Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor KubeArmor Operator #1779

Open
rksharma95 opened this issue Jun 3, 2024 · 2 comments
Open

Refactor KubeArmor Operator #1779

rksharma95 opened this issue Jun 3, 2024 · 2 comments
Assignees
@rksharma95
Labels
discussion enhancement New feature or request

Comments

@rksharma95
Copy link
Collaborator

Refactor KubeArmor Operator

  • refactor kubearmorConfig keep it close to k8s manifest spec

    Current:

    kubearmorImage:
  image:
  imagePullPolicy
...

    Proposed:

    kubearmor:
  image:
  args:

kubearmorRelay:
  image:
  args:

kubearmorController:
...

  • avoid snitch's dependency for serviceaccount being created after KubeArmorConfig CR has been created, to avoid increasing time delay due to reconcilation.

  • avoid seperate resource update for each configuration update

  • optimize cert roatation logic

  • discuss to decide if tight loop should be replaced with informer based reconcider. reconciler will require watch permission for managing k8s resources.
@rksharma95 rksharma95 added enhancement New feature or request discussion labels Jun 3, 2024
@rksharma95 rksharma95 mentioned this issue Jul 18, 2024
Open
7 tasks
@carlosrodfern
Copy link
Contributor

The change to the operator CRD is also desirable to be able to set the log level in the values.yaml in the helm chart for the controller: #1849

@carlosrodfern
Copy link
Contributor

carlosrodfern commented Sep 10, 2024
edited
Loading

More details for the Proposal:

kubearmor:
  image:
     repository: ?
     tag: ?
     pullPolicy: ?
  args: []
  resources:
    limits:
      cpu: ?
      memory: ?
    requests:
      cpu: ?
      memory: ?

kubearmorRelay:
  image:
     repository: ?
     tag: ?
     pullPolicy: ?
  args: []
  resources:
    limits:
      cpu: ?
      memory: ?
    requests:
      cpu: ?
      memory: ?

kubearmorController:
  image:
     repository: ?
     tag: ?
     pullPolicy: ?
  args: []
  resources:
    limits:
      cpu: ?
      memory: ?
    requests:
      cpu: ?
      memory: ?

Perhaps even a global too?

global:
  image:
    pullPolicy: ?
    repository: ?

This is inspired on the typical pattern seen in helm values.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rksharma95 rksharma95

Labels
discussion enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@carlosrodfern @rksharma95