Closed joelddiaz closed 6 years ago
@dgoodwin still need a rebase it seems, and more testing, but while i'm off working on some unrelated stuff, now seems like a good time to have this controller looked at
/test unit
/test unit
@csrwng i thought we said in the F2F that cluster-operator would run with root(ish) creds, but if we want to allow non-S3-backed registries, i'd need to add some opt-in/out flag to the clusterdeployment
@joelddiaz I would like to have a way to opt out... particularly if we're going to use cluster operator for CI or developer test environments. @dgoodwin wdyt?
At the moment a way to opt out seems like a good idea, however long term this is something we probably shouldn't even be worrying about, it seems like it should be handled by the registry operator and it's related config.
Should we add a flag to our cluster deployment API with that in mind? If it's just temporary? No question we'll be making other API edits so it's probably ok to add this to the list IMO.
/lgtm
controller to handle setting up the necessary infra pieces so that a cluster can run with an S3-backed registry
update pkg/ansible/generate to populate the various openshift_hosted_registry* ansible variables
introduce registryinfra controller to watch for new clusters and create: an s3 bucket an IAM user for the cluster registry to use to talk to the s3 bucket a kube secret holding the IAM creds to be passed to the registry
allow non-s3-backed-registry by annotating the clusterdeployment: clusteroperator.openshift.io/s3-backed-registry: "false"