Giter Club home page Giter Club logo

Comments (7)

denis-tingaikin avatar denis-tingaikin commented on September 25, 2024

Could you explain for what do you need roles?

from deployments-k8s.

rpiceage avatar rpiceage commented on September 25, 2024

We are working on a Helm chart for NSM, and have to meet some requirements. One of them is that DaemonSets, Deployments, etc should not use the default roles, but should have their own, together with RoleBinding.

from deployments-k8s.

edwarnicke avatar edwarnicke commented on September 25, 2024

@rpiceage OK... so lets talk through this to make sure I understand :)

Are you asking the that Role and ClusterRole for the various Pods/Daemonsets/Deployments in the NSM system?

If so, I presume you are seeking to converge on the most restrictive Role/ClusterRole that will work for those Pods/Daemonsets/Deployments correct?

I believe that the only cmd-* we have that are interacting with the k8s API are:

  • cmd-forwarder-sriov
  • cmd-exclude-prefixes-k8s
  • cmd-registry-k8s

from deployments-k8s.

rpiceage avatar rpiceage commented on September 25, 2024

@edwarnicke Yes, you got it right about the most restrictive Role.
Does this mean that cmd-registry-memory, cmd-nsmgr and cmd-forwarder-vpp do not require anything specified it their most restrictive Roles?

from deployments-k8s.

edwarnicke avatar edwarnicke commented on September 25, 2024

@rpiceage Not in terms of their interactions with the K8s API. cmd-forwarder-vpp does need to run privileged.

from deployments-k8s.

rpiceage avatar rpiceage commented on September 25, 2024

@edwarnicke Thanks for the info.

from deployments-k8s.

edwarnicke avatar edwarnicke commented on September 25, 2024

@rpiceage Which brings us around to the question... do you need Roles and ClusterRoles for:

  • cmd-forwarder-sriov
  • cmd-exclude-prefixes-k8s
  • cmd-registry-k8s

I believe cmd-forwarder-sriov has dependencies on k8s due to it providing a device plugin

I believe cmd-exclude-prefixes-k8s mostly reads from the K8s API, but also writes ConfigMaps

cmd-registry-k8s maintains CRDs to store NSM registry entries.

from deployments-k8s.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.