New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
peerpod ctrl #283
peerpod ctrl #283
Conversation
Removing WIP, I added a commit to keep up with #286 however, I'm not sure it's correct as locally i'm failing to build after this change |
removed the controller-tools patch as it will be fixed by: |
config/manager/manager.yaml
Outdated
@@ -30,6 +30,7 @@ spec: | |||
labels: | |||
control-plane: controller-manager | |||
spec: | |||
hostNetwork: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is hostNetwork=true
due to peerpod-ctrl and is this really needed ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, AFAIR for it's needed in order to use Instance Metadata Service
The PR description is really confusing. What does this PR actually implement/change? Is there a jira issue for this? |
This is the downstream integration part of the dangling resources controller in the sandboxed-container-operator, IIRC it's referred under the same Jira. |
to avoid: vbom.ml/util@v0.0.0-20180919145318-efcd4e0f9787: unrecognized import path "vbom.ml/util": https fetch: Get "https://vbom.ml/util?go-get=1": dial tcp: lookup vbom.ml: no such host Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
05ff1bc
to
77a44d2
Compare
I don't feel like I'm qualified to do a thorough review of this PR, but I did not noticed anything that looked obviously wrong. |
Just tested this on my Azure setup by following this sequence
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
/lgtm
in the current controller https://github.com/confidential-containers/cloud-api-adaptor/tree/staging/peerpod-ctrl Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
to support peerpod-ctrl: - peerpod-ctrl rbac (for manager itself) added using kubebuilder markers - peerpodconfig-ctrl rbac (for CAA DA) added using caa_rbac.yaml Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
Signed-off-by: Snir Sheriber <ssheribe@redhat.com>
New changes are detected. LGTM label has been removed. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm, thank you @snir911
This is integration of peerpod-ctrl in this controller
* This is rebased on top of #282 * currently supports only aws (waiting for azure upstream merge)- build and install controller normally, and KataConfig with
- make sure caa pods are up and running
- run
- change the caa pod images from
- then you should be able to run a (peer)pod and see PeerPod object created (it owned by the pod) and managed by the controller in case of deletion failure
- make caa pod to be deployed with the correct rbac permissions
- controller rbac for PeerPod modified manually, generate it using kubebuilder instead
- remove hack patch
- make sure it's rebased correctly once
To install:
enablePeerPods: true
kubectl apply -f hack/caa-rbac.yaml
workaround to set rbac for the caa pods (I'm not sure if they require to be restarted)quay.io/confidential-containers/cloud-api-adaptor-aws
toquay.io/confidential-containers/cloud-api-adaptor
to make sure the peerpod-ctrl caa changes included (related also to make caa image url configurable #284)TODOs:
This is all fixed, just build and test