional context
I would love to make Onion Services the primary ingress channel into my cluster (potentially even for access to the control-plane), so I am very interested in trying to make it more robust and reliable.
I would be happy to start on a PR to support this, if you are happy with the strategy.
The text was updated successfully, but these errors were encountered: