Kubernetes / OpenShift zero-config/install operation

maxandersen commented 4 years ago

Description

With fmp/jkube maven/gradle plugins and dekorate we have the opportunity to provide a initial experience with openshift/kubernetes that literally only require account credentials for a cluster.

we should make that happen while having a gradual way of allowing users to configure/expand to use full features of other tools.

Analysis

(links to analysis docs containing architecture design work, requirements gathering, etc)

Tasks

[x] POC of kubernetes/openshift build/deploy via kubernetes extension github.com/quarkusio/quarkus/pull/5496
[x] check and document how users will customize via jkube/dekorate
[ ] check and document how it works with odo
[ ] check and document how users will customize via kustomize
[ ] check and document how works with skaffold.dev
[x] build container images with jib #6007

jclingan commented 4 years ago

One interesting use case that came up at KubeCon is that some organizations (banks, Gov) don't allow Docker on the desktop. If this could be done in a manner that that did not require a local docker registry it would address the needs of more secure environments.

gunnarmorling commented 4 years ago

Might be provided via https://github.com/quarkusio/quarkus/issues/6007

maxandersen commented 4 years ago

@jclingan #6007 talks about generating the container - you'll still need a registry to push to from whereever you build and then pull from it where you want to run it. With this you can do the build but still can't run it...

emmanuelbernard commented 4 years ago

Hey @maxandersen I'm working on the roadmap and I think this one needs work. Can we consider it closed, should we create a different epic for the work we want to do in the next 3-6 months?

gattytto commented 4 years ago

the best would be an OCI compliant runtime for CRI-O, like gVisor could I sugest qVisor for the name? (just kidding). So instead of having a generic image with an embeded framework (multi-stage dockerfile), the framework could be present in a runtime binary (as a sandbox), and maybe allow the runtime binary to take arguments and use different implementations of the "vm" (sandbox-extensions like kotlin?)? I'm sorry if I'm being vague, I am new to OCI and k8s, and quarkus but I already seen Kata-containers, runc, runsc(gvisor) and maybe more runtimes available for the kuberentes. And the OCI model seems to bring a long term solution and is implemented in new version of kubernetes as the runtimeClassName annotation.

if we could have an implementation like kata-containers, it has a runtime-binary(the one cri-o contacts as a command call with arguments) that reads a config (/etc/some-kata.conf) and reads/writes to a runtime .sock systemd service that deploys and manages qemu-kvm isolated containers (and their resources using .toml config files).

https://youtu.be/pWyJahTWa4I?t=745

geoand commented 4 years ago

I added checkboxes to what has already been done.

maxandersen commented 4 years ago

@geoand @iocanel the one "big thing" missing in this is to have it working with but not needing kubectl/oc/docker to authenticate/build - how far are we actually from that ? can we pass in username/passwords or in case of missing kubeconfig credentials do the login and update the kubeconfig for future operations ?

geoand commented 4 years ago

We don't have that AFAIK. @iocanel the client can do that can't it? So it's just of matter of supplying the proper Quarkus configuration, right?

iocanel commented 4 years ago

The client can use raw token for Kubernetes and Openshift. Also is able to use username/password for Openshift.

For docker authentication, build and push we have lot of options. Maybe Rohan and Marc can help with that.

On Sun, Apr 12, 2020, 10:38 Georgios Andrianakis notifications@github.com wrote:

We don't have that AFAIK. @iocanel https://github.com/iocanel the client can do that can't it? So it's just of matter of supplying the proper Quarkus configuration, right?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/quarkusio/quarkus/issues/5920#issuecomment-612576766, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADCEWGICHNMN4FXRHRTM43RMFVWFANCNFSM4JUYXLKA .

emmanuelbernard commented 4 years ago

@maxandersen @iocanel and friends, what shoudl we target this for 1.6 or later?

emmanuelbernard commented 4 years ago

@maxandersen ping the pinger

n1hility commented 3 years ago

@maxandersen should we call this complete?

iocanel commented 3 years ago

For kubernetes and openshift we are ok, but we won't update the .kube/config. For docker though there are two things that are missing:

we use the docker binary under the hood.
we require a . docker/config.json

The latter is possibly true for job too.

Let me pick this up.

On Sat, Jan 16, 2021, 12:20 AM Jason T. Greene notifications@github.com wrote:

@maxandersen https://github.com/maxandersen should we call this complete?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/quarkusio/quarkus/issues/5920#issuecomment-761228252, or unsubscribe https://github.com/notifications/unsubscribe-auth/AADCEWG344M2XBEYJYGKVMTS2C5T7ANCNFSM4JUYXLKA .

quarkusio / quarkus