-
Notifications
You must be signed in to change notification settings - Fork 5.5k
-
Notifications
You must be signed in to change notification settings - Fork 5.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
enable Salt Minion in a privileged container to manage it's Host #41921
Comments
Seems like a better idea would be to have salt (the |
Hi @SEJeff, kubernetes integration is a good thing but not a substitute for a minion process so is distinct from my feature request. A few notable points:
I see a meaningful benefit as well as a tangible path forward. Thanks for your time and consideration. References:
|
AFAIK, this is already doable. If you run the container as privileged and mount the root volume into it (or whatever volumes you need access to), you should have access to everything you need. I haven't looked into this extensively myself, but my team is running containerized salt minions that configure things like iptables and our kubernetes control plane. What specifically do you need your minion to do? |
Hey @bartelsb, totally 100% yes! For this issue I wanted to make sure it was a consideration for the Salt project, that it was openly acknowledged and documented. Thanks for commenting! I think it'll help to make the request and value-proposition more clear. |
Hey @bartelsb you're definitely farther along than me in using this technique. I'm hoping to start testing use-cases in the next couple months. Any examples or advice you could share? |
Sure, I'm happy to help where I can! As I mentioned above, one of our use cases was configuring our firewall rules on the hosts via the salt minions. We chose to use a bash script running |
Very cool, thanks for the explainer @bartelsb! |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. If this issue is closed prematurely, please leave a comment and we will gladly reopen the issue. |
This would make the salt-minion installable on slim container-host OS's such as CoreOS, Photon, etc [ref:2].
I think it should be possible to have this work as long as the container is privileged.
The kubelet has managed to make this work [ref:1].
Might the Proxy system provide a way forward?
[ref:1]
https://coreos.com/kubernetes/docs/latest/kubelet-wrapper.html
[ref:2]
saltstack/salt-bootstrap#1106
The text was updated successfully, but these errors were encountered: