Sveltos Kubernetes add-on controller programmatically deploys add-ons and applications in tens of clusters. Support for ClusterAPI powered clusters, Helm charts, kustomize ,YAMLs. Sveltos has built-in support for multi-tenancy.
We are building solutions in environments which have pretty strict enforcement (must use specific registry, must have all relevant securityContext settings set, etc.)
Describe the solution you'd like
I don't think it's a good idea to work with controller arguments, as it might be messy over time. Also a dedicated CRD seems to much unless we might want to Consider something like ComponentConfig which can be reused for all components of sveltos. I think something simple as a configmap would already be enough. Here's an example how you can configure the velero restic restore helper container via configmap (Origin:
apiVersion: v1
kind: ConfigMap
metadata:
name: drift-manager-props
namespace: projectsveltos
labels:
projectsveltos.io/component-config: "drift-detection-manager"
data:
# The value for "image" can either include a tag or not;
# if the tag is *not* included, the tag from the main Velero
# image will automatically be used.
image: myregistry.io/my-custom-helper-image[:OPTIONAL_TAG]
# "cpuRequest" sets the request.cpu value on the restore init containers during restore.
# If not set, it will default to "100m". A value of "0" is treated as unbounded.
cpuRequest: 200m
# "memRequest" sets the request.memory value on the restore init containers during restore.
# If not set, it will default to "128Mi". A value of "0" is treated as unbounded.
memRequest: 128Mi
# "cpuLimit" sets the request.cpu value on the restore init containers during restore.
# If not set, it will default to "100m". A value of "0" is treated as unbounded.
cpuLimit: 200m
# "memLimit" sets the request.memory value on the restore init containers during restore.
# If not set, it will default to "128Mi". A value of "0" is treated as unbounded.
memLimit: 128Mi
# "secCtxRunAsUser" sets the securityContext.runAsUser value on the restore init containers during restore.
secCtxRunAsUser: 1001
# "secCtxRunAsGroup" sets the securityContext.runAsGroup value on the restore init containers during restore.
secCtxRunAsGroup: 999
# "secCtxAllowPrivilegeEscalation" sets the securityContext.allowPrivilegeEscalation value on the restore init containers during restore.
secCtxAllowPrivilegeEscalation: false
# "secCtx" sets the securityContext object value on the restore init containers during restore.
# This key override `secCtxRunAsUser`, `secCtxRunAsGroup`, `secCtxAllowPrivilegeEscalation` if `secCtx.runAsUser`, `secCtx.runAsGroup` or `secCtx.allowPrivilegeEscalation` are set.
secCtx: |
capabilities:
drop:
- ALL
add: []
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsUser: 1001
runAsGroup: 999
Looking for feedback!
Describe alternatives you've considered
Additional context
Add any other context or screenshots about the feature request here.
Is your feature request related to a problem? Please describe. The deployment of the drift-detection-manager is very static at the moment:
We are building solutions in environments which have pretty strict enforcement (must use specific registry, must have all relevant securityContext settings set, etc.)
Describe the solution you'd like I don't think it's a good idea to work with controller arguments, as it might be messy over time. Also a dedicated CRD seems to much unless we might want to Consider something like
ComponentConfig
which can be reused for all components of sveltos. I think something simple as a configmap would already be enough. Here's an example how you can configure the velero restic restore helper container via configmap (Origin:Looking for feedback!
Describe alternatives you've considered
Additional context Add any other context or screenshots about the feature request here.