Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: improve capi registration #197

Merged
merged 7 commits into from
Nov 18, 2024
Merged

feat: improve capi registration #197

merged 7 commits into from
Nov 18, 2024

Conversation

he2ss
Copy link
Member

@he2ss he2ss commented Nov 14, 2024

Because of PersistentVolume ReadWriteMany that is not allowed il lot of k8s clusters. The persistency is not possible for lapi and so the capi credentials that were generated are always changing.

The first solution is to have a job that register, get the new credentials and patch a configmap using k8s API.

@github-actions GitHub Actions
Copy link

@he2ss: There are no 'kind' label on this PR. You need a 'kind' label to generate the release automatically.

  • /kind feature
  • /kind enhancement
  • /kind fix
  • /kind chore
  • /kind dependencies
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the forked project rr404/oss-governance-bot repository.

@github-actions github-actions bot added needs/kind Kind label required needs/area labels Nov 14, 2024
@github-actions GitHub Actions
Copy link

@he2ss: There are no area labels on this PR. You can add as many areas as you see fit.

  • /area agent
  • /area local-api
  • /area cscli
  • /area security
  • /area configuration
Details

I am a bot created to help the crowdsecurity developers manage community feedback and contributions. You can check out my manifest file to understand my behavior and what I can do. If you want to use this for your project, you can check out the forked project rr404/oss-governance-bot repository.

@sigtriggr
Copy link

If this is added to configmap will the lapi pods pick up same ID from the configmap and in the dashboard all the lapi pods will be register as one security engine ? Is this what this change is doing ?

@blotus
Copy link
Member

blotus commented Nov 15, 2024

Hey @sigtriggr,

Yes that's the idea. If you are running multiple LAPI pods for HA, we want them to appear as one in the console (because they are using the same database on your end, they are functionally identical and your log processors will use either of them).

This also solves the issue of requiring ReadWriteMany volumes if you want to persists the creds when running multiple LAPI pods, as we will mount the credentials from the config map.

@blotus
Copy link
Member

blotus commented Nov 18, 2024

/kind enhancement

@github-actions github-actions bot added kind/enhancement New feature or request and removed needs/kind Kind label required labels Nov 18, 2024
@he2ss he2ss changed the title [Draft] feat: improve capi registration feat: improve capi registration Nov 18, 2024
@blotus blotus merged commit f4f4ef5 into main Nov 18, 2024
3 checks passed
@blotus blotus deleted the feat/improve-capi-register branch November 18, 2024 15:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@blotus blotus blotus approved these changes

Assignees
No one assigned
Labels
kind/enhancement New feature or request needs/area
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@he2ss @sigtriggr @blotus