Skip to content

Handling of AWS resource dependencies #27

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
marcindulak opened this issue Feb 19, 2020 · 5 comments
Closed

Handling of AWS resource dependencies #27

marcindulak opened this issue Feb 19, 2020 · 5 comments

Comments

@marcindulak
Copy link

The ideal resources that fit the k8s model do not depend on the order in which they are created (e.g. a backend component should wait until database is ready etc.), however some AWS resources depend on the creation order. Cloudformation has various mechanisms to handle dependencies like Outputs, Fn::ImportValue https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/walkthrough-crossstackref.html or DependsOn https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-dependson.html

How dependencies between AWS resources will be handled by ASO?
@marcindulak marcindulak added the kind/enhancement Categorizes issue or PR as related to existing feature enhancements. label Feb 19, 2020
@jaypipes
Copy link
Collaborator

Hi @marcindulak! Great question.

My gut instinct on this answer is to eventually (not for MVP #22) support AWS CloudFormation as an explicit resource type (CRD) [1]. We would have an ASO service controller that communicated with the CloudFormation APIs. The spec of the CloudFormationStack CR would essentially be a CloudFormationTemplate YAML string.

[1] I emphasize explicit here because the original ASO wrapped all resources in a call to CloudFormation implicitly. For example, if you went to create an S3 bucket, the original ASO would create a CloudFormation stack with an S3 bucket in it. I want to move away from this implicit/hidden CloudFormation usage and move to a model where the user deliberately says "these resources should be treated as a single unit" by creating a CloudFormationStack CR.

@jaypipes jaypipes added design and removed kind/enhancement Categorizes issue or PR as related to existing feature enhancements. labels Feb 20, 2020
@negz
Copy link

negz commented Feb 28, 2020
edited
Loading

We solved this problem in https://github.com/crossplane/stack-aws (which addresses similar problems to the Service Operator) using what we call "Custom Resource References. The custom resources defined by stack-aws are high fidelity representations of the AWS APIs; so our RDSInstance for example is pretty much a direct translation of AWS's DBInstance.

When you write a Crossplane RDSInstance you might want your instance to exist in a particular VPC security group. Crossplane models these as a custom resource named SecurityGroup. If you don't want to model your SecurityGroup using Kubernetes you can just specify its AWS ID;

apiVersion: database.aws.crossplaneio/v1beta1
kind: RDSInstance
metadata:
  name: verycoolinstance
spec:
  forProvider:
    # Many omitted fields...
    vpcSecurityGroupIds:
      - sg-12345678  # The name of a security group in the AWS API

However if you instead wanted to refer to a SecurityGroup you had modelled using Kubernetes you could instead write:

apiVersion: database.aws.crossplaneio/v1beta1
kind: RDSInstance
metadata:
  name: verycoolinstance
spec:
  forProvider:
    # Many omitted fields...
    vpcSecurityGroupIdRefs:
      - name: mycoolsubnetgroup # The name of a SecurityGroup in the Kubernetes API

We'll then use the "ref" field (vpcSecurityGroupIdRefs) to resolve and set the value of its associated "explicit" field (vpcSecurityGroupIds). We've found this to be the most easily discoverable and Kubernetes-compliant way to allow folks to reference either an AWS API object or a Kubernetes custom resource representing an AWS API object. The machinery for handling all of this is baked into our "managed resource reconciler" - please feel free to reuse it!

@ack-bot ack-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 26, 2021
@jaypipes jaypipes removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Aug 27, 2021
@aws-controllers-k8s aws-controllers-k8s deleted a comment from ack-bot Aug 27, 2021
@ack-bot
Copy link
Collaborator

ack-bot commented Nov 25, 2021

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/aws-controllers-k8s/community.
/lifecycle stale

@ack-bot ack-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 25, 2021
@a-hilaly
Copy link
Member

/remove-lifecycle stale

@ack-bot ack-bot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 25, 2021
@vijtrip2
Copy link
Contributor

This work is being tracked in this issue. #545

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@jaypipes @negz @marcindulak @a-hilaly @vijtrip2 @ack-bot