Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refactor KubeArmor Operator #1779

Open
rksharma95 opened this issue Jun 3, 2024 · 3 comments
Open

Refactor KubeArmor Operator #1779

rksharma95 opened this issue Jun 3, 2024 · 3 comments
Assignees
Labels
discussion enhancement New feature or request

Comments

@rksharma95
Copy link
Collaborator

Refactor KubeArmor Operator

  • refactor kubearmorConfig keep it close to k8s manifest spec

    Current:

    kubearmorImage:
      image:
      imagePullPolicy
    ...  
    
    

    Proposed:

    kubearmor:
      image:
      args:
    
    kubearmorRelay:
      image:
      args:
    
    kubearmorController:
    ...
    
  • avoid snitch's dependency for serviceaccount being created after KubeArmorConfig CR has been created, to avoid increasing time delay due to reconcilation.

  • avoid seperate resource update for each configuration update

  • optimize cert roatation logic

  • discuss to decide if tight loop should be replaced with informer based reconcider. reconciler will require watch permission for managing k8s resources.

@carlosrodfern
Copy link
Contributor

The change to the operator CRD is also desirable to be able to set the log level in the values.yaml in the helm chart for the controller: #1849

@carlosrodfern
Copy link
Contributor

carlosrodfern commented Sep 10, 2024

More details for the Proposal:

kubearmor:
  image:
     repository: ?
     tag: ?
     pullPolicy: ?
  args: []
  resources:
    limits:
      cpu: ?
      memory: ?
    requests:
      cpu: ?
      memory: ?

kubearmorRelay:
  image:
     repository: ?
     tag: ?
     pullPolicy: ?
  args: []
  resources:
    limits:
      cpu: ?
      memory: ?
    requests:
      cpu: ?
      memory: ?

kubearmorController:
  image:
     repository: ?
     tag: ?
     pullPolicy: ?
  args: []
  resources:
    limits:
      cpu: ?
      memory: ?
    requests:
      cpu: ?
      memory: ?

Perhaps even a global too?

global:
  image:
    pullPolicy: ?
    repository: ?

This is inspired on the typical pattern seen in helm values.

@bakito
Copy link

bakito commented Nov 27, 2024

I'd also appreciate, if container resources (CPU/memory) of all operator managed resources could be defined in the CRD.
I tried to overwrite them manually, but the operator always remove them again.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
discussion enhancement New feature or request
Projects
None yet
Development

No branches or pull requests

3 participants