Skip to content

Add okd support #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Add okd support #43

wants to merge 3 commits into from

Conversation

@Asgoret
Copy link

@Asgoret Asgoret commented Sep 2, 2020

No description provided.

@Asgoret
Copy link
Author

Asgoret commented Sep 2, 2020

сс @amimof

@amimof
Copy link
Owner

amimof commented Sep 3, 2020

@Asgoret Thanks for contributing. Can you please provide a bit more details. Is there a reason why OKD is different from the existing K8S daemonset manifest? What is the reason for using jsonnet? Is there a chance that the jsonnet implementation is generic and not specific for OpenShift?

@Asgoret
Copy link
Author

Asgoret commented Sep 3, 2020

@amimof Hi!

  1. OKD by design have a more secure environment. So you can't just add daemonset with mounting something from the host machine. Also I there is another ways for certificates (e.g. ~/kubernetes/pki doesn't exist at all) and I add ETCD certificates for monitoring
  2. Jsonnet used just for generating YAML files for the different environment (e.g. image version or namespace)
  3. jsonnet used with ksonnet so it prepares YAML basically for k8s API. But, as OKD based on k8s we can deploy in OKD too.

UPD: Also I add grafana dashboard (forget is at first (sic!))

@Asgoret
Copy link
Author

Asgoret commented Sep 4, 2020

@amimof all good?

@amimof
Copy link
Owner

amimof commented Sep 7, 2020

Ok I understand. However I believe the jsonnet files are somewhat out of scope of this project since it is possible to deploy rendered yaml manifests to OKD. How those files are rendered to begin with is up to the user.

  • The files okd/rendered/node-cert-exporter-daemonset.yaml, okd/rendered/node-cert-exporter-service.yaml, okd/rendered/node-cert-exporter-serviceAccount.yaml, and okd/rendered/node-cert-exporter-serviceMonitor.yaml can be merge into one file.
  • The command oc adm policy add-scc-to-user hostmount-anyuid -n monitoring -z node-cert-exporter essentially creates a ClusterRoleBinding which can be put as yaml into the manifest. All this makes for a much cleaner and simpler example.

And lastly, please put the okd/ folder under deploy

@Asgoret
Copy link
Author

Asgoret commented Sep 8, 2020

  • Jsonnet is something for development. If someone wants to develop their own version with own limits or tags he will be creating some template file. Not in scope, but good thing I think)
  • The long file is not good to practise because it harder for development and check before deploying and hard to store version in git
  • SCC is not a CRB. It's security context and is OKD abstraction, not Kubernetes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Asgoret @amimof