Enrollment controller

[chungers]

This PR contains a very preliminary draft of the Enrollment Controller.

An Enrollment Controller is a controller that ensures the membership of a list of instances is properly synchronized to a downstream Instance plugin. This list of membership can come from either

• A statically defined list of []instance.Description in the config Properties, or
• A group plugin (referenced as lookup/groupID, for example, us-east/workers or group/workers.)

The applications of this controller include:

• Make sure every host in group X are authorized to access a NFS volume Y. In this case, the Instance plugin would be a plugin that can provision an "authorization" in NFS to access the volume.
• Make sure every resource in group X have an attached resource provisionable by Instance plugin Y. Examples include attach EBS volumes to hosts, or GPUs to hosts.

The controller is basically a control loop that periodically queries for membership information from the above source, as a []instance.Description. This is compared to the DescribeInstances results from querying the downstream Instance plugin. Some extra considerations such as specifying tags for the queries are also supported by the schema (see pkg/controller/enrollment/types/Properties.) Once the two slices are retrieved, the controller compares the two sets and determine the necessary actions:

• The set of entries to add downstream to account for new entries in the source.
• The set of entries to remove downstream to account for entries in the source that were removed.

The controller than invokes the downstream Instance plugin's Provision to add new entries, while Destroy would remove unmatched entries. I have considered the possibility that the instance.ID of each set are not the same (for example, host instance ID, with disk ID). So each side must provide a keyFunc that can extract a comparable key from the instance.Descriptions. In addition, labels are added to the instances as well (the keyFunc can just extract from the labels).

Finally, a single controller can have multiple control loops / rules. Each control loop described above can be accessed at the name <controller_lookup>/<rule> where the following are true:

• The plugin starts up with the name <controller_lookup> (the socket name).
• The controller was committed with a Spec that looks like

kind: enrollment
metadata:
  name: <rule>
properties:
   // the properties defined in pkg/controller/enrollment/types/Properties
options:
   // the options defined in pkg/controller/enrollment/types/Options

Note: One could see that the controller is responsible for a uni-directional sync of membership information into something else. We could implement a bi-directional controller as a separate controller, but at the moment I am not aware of any concrete use cases.

@kaufers

Signed-off-by: David Chung [email protected]

[GordonTheTurtle]

Please sign your commits following these rules:
https://github.com/moby/moby/blob/master/CONTRIBUTING.md#sign-your-work
The easiest way to do this is to amend the last commit:

$ git clone -b "linker" [email protected]:chungers/infrakit.git somewhere
$ cd somewhere
$ git rebase -i HEAD~842353961264
editor opens
change each 'pick' to 'edit'
save the file and quit
$ git commit --amend -s --no-edit
$ git rebase --continue # and repeat the amend for each commit
$ git push -f

Amending updates the existing PR. You DO NOT need to open a new one.

[codecov]

Codecov Report

Merging #678 into master will increase coverage by 0.33%.
The diff coverage is 79.56%.

@@            Coverage Diff             @@
##           master     #678      +/-   ##
==========================================
+ Coverage   48.61%   48.94%   +0.33%     
==========================================
  Files          80       80              
  Lines        8350     8411      +61     
==========================================
+ Hits         4059     4117      +58     
- Misses       3975     3979       +4     
+ Partials      316      315       -1

Impacted Files	Coverage Δ
pkg/template/funcs.go	66.27% <79.56%> (+6.34%)	⬆️
pkg/plugin/group/group.go	43.98% <0%> (-0.42%)	⬇️
pkg/provider/terraform/instance/plugin.go	84.04% <0%> (-0.31%)	⬇️
pkg/x/remoteboot/remoteboot.go	20% <0%> (+0.08%)	⬆️
pkg/template/template.go	67.65% <0%> (+1.27%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a55eca6...8a53770. Read the comment docs.