add missing cases of openshift deployment #158
Conversation
manifests/base/openshift/scc.yaml
Outdated
| allowPrivilegedContainer: true | ||
| allowHostDirVolumePlugin: true | ||
| allowHostNetwork: true | ||
| allowHostPorts: true | ||
| allowHostIPC: true | ||
| allowHostPID: true |
There was a problem hiding this comment.
Hey, as a best practice I would actually suggest restricting the kepler pods a little bit more as done lately in the kepler-operator as seen here.
I still need to raise a PR to also integrate this also into the main kepler repo but I think it would be good to already do this here.
There was a problem hiding this comment.
@BGrasnick Thank you so much for the review. Agree. Just update the scc file, please confirm.
| - name: kernel-debug | ||
| mountPath: /sys/kernel/debug | ||
| securityContext: | ||
| privileged: true | ||
| volumes: | ||
| - name: kernel-debug | ||
| hostPath: | ||
| path: /sys/kernel/debug | ||
| type: Directory |
There was a problem hiding this comment.
There is still an open discussion if mounting /sys/kernel/debug is actually needed for OpenShift. In my local tests everything seemed to work perfectly fine and normally when excluding it. See the discussion here and the PR sustainable-computing-io/kepler-operator#198. Maybe you can test this as well?
There was a problem hiding this comment.
I believe/sys/kernel/debug is still needed for libbpf to access the tracepoint files such as /sys/kernel/debug/tracing/events/irq/softirq_entry. Have you tried deploying with latest-libbpf tag?
There was a problem hiding this comment.
Yes I believe I tested both. Can probably try again later today or tomorrow! As I am no expert though maybe somebody else with more knowledge about libbpf could test as well? Don't know who that is though :)
There was a problem hiding this comment.
Actually, I am one of the team who works on this.
However, I just recheck the manifest and found that there is no need to add the mount /sys/kernel/debug here because the /sys is already attached by kepler manifest and the path is the same (i.e., /sys/kernel/debug). Will remove it.
There was a problem hiding this comment.
@BGrasnick Thanks again.
Made a rebase and update the change to open shift-patch.
sunya-ch
force-pushed
the
setup-manifest
branch
3 times, most recently
from
e4a3589 to
13b5abf
Compare
|
As it is related to manifest, I also add fix for the issue #160 to this PR. |
Signed-off-by: Sunyanan Choochotkaew <sunyanan.choochotkaew1@ibm.com>
sunya-ch
force-pushed
the
setup-manifest
branch
from
2d182cb to
3aa8dcf
Compare
Signed-off-by: Sunyanan Choochotkaew <sunyanan.choochotkaew1@ibm.com>
Signed-off-by: Sunyanan Choochotkaew <sunyanan.choochotkaew1@ibm.com>
sunya-ch
force-pushed
the
setup-manifest
branch
from
3aa8dcf to
f26c311
Compare
This PR is to fix the issue mentioned in #157.
Also, this PR add
make manifestto validate manifest before runmake deploy.Example output:
[edit] Add fix #160.
Signed-off-by: Sunyanan Choochotkaew sunyanan.choochotkaew1@ibm.com