New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add CRD for SPOD deployment configuration #336
Conversation
322179e
to
f7fc890
Compare
Codecov Report
@@ Coverage Diff @@
## master #336 +/- ##
==========================================
- Coverage 28.17% 27.34% -0.84%
==========================================
Files 9 9
Lines 653 673 +20
==========================================
Hits 184 184
- Misses 450 470 +20
Partials 19 19
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
This adds a CRD called SecurityProfilesOperatorDaemon (short is spod), which will both configure the SPOD daemon and reflect its status in the cluster. Signed-off-by: Juan Antonio Osorio Robles <jaosorior@redhat.com>
Objects not being found are not necessarily a bad thing when deleting several resources: e.g. when tearing down the operator, the CRDs get deleted first, later on it might fail trying to delete an instance of a custom resource. Signed-off-by: Juan Antonio Osorio Robles <jaosorior@redhat.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just a nitty nit.
Co-authored-by: Sascha Grunert <sgrunert@redhat.com>
@saschagrunert took in your suggestion. Thanks! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: JAORMX, pjbgf, saschagrunert The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind feature
/kind design
/kind api-change
What this PR does / why we need it:
This adds a CRD called
SecurityProfilesOperatorDaemon
(short is spod),which will both configure the SPOD daemon and reflect its status in the
cluster.
The Custom Resource looks very similar to the ConfigMap we used to have, but it
has the advantage that the fields are actually validated by the CRD itself, as
well as two status fields:
State: A single word description of the status of the spod instance
Conditions: A standard set of conditions which indicate observations about
the deployment. These help us interact with the deployment using kubectl.
This also enables the deployment of as many SPO daemons as needed. Where,
an instance of a SPOD object matches an instance of the DaemonSet. This is
because the DaemonSet now is created with the same name as the SPOD
object. Thus, one can simply create a new DaemonSet by creating a SPOD
object with a different name.
Which issue(s) this PR fixes:
Fixes #327
Does this PR have test?
N/A.
Does this PR introduce a user-facing change?