-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubernetes / OpenShift zero-config/install operation #5920
Comments
One interesting use case that came up at KubeCon is that some organizations (banks, Gov) don't allow Docker on the desktop. If this could be done in a manner that that did not require a local docker registry it would address the needs of more secure environments. |
Might be provided via #6007 |
Hey @maxandersen I'm working on the roadmap and I think this one needs work. |
the best would be an OCI compliant runtime for CRI-O, like gVisor could I sugest qVisor for the name? (just kidding). So instead of having a generic image with an embeded framework (multi-stage dockerfile), the framework could be present in a runtime binary (as a sandbox), and maybe allow the runtime binary to take arguments and use different implementations of the "vm" (sandbox-extensions like kotlin?)? I'm sorry if I'm being vague, I am new to OCI and k8s, and quarkus but I already seen Kata-containers, runc, runsc(gvisor) and maybe more runtimes available for the kuberentes. And the OCI model seems to bring a long term solution and is implemented in new version of kubernetes as the runtimeClassName annotation. if we could have an implementation like kata-containers, it has a runtime-binary(the one cri-o contacts as a command call with arguments) that reads a config (/etc/some-kata.conf) and reads/writes to a runtime .sock systemd service that deploys and manages qemu-kvm isolated containers (and their resources using .toml config files). related reading: https://blogs.oracle.com/weblogicserver/weblogic-announce-support-for-cri-o-container-runtime |
I added checkboxes to what has already been done. |
@geoand @iocanel the one "big thing" missing in this is to have it working with but not needing kubectl/oc/docker to authenticate/build - how far are we actually from that ? can we pass in username/passwords or in case of missing kubeconfig credentials do the login and update the kubeconfig for future operations ? |
We don't have that AFAIK. |
The client can use raw token for Kubernetes and Openshift. Also is able to
use username/password for Openshift.
For docker authentication, build and push we have lot of options. Maybe
Rohan and Marc can help with that.
…On Sun, Apr 12, 2020, 10:38 Georgios Andrianakis ***@***.***> wrote:
We don't have that AFAIK.
@iocanel <https://github.com/iocanel> the client can do that can't it? So
it's just of matter of supplying the proper Quarkus configuration, right?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#5920 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADCEWGICHNMN4FXRHRTM43RMFVWFANCNFSM4JUYXLKA>
.
|
@maxandersen @iocanel and friends, what shoudl we target this for 1.6 or later? |
@maxandersen ping the pinger |
@maxandersen should we call this complete? |
For kubernetes and openshift we are ok, but we won't update the
.kube/config. For docker though there are two things that are missing:
- we use the docker binary under the hood.
- we require a . docker/config.json
The latter is possibly true for job too.
Let me pick this up.
…On Sat, Jan 16, 2021, 12:20 AM Jason T. Greene ***@***.***> wrote:
@maxandersen <https://github.com/maxandersen> should we call this
complete?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#5920 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AADCEWG344M2XBEYJYGKVMTS2C5T7ANCNFSM4JUYXLKA>
.
|
Description
With fmp/jkube maven/gradle plugins and dekorate we have the opportunity to provide a initial experience with openshift/kubernetes that literally only require account credentials for a cluster.
we should make that happen while having a gradual way of allowing users to configure/expand to use full features of other tools.
Analysis
(links to analysis docs containing architecture design work, requirements gathering, etc)
Tasks
The text was updated successfully, but these errors were encountered: