search

BCDevOps / developer-experience

This repository is used to track all work for the BCGov Platform Services Team (This includes work for: 1. Platform Experience, 2. Developer Experience 3. Platform Operations/OCP 3)
Apache License 2.0
8 stars 17 forks source link

Install the Serverless Operator #1721

Closed StevenBarre closed 2 years ago

StevenBarre commented 3 years ago

Describe the issue After a demo of Serverless, several teams showed an interest. Install in the clusters via CCM

Additional context https://docs.openshift.com/container-platform/4.7/serverless/admin_guide/install-serverless-operator.html

Definition of done

StevenBarre commented 3 years ago

Will need an update to default KNP for projects https://docs.openshift.com/container-platform/4.7/serverless/knative_serving/serverless-applications.html#serverless-services-network-policies_serverless-applications

StevenBarre commented 3 years ago

@NickCorcoran @bruce-wh-li would it be fair to guess that we'd not want cluster wide access to Serverless functions ? If so, this install would then be dependant on getting Service Mesh installed, which is a whole thing.

However, by allowing access from Knative system namespaces to your Knative application, you are allowing access to your Knative application from all namespaces in the cluster.

If you do not want to allow access to your Knative application from all namespaces on the cluster, you might want to use JSON Web Token authentication for Knative services instead (see the Knative Serving documentation). JSON Web Token authentication for Knative services requires Service Mesh.

https://docs.openshift.com/container-platform/4.7/serverless/knative_serving/serverless-applications.html#serverless-services-network-policies_serverless-applications

NickCorcoran commented 3 years ago

Agreed. We do not want all namespaces to be able to access those that want to use this feature.

@mitovskaol Service Mesh would be required to do this. I recall this being something on the roadmap a while ago, but unsure where that is.

mitovskaol commented 3 years ago

@NickCorcoran Service Mesh will be available in OCP 4.8

mitovskaol commented 3 years ago

This ticket will be put on hold until we upgrade Silver to OCP 4.8 in Q4

StevenBarre commented 3 years ago

Had a chat with Matt today. Service Mesh can be installed in v4.7. His previous comment about it being "a whole thing" was more around user training, than installation. I think I'll give it a go in a lab next sprint and see what all is involved.

StevenBarre commented 3 years ago

https://github.com/bcgov-c/platform-gitops-gen/pull/303 https://github.com/bcgov-c/platform-gitops-gen/pull/304

StevenBarre commented 3 years ago

https://access.redhat.com/documentation/en-us/openshift_container_platform/4.7/html/service_mesh/service-mesh-2-x

StevenBarre commented 2 years ago

Components are installed in CLAB. Now waiting on the dev team to test and see if any changes need to be made. Closing this ticket and will open a new one should any new changes be needed, and when its ready to be rolled out to PROD.

StevenBarre commented 1 year ago

https://docs.openshift.com/container-platform/4.12/serverless/install/preparing-serverless-install.html

OpenShift Serverless currently cannot be used in a multi-tenant configuration on a single cluster.