MEP-19: Zone Awareness

[simcod]

Description

This PR adds the new MEP-19: Zone Awareness in metal-stack.io.

[netlify]

✅ Deploy Preview for metal-stack-io ready!

Name	Link
🔨 Latest commit	3750c0c
🔍 Latest deploy log	https://app.netlify.com/projects/metal-stack-io/deploys/693949f19e38e90008cbaad6
😎 Deploy Preview	https://deploy-preview-147--metal-stack-io.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[Gerrit91]

Thanks for writing this up. Here is a first set of suggestions, mainly for the introductory sections.

[Gerrit91]

Why is this required? In GCP this is not the case, node IPs are not in different CIDR ranges.

Suggested change

	- It must be possible for nodes within a single Kubernetes cluster to use different Node CIDR ranges, depending on their partition or zone assignment. Major cloud providers use node groups to configure Node CIRDs differently.
	- It must be possible for nodes within a single Kubernetes cluster to use different Node CIDR ranges, depending on their partition or zone assignment. Major cloud providers use node groups to configure Node CIDRs differently.

[Gerrit91]

Introduction sentence is necessary. Which criteria do we talk about?

[dhilgarth]

Some feedback from "the outside": This MEP so far focuses heavily on how the traffic between the zones could be routed. What seems to be missing is how zone awareness would work on a conceptual level, how would it look like in the CLI etc.

Some questions:

• Would it be a "zone spreading" with a configuration like "in each zone, have at least X nodes"? Or is it rather: "Have at least X nodes in zone A" and if I want to ensure that in each zones a minimum number of nodes, I would have one such configuration per zone?
• What about the firewalls? In the context of Gardener and also Cluster API, each Kubernetes cluster has its own firewall machine.
  • It's unclear, whether "firewall" is synonymous with the firewall created by metal-stack for a cluster?
  • It's unclear where the metal-stack firewall of a cluster is placed in the context of multiple zones, whether it still will be a single firewall or multiple
  • It's unclear how traffic would be routed if just a single firewall exists, in terms of reducing cross-zone hops

[majst01]

Some feedback from "the outside": This MEP so far focuses heavily on how the traffic between the zones could be routed. What seems to be missing is how zone awareness would work on a conceptual level, how would it look like in the CLI etc.

Some questions:

• Would it be a "zone spreading" with a configuration like "in each zone, have at least X nodes"? Or is it rather: "Have at least X nodes in zone A" and if I want to ensure that in each zones a minimum number of nodes, I would have one such configuration per zone?

Spreading of machines is a actually done only on a partition level, which would not change with this MEP. Instead the caller must decide how in how many partitions of a zone machines should be created. So the logic you are referring to is up to a higher level, like CAPI or Gardener.

• What about the firewalls? In the context of Gardener and also Cluster API, each Kubernetes cluster has its own firewall machine.

  • It's unclear, whether "firewall" is synonymous with the firewall created by metal-stack for a cluster?

Firewall references to a firewall created by metal-stack.

• It's unclear where the metal-stack firewall of a cluster is placed in the context of multiple zones, whether it still will be a single firewall or multiple

metal-stack could create multiple firewalls per cluster, there is one open feature called "distance aware routing" which must be implemented during this MEP.

• It's unclear how traffic would be routed if just a single firewall exists, in terms of reducing cross-zone hops