Skip to content

enhancements/cluster-api: cross-CSP worker nodes via CAPI multi-provider#2048

Open
chdeshpa-hue wants to merge 1 commit into
openshift:masterfrom
chdeshpa-hue:enhancement/cross-csp-worker-nodes
Open

enhancements/cluster-api: cross-CSP worker nodes via CAPI multi-provider#2048
chdeshpa-hue wants to merge 1 commit into
openshift:masterfrom
chdeshpa-hue:enhancement/cross-csp-worker-nodes

Conversation

@chdeshpa-hue

@chdeshpa-hue chdeshpa-hue commented Jun 26, 2026

Copy link
Copy Markdown

Summary

Enhancement proposal for RFE-5538 enabling managed cross-CSP worker node provisioning in standalone OpenShift clusters.

An AWS-installed OCP 4.22+ cluster can add managed Azure GPU worker nodes Day-2 by deploying CAPZ alongside CAPA using CAPI multi-provider architecture.

Key Design Points

  • CAPI multi-provider: CAPA + CAPZ coexisting for independent machine lifecycle management per CSP
  • CCO multi-cloud identity: Depends on RFE-7030 for workload identity across CSP boundaries
  • CCM-less mode: Cross-CSP workers operate without secondary CSP's CCM initially (OCPSTRAT-2650 pattern)
  • Automated network provisioning: Standalone cross-csp-network-controller with pluggable driver model (IPsec VPN → WireGuard → Direct Connect)
  • Phased graduation: Dev Preview (CCM-less + IPsec VPN) → Tech Preview (WireGuard, CCO multi-cloud) → GA (DirectConnect, per-platform CCM, failover)

Motivation

FedRAMP High (IL5) customer on AWS GovCloud needs NVIDIA A100 GPUs unavailable in their region but immediately available in Azure Government. Cross-CSP managed workers avoid the operational overhead of a second cluster.

Dependencies

  • MAPI-to-CAPI migration (OCP 4.22+)
  • RFE-7030: Multi-cloud CCO identity
  • OCPSTRAT-2650: Mixed-platform workers in standalone OCP

See Also

  • /enhancements/machine-api/converting-machine-api-to-cluster-api.md
  • /enhancements/cluster-api/installing-cluster-api-components-in-ocp.md
  • /enhancements/cloud-integration/infrastructure-external-platform-type.md

/cc @JoelSpeed @elmiko @rvanderp3 @damdo @mentenza

Made with Cursor

Add enhancement proposal for RFE-5538 enabling managed cross-CSP worker
node provisioning. An AWS-installed cluster can add Azure GPU workers
Day-2 using CAPI multi-provider (CAPA + CAPZ coexisting).

Key capabilities:
- CAPI multi-provider for cross-CSP machine lifecycle
- CCO multi-cloud workload identity (RFE-7030 dependency)
- CCM-less worker mode (OCPSTRAT-2650 pattern)
- Automated cross-CSP network provisioning via pluggable driver model
  (IPsec VPN, WireGuard, Direct Connect)

Tracking: https://redhat.atlassian.net/browse/RFE-5538
Co-authored-by: Cursor <cursoragent@cursor.com>
@openshift-ci

openshift-ci Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign yuqi-zhang for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@chdeshpa-hue

Copy link
Copy Markdown
Author

/cc @sub-mod

@openshift-ci openshift-ci Bot requested a review from sub-mod June 26, 2026 09:00
@openshift-ci

openshift-ci Bot commented Jun 26, 2026

Copy link
Copy Markdown
Contributor

@chdeshpa-hue: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/markdownlint 18fb9ce link true /test markdownlint

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant