Architecture Overview¶
Nodewright is a standard Kubernetes operator with one twist: it is deliberately split into a control plane that decides and a node plane that acts. This page walks up from the system context to the containers that make it work.
System context¶
Nodewright lives inside each edge cluster. SpectroCloud Palette delivers it (as a cluster-profile pack); operators drive it through a CLI and a thin UI; and it orchestrates the storage/virt substrate already running on the nodes — it orchestrates, it does not replace LINSTOR, KubeVirt, or Kairos.
The control plane / node plane split¶
This is the load-bearing decision. Responsibilities divide cleanly:
=== "Operator (control plane)"
- **Owns cluster-wide intent and decisions:** who flips first, when to bump replica placement,
when to release a lock.
- Reads and writes CRD `.spec` / `.status`; coordinates with Piraeus and KubeVirt objects.
- Runs one controller-manager, **one controller per CRD**, with a single leader-election lease.
- Runs unprivileged (`restricted` pod security).
=== "Agent (node plane)"
- **Owns host-level mutation only:** `ip link`, `networkctl`, writes under `/etc/systemd/network`
and `/oem`, `kairos-agent` invocations, local `drbdadm` pause/resume.
- Executes the one-shot operations the operator delegates, then **reports observed state back up**.
- Runs privileged, in a single labelled namespace, with per-mount justification.
Why it matters: today's bash DaemonSet conflates both. A node deciding cluster-wide policy from stale ConfigMap state is the exact failure class that has driven the incident history. With the split, the operator decides, the agent acts, the agent reports, the operator rolls forward.
Containers¶
Today vs. designed
In the current phase the node agent is still the existing bash DaemonSet — unchanged. The operator wraps it and reads its state; it does not yet drive it. The agent becomes a thin Go process in a later phase. See Roadmap & Status.
Next: the components — the CRDs, controllers, and the pluggable seams that make the whole thing extensible beyond one customer's hardware.