Provide more prescriptive guidance on multi-tenancy

[randomvariable]

What this PR does / why we need it:

As a follow up to the Cluster API meeting of 2021/04/21, this PR intends to give more prescriptive guidance around the multi-tenancy contract. In particular, this documents how cluster scoped resources should work at the present time, and also in a
future release of Cluster API that drops support for older Kubernetes versions.

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

/assign @sedefsavas
/assign @devigned
/assign @CecileRobertMichon

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
To complete the pull request process, please ask for approval from cecilerobertmichon after the PR has been reviewed.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[CecileRobertMichon]

/cc @nader-ziada

[randomvariable]

Marked as WIP since we want to include the clusterctl annotation pieces for cluster scoped resource move I think @fabriziopandini ?

[randomvariable]

TODO: Add helper to expose current controller namespace.

@vincepri , reckon I should make a PR to controller-runtime to expose a public utility function that does https://github.com/kubernetes-sigs/controller-runtime/blob/master/pkg/leaderelection/leader_election.go#L104 ?

[devigned]

👍 just added a question and a little nit.

[randomvariable]

Right, I have some questions to be answered. I have put them in this google doc https://docs.google.com/document/d/1hnjjPW6oEm3injHJMaVC-gbUYaSIuZB_ZGWVBh3LdMA/edit#

[sbueringer]

@randomvariable @vincepri I'm currently working towards the CAPO v0.4.0 release. Is the v0.4.0 provider contract the current state of this PR or what's documented here? https://cluster-api.sigs.k8s.io/developer/architecture/controllers/multi-tenancy.html?highlight=multi%20ten#multi-tenancy

P.S. I was on vacation the last weeks so I could have missed other discussions / PRs etc about this topic

[randomvariable]

This is updated as per the comments. I've tried to balance what the providers have done with the consensus in the discussions. PTAL.

[sbueringer]

Suggested change

	// resource the same namespace as the resource(s) being provisioned.
	// resource with the same namespace as the resource(s) being provisioned.

[sbueringer]

Does the ProviderIdentityReference type still exist?

[sbueringer]

Does not exist in the code, renamed?

[sbueringer]

Suggested change

	### Namespaced scoped resources
	### Namespace-scoped resources

[sbueringer]

Not sure if the secret variant should also be added here

[sbueringer]

Probably stupid question: Can we differentiate between null and empty when the selector is not a pointer?

[sbueringer]

@randomvariable Thx for clarifying the part with the secret!

[vincepri]

@randomvariable Do you have some time to fix the comments above and make the bot happy? We can do another round of review thereafter

[k8s-ci-robot]

@randomvariable: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cluster-api-test-main	e1a76d2	link	/test pull-cluster-api-test-main
pull-cluster-api-verify	e1a76d2	link	/test pull-cluster-api-verify
pull-cluster-api-verify-main	e1a76d2	link	true	/test pull-cluster-api-verify-main
pull-cluster-api-e2e-main	e1a76d2	link	true	/test pull-cluster-api-e2e-main

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[enxebre]

@randomvariable should we close this one?

[enxebre]

hey @randomvariable just doing some housekeeping here, I'm closing this since does not seem to apply anymore, plase let me know or just reopen if I'm mistaken.
/close

[k8s-ci-robot]

@enxebre: Closed this PR.

In response to this:

hey @randomvariable just doing some housekeeping here, I'm closing this since does not seem to apply anymore, plase let me know or just reopen if I'm mistaken.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[sbueringer]

@enxebre I assume this means that the current contract regarding multi tenancy remains what we currently have in the book? https://cluster-api.sigs.k8s.io/developer/architecture/controllers/multi-tenancy.html

If I remember correctly some providers already aligned to what is this described in this PR. But I think given that this PR here never merged, we can't really treat it as an active contract. (Or maybe it's documented elsewhere and I'm just not aware)

I can't really assess what this means for us, why this contract addition was important, ...

P.S. I agree that this PR itself doesn't really make sense if it's just sitting there. I just wonder if the topic is still relevant.

[sbueringer]

/cc @CecileRobertMichon @fabriziopandini @vincepri

[fabriziopandini]

@yastij this could be relevant for the overarching goal to ensure consistency across providers...