Comments (7)
Could you explain for what do you need roles?
from deployments-k8s.
We are working on a Helm chart for NSM, and have to meet some requirements. One of them is that DaemonSets, Deployments, etc should not use the default roles, but should have their own, together with RoleBinding.
from deployments-k8s.
@rpiceage OK... so lets talk through this to make sure I understand :)
Are you asking the that Role and ClusterRole for the various Pods/Daemonsets/Deployments in the NSM system?
If so, I presume you are seeking to converge on the most restrictive Role/ClusterRole that will work for those Pods/Daemonsets/Deployments correct?
I believe that the only cmd-* we have that are interacting with the k8s API are:
- cmd-forwarder-sriov
- cmd-exclude-prefixes-k8s
- cmd-registry-k8s
from deployments-k8s.
@edwarnicke Yes, you got it right about the most restrictive Role.
Does this mean that cmd-registry-memory, cmd-nsmgr and cmd-forwarder-vpp do not require anything specified it their most restrictive Roles?
from deployments-k8s.
@rpiceage Not in terms of their interactions with the K8s API. cmd-forwarder-vpp does need to run privileged.
from deployments-k8s.
@edwarnicke Thanks for the info.
from deployments-k8s.
@rpiceage Which brings us around to the question... do you need Roles and ClusterRoles for:
- cmd-forwarder-sriov
- cmd-exclude-prefixes-k8s
- cmd-registry-k8s
I believe cmd-forwarder-sriov has dependencies on k8s due to it providing a device plugin
I believe cmd-exclude-prefixes-k8s mostly reads from the K8s API, but also writes ConfigMaps
cmd-registry-k8s maintains CRDs to store NSM registry entries.
from deployments-k8s.
Related Issues (20)
- Traffic disturbance 2 minutes after node restart HOT 5
- Question about VPP-forwarder HOT 1
- about nsm install HOT 1
- Implement k8s controller for NSM connections
- Implement k8s controller for NSM endpoints/network services to be able to comfortable work with custom registries in k8s
- admission-webhook-k8s stays in a NonReady state HOT 2
- Bug with re-deployment of nse-composition with kernel-interfaces HOT 8
- Cilium bug with multi-nodes NSM cluster.
- Bug with nse-composition example. HOT 1
- install nsm problem HOT 3
- Link for vl3 floating example doesn't work
- NSM in kubeadm cluster
- nse interface incorrect name HOT 1
- NSEs and Forwarders can have the same url when they register in a registry
- `nsc-memif` constantly heal the connection in the `local-nsmgr-local-nse-memif` test
- Add configuration for turning profiling on/off HOT 11
- Loadbalancer example stops working when the deployment is scaled up.
- Add PostgreSQL server to the spire server config and get rid of using persistent volume HOT 1
- Bug with kernel-chain-composition HOT 2
- Error updating bundle HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from deployments-k8s.