Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add scc template #37

Merged
merged 1 commit into from
Oct 26, 2022
Merged

Add scc template #37

merged 1 commit into from
Oct 26, 2022

Conversation

maiqueb
Copy link
Collaborator

@maiqueb maiqueb commented Oct 10, 2022
edited
Loading

What this PR does / why we need it:
This PR provides an SCC manifest, without which deployment of the project in an Openshift cluster would fail, since mounting host file system paths requires the following permissions to be granted (for Openshift clusters):

  • hostPath volume
  • allowHostDirVolumePlugin (if false it overrides the hostPath volume entry)
  • allowPrivilegedContainer (we need to be privileged, since multus-cni container is privileged. We wouldn't be able to use the socket otherwise).

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #33

Special notes for your reviewer (optional):

@maiqueb maiqueb requested a review from phoracek October 10, 2022 11:01
@maiqueb maiqueb force-pushed the add-scc-template branch 2 times, most recently from a47a808 to 9a51ffe Compare October 10, 2022 11:03
@maiqueb
deploy: add SCC template / manifest
18b29f8 
A condition was added to the `generate_manifests` script: it does not
make sense to generate container runtime parametrized manifests for
**anything** other than the daemonset spec of the controller - since
these are container runtime agnostic.

Signed-off-by: Miguel Duarte Barroso <mdbarroso@redhat.com>
@maiqueb
Copy link
Collaborator Author

maiqueb commented Oct 14, 2022

With this SCC we can deploy the controller in openshift, but it fails because it cannot find the multus-socket:

9m22s       Normal    SuccessfulCreate   daemonset/dynamic-networks-controller-ds   Created pod: dynamic-networks-controller-ds-xxmzg
9m22s       Normal    Scheduled          pod/dynamic-networks-controller-ds-whh46   Successfully assigned openshift-dummyns/dynamic-networks-controller-ds-whh46 to ip-10-0-241-91.ec2.internal by ip-10-0-188-121
9m22s       Normal    Scheduled          pod/dynamic-networks-controller-ds-j9hh6   Successfully assigned openshift-dummyns/dynamic-networks-controller-ds-j9hh6 to ip-10-0-154-250.ec2.internal by ip-10-0-188-121
5m12s       Warning   FailedMount        pod/dynamic-networks-controller-ds-j9hh6   MountVolume.SetUp failed for volume "multus-server-socket" : hostPath type check failed: /run/multus/multus.sock is not a socket file

We need to get multus-v4 on openshift to the controllers to successfully come up.

@maiqueb maiqueb marked this pull request as ready for review October 17, 2022 08:15
phoracek
phoracek approved these changes Oct 26, 2022
View reviewed changes
Copy link
Member

@phoracek phoracek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@maiqueb
Copy link
Collaborator Author

maiqueb commented Oct 26, 2022

Let's fly with this for the time being.

Once we have CNO optionally install multus-v4, we can revisit, and give proper feedback; no sense to hold off MVP a downstream dependency.

@maiqueb maiqueb merged commit aa1f217 into main Oct 26, 2022
@maiqueb maiqueb deleted the add-scc-template branch October 27, 2022 11:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phoracek phoracek phoracek approved these changes

Assignees

@phoracek phoracek

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[RFE] SCC support
2 participants
@maiqueb @phoracek