Openshift integration - Githubissues

adfinis / back8sup

A simple way to backup your kubernetes resources

GNU Affero General Public License v3.0

2 stars 2 forks source link

Openshift integration #5

Closed eyenx closed 4 years ago

eyenx commented 4 years ago

We need a oscp integration of this container.

tongpu commented 4 years ago

I believe that since the change to using the nobody user it should work in OpenShift without any changes.

eyenx commented 4 years ago

isn't it a problem using kubectl instead of oc?

On 27 May 2020 20:38:20 CEST, Lukas Grossar notifications@github.com wrote:

I believe that since the change to using the nobody user it should work in OpenShift without any changes.

We are now called Adfinis! More at www.adfinis.com

Adfinis AG Antonio Tauro, System Engineer, GPG KeyID: 0x0796132F0077A5F8 Güterstrasse 86 | CH-4053 Basel Office +41 61 500 31 31 | Direct +41 61 500 31 37 www.adfinis.com

tongpu commented 4 years ago

isn't it a problem using kubectl instead of oc?

Since all custom OpenShift APIs have been converted to CRDs (at least I think so) it shouldn't make a difference anymore. Especially with the approach to backup we're using here (explicit object selection instead of dumping everything).

eyenx commented 4 years ago

Good. I guess @s3lph could be the first to try this out on a oscp 4.x cluster.

On 27 May 2020 21:47:59 CEST, Lukas Grossar notifications@github.com wrote:

isn't it a problem using kubectl instead of oc?

Since all custom OpenShift APIs have been converted to Cards (at least I think so) it shouldn't make a difference anymore. Especially with the approach to backup we're using here (explicit object selection instead of dumping everything).

We are now called Adfinis! More at www.adfinis.com

Adfinis AG Antonio Tauro, System Engineer, GPG KeyID: 0x0796132F0077A5F8 Güterstrasse 86 | CH-4053 Basel Office +41 61 500 31 31 | Direct +41 61 500 31 37 www.adfinis.com

s3lph commented 4 years ago

It basically does work, however, due to the different permission model used in Openshift (pods running as random UIDs and GID=0), the kubectl client in the container can't write the API cache to ~/.kube/cache, so each API call is utterly slow.

s3lph commented 4 years ago

As a workaround until this is merged, I'm using an OpenShift BuildConfig with the following Dockerfile:

FROM docker.io/adfinissygroup/back8sup:latest
USER 0
RUN mkdir -p /workdir && chgrp 0 -R /workdir && chmod g=u -R /workdir
ENV HOME /workdir
WORKDIR /workdir
USER 65534