-
Notifications
You must be signed in to change notification settings - Fork 408
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add the ability to force the location of the Seed to be in the same region as Kyma cluster [EPIC] #18182
Comments
This issue or PR has been automatically marked as stale due to the lack of recent activity. This bot triages issues and PRs according to the following rules:
You can:
If you think that I work incorrectly, kindly raise an issue with the problem. /lifecycle stale |
A label |
This issue has been automatically marked as stale due to the lack of recent activity. It will soon be closed if no further activity occurs. |
We agreed with @kyma-project/gopher to offer this feature under following constraints:
|
I have tested
|
Proposed request sent to Provisioner's graphql API with new field shootAndSeedSameRegion:
|
Schema generated out of kyma-project/kyma-environment-broker#781: https://gist.github.com/ralikio/32138d957c9886a9e182494f39e6078d |
JFYI - added a draft PR for Gardener to extract the Seed determining logic into separate struct to make it reusable for other apps over their API: |
Two additional tests cases conducted regarding Gardener's
Case I - Creating a non-HA shoot on a region that only contains HA seeds - contains HA in its name Provider: aws Case II - Creating a HA shoot on a region that only contains non-HA seeds - no HA in its name Provider: gcp
Case III - Creating a HA shot in the region that contains one HA seed - contains HA in its name Provider: gcp
|
Description
The user who creates a Kyma cluster in the BTP cockpit should be able to enforce the location of the Control Plane to be in the same region as the Hyperscaler account where the Worker Nodes of the cluster are deployed. If it is not possible to have the Control Plane in the same region, the user should see an error message allowing him to proceed without this enforcement. In all cases it has to be transparent to the customer in which region the Control Plane is hosted.
Reasons
The region of the Control Plane is automatically chosen by Gardener (https://gardener.cloud/docs/gardener/concepts/scheduler/). Because of this the Control Plane could sometimes be deployed in a different region than the worker nodes, among others because Gardener doesn't have Seed clusters in all the regions Kyma can be deployed. This can lead to a violation of the law because the Control Plane could be in another legal area than the Worker Nodes and the customer is storing personal data (e. g. names, email addresses) on the Control Plane. We also have customers which are very sensitive regarding the regions where sensitive data is stored.
AC (Added by PK)
The text was updated successfully, but these errors were encountered: