Skip to content

Add DC/DR failover policy and per-DC roles to PlacementPolicy#49

Open
tamalsaha wants to merge 2 commits into
masterfrom
dc-dr-failover-policy
Open

Add DC/DR failover policy and per-DC roles to PlacementPolicy#49
tamalsaha wants to merge 2 commits into
masterfrom
dc-dr-failover-policy

Conversation

@tamalsaha

@tamalsaha tamalsaha commented Jun 28, 2026

Copy link
Copy Markdown
Contributor

The placement substrate for KubeDB cross data center disaster recovery (DC-DR). Step 2 of the staging order (after apimachinery, before the dependent operators).

What

  • FailoverPolicy on ClusterSpreadConstraint: marks a PlacementPolicy as a DC/DR deployment and selects how the common DC failover service drives it (FailoverTrigger scope Global/Group; Mode TwoDC/ThreeDC). nil means the placement is not DC/DR-managed.
  • DCRole (Member, Arbiter, Witness) on DistributionRule: how each data center participates. Member is data-bearing and primary-eligible; Arbiter votes only and holds no data; Witness is data-bearing but never primary (for engines whose witness must carry data). Defaults to Member.
  • ClusterSpreadConstraint.Validate(): rejects invalid policies (role vs replicaIndices, member count ≥ 2, mode vs role counts, scope vs group), now wired into the PetSet validating webhook so an invalid DC/DR policy is actually rejected. No-op for non-DC/DR policies.
  • ManifestWorkClusterNameLabel = open-cluster-management.io/cluster-name, the single DC-name label used across the chain (agent --dc-name, Lease holder, marker activeDC, pod label, distributionRule.clusterName).

Deepcopy and the regenerated CRD (role enum, failoverPolicy subtree) are included. Additive and optional — existing PlacementPolicies are unaffected.

Verification

go build ./..., go vet ./..., go test ./... green.

kodiakhq[bot]
kodiakhq Bot previously approved these changes Jun 28, 2026
kodiakhq[bot]
kodiakhq Bot previously approved these changes Jun 28, 2026
kodiakhq[bot]
kodiakhq Bot previously approved these changes Jun 28, 2026
Introduce a FailoverPolicy on ClusterSpreadConstraint and a per-rule
DCRole (Member/Arbiter/Witness) to model cross data center (DC/DR)
deployments. FailoverTrigger selects which primary-dc Lease a workload
follows (Global or per Group). Adds a Validate() helper for the
PlacementPolicy webhook and regenerates deepcopy + CRD manifests.

Signed-off-by: Tamal Saha <tamal@appscode.com>
@tamalsaha tamalsaha force-pushed the dc-dr-failover-policy branch from b66f18a to 0577749 Compare June 28, 2026 17:47
…ation

ClusterSpreadConstraint.Validate() (the DC/DR failover-policy and per-DC role
checks: Member/Arbiter/Witness data-bearing rules, member count, mode vs role
counts, scope vs group) was defined but never called, so an invalid DC/DR policy
passed validation. Call it from validatePlacementPolicy after the constraint nil
guard. It is a no-op for a non-DC/DR policy (FailoverPolicy unset), so existing
PlacementPolicies are unaffected.

Signed-off-by: Tamal Saha <tamal@appscode.com>
@tamalsaha tamalsaha changed the title Add DC/DR failover policy to PlacementPolicy API Add DC/DR failover policy and per-DC roles to PlacementPolicy Jun 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant