Add CRD for SPOD deployment configuration #336
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
k8s-ci-robot
added
release-note
k8s-ci-robot
added
cncf-cla: yes
JAORMX
force-pushed
the
spod-crd
branch
2 times, most recently
from
322179e
to
f7fc890
Compare
Codecov Report
@@ Coverage Diff @@
## master #336 +/- ##
==========================================
- Coverage 28.17% 27.34% -0.84%
==========================================
Files 9 9
Lines 653 673 +20
==========================================
Hits 184 184
- Misses 450 470 +20
Partials 19 19
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
This adds a CRD called SecurityProfilesOperatorDaemon (short is spod), which will both configure the SPOD daemon and reflect its status in the cluster. Signed-off-by: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Objects not being found are not necessarily a bad thing when deleting several resources: e.g. when tearing down the operator, the CRDs get deleted first, later on it might fail trying to delete an instance of a custom resource. Signed-off-by: Juan Antonio Osorio Robles <jaosorior@redhat.com>
saschagrunert
approved these changes
Mar 3, 2021
k8s-ci-robot
added
the
approved
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
|
@saschagrunert took in your suggestion. Thanks! |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JAORMX, pjbgf, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
/kind feature
/kind design
/kind api-change
What this PR does / why we need it:
This adds a CRD called
SecurityProfilesOperatorDaemon(short is spod),which will both configure the SPOD daemon and reflect its status in the
cluster.
The Custom Resource looks very similar to the ConfigMap we used to have, but it
has the advantage that the fields are actually validated by the CRD itself, as
well as two status fields:
State: A single word description of the status of the spod instance
Conditions: A standard set of conditions which indicate observations about
the deployment. These help us interact with the deployment using kubectl.
This also enables the deployment of as many SPO daemons as needed. Where,
an instance of a SPOD object matches an instance of the DaemonSet. This is
because the DaemonSet now is created with the same name as the SPOD
object. Thus, one can simply create a new DaemonSet by creating a SPOD
object with a different name.
Which issue(s) this PR fixes:
Fixes #327
Does this PR have test?
N/A.
Does this PR introduce a user-facing change?