peerpod ctrl #283
peerpod ctrl #283
Conversation
openshift-ci
bot
added
the
do-not-merge/work-in-progress
openshift-merge-robot
added
the
needs-rebase
openshift-merge-robot
added
needs-rebase
openshift-merge-robot
removed
the
needs-rebase
|
Removing WIP, I added a commit to keep up with #286 however, I'm not sure it's correct as locally i'm failing to build after this change |
openshift-ci
bot
removed
the
do-not-merge/work-in-progress
|
removed the controller-tools patch as it will be fixed by: |
config/manager/manager.yaml
Outdated
| @@ -30,6 +30,7 @@ spec: | |||
| labels: | |||
| control-plane: controller-manager | |||
| spec: | |||
| hostNetwork: true | |||
There was a problem hiding this comment.
Is hostNetwork=true due to peerpod-ctrl and is this really needed ?
There was a problem hiding this comment.
yes, AFAIR for it's needed in order to use Instance Metadata Service
|
The PR description is really confusing. What does this PR actually implement/change? Is there a jira issue for this? |
openshift-merge-robot
added
the
needs-rebase
openshift-merge-robot
removed
the
needs-rebase
|
This is the downstream integration part of the dangling resources controller in the sandboxed-container-operator, IIRC it's referred under the same Jira. |
bpradipt
added
the
do-not-merge/hold
to avoid:
vbom.ml/util@v0.0.0-20180919145318-efcd4e0f9787: unrecognized
import path "vbom.ml/util": https fetch: Get
"https://vbom.ml/util?go-get=1": dial tcp: lookup vbom.ml: no such host
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
bpradipt
removed
the
do-not-merge/hold
snir911
force-pushed
the
peerpod-ctrl
branch
2 times, most recently
from
05ff1bc
to
77a44d2
Compare
|
I don't feel like I'm qualified to do a thorough review of this PR, but I did not noticed anything that looked obviously wrong. |
|
Just tested this on my Azure setup by following this sequence
|
in the current controller https://github.com/confidential-containers/cloud-api-adaptor/tree/staging/peerpod-ctrl Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
to support peerpod-ctrl: - peerpod-ctrl rbac (for manager itself) added using kubebuilder markers - peerpodconfig-ctrl rbac (for CAA DA) added using caa_rbac.yaml Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
|
New changes are detected. LGTM label has been removed. |
This is integration of peerpod-ctrl in this controller
* This is rebased on top of #282 * currently supports only aws (waiting for azure upstream merge)- build and install controller normally, and KataConfig with
- make sure caa pods are up and running
- run
- change the caa pod images from
- then you should be able to run a (peer)pod and see PeerPod object created (it owned by the pod) and managed by the controller in case of deletion failure
- make caa pod to be deployed with the correct rbac permissions
- controller rbac for PeerPod modified manually, generate it using kubebuilder instead
- remove hack patch
- make sure it's rebased correctly once
To install:
enablePeerPods: truekubectl apply -f hack/caa-rbac.yamlworkaround to set rbac for the caa pods (I'm not sure if they require to be restarted)quay.io/confidential-containers/cloud-api-adaptor-awstoquay.io/confidential-containers/cloud-api-adaptorto make sure the peerpod-ctrl caa changes included (related also to make caa image url configurable #284)TODOs:
This is all fixed, just build and test