search

samba-in-kubernetes / samba-operator

An operator for a Samba as a service on PVCs in kubernetes
Apache License 2.0
113 stars 24 forks source link

Deploy on OpenShift with dedicated SCC #293

Closed synarete closed 1 year ago

synarete commented 1 year ago

Refactor deployment over OpenShift cluster using custom samba SCC. User is expected to deploy the samba SCC prior to the deployment of the samba-operator (or, via kustomization mechanism).

Reconcile ServiceAccount, Role and RoleBinding as part of SmbShare reconcile loop, within the namespace in which the smbshare resides.

phlogistonjohn commented 1 year ago

I made a few small comments on my first skim. I will def. need to re-read this for a proper review. Please ping me in a few work days if you don't see a full review by then.

phlogistonjohn commented 1 year ago

Either in this PR or in a follow up I think it would be good to have a new document in the docs dir that goes over some of the important differences between plain k8s and openshift, I think the most important would be to explain that: if you are using openshift and want to create smbshares in namespaces other than the default (which we've already updated via kustomize) the creator of the ns also needs to set the openshift specific security properties.

(I'm assuming I got the summary right, feel free to correct me)

synarete commented 1 year ago

Either in this PR or in a follow up I think it would be good to have a new document in the docs dir that goes over some of the important differences between plain k8s and openshift, I think the most important would be to explain that: if you are using openshift and want to create smbshares in namespaces other than the default (which we've already updated via kustomize) the creator of the ns also needs to set the openshift specific security properties.

(I'm assuming I got the summary right, feel free to correct me)

I am working on samba-on-openshift doc. Will come in a separate PR.

phlogistonjohn commented 1 year ago

I want to try microshift later this week and if it goes OK then I will test this PR on it. If I can't get microshift running either I will probably just approve, but if this goes unreviewed past next tues (03-15) feel free to ping me and remind me I owe you a proper review.

phlogistonjohn commented 1 year ago

/test centos-ci/sink-clustered/mini-k8s-1.26

phlogistonjohn commented 1 year ago

/test centos-ci/sink-clustered/mini-k8s-1.26