redpanda: add rack awareness feature #219
Conversation
joejulian
force-pushed
the
helm-charts-racks
branch
2 times, most recently
from
cff86c6 to
25acdaa
Compare
joejulian
force-pushed
the
helm-charts-racks
branch
3 times, most recently
from
bf2dfb4 to
b578a41
Compare
joejulian
force-pushed
the
helm-charts-racks
branch
from
b578a41 to
bc6d23a
Compare
There was a problem hiding this comment.
One comment around rbac.enabled existing and/or it's default being false. I think it would be better to leave this out entirely and then enable it automatically when this (and future features) are enabled by the user. Including this option introduces another (likely) way to end up with a broken cluster, and makes it difficult to enable future features that require this by default.
| # Role Based Access Control | ||
| rbac: | ||
| # enable this for features that need extra priveleges | ||
| enabled: false |
There was a problem hiding this comment.
Should this be enabled by default? I feel that it should as it is required to enable other features out of the box. For instance, we enable external access out of the box, but if we want it to work then they would need to flip this flag (eventually). The same applies to rack awareness, in that they would need to enable rack awareness and also rbac in order to get just rack awareness.
Another option may be to do a check that doesn't allow users to enable either rack awareness or external access without also enabling rbac. I this would work to ensure clusters work as expected, but at the same time making rbac be enabled automatically when these other features are enabled would be a better default.
There was a problem hiding this comment.
The principal of least privilege suggests that of a privilege is not needed it should not be added. Unless rack awareness is enabled, there's no need for the container to be able to get the Node.
There was a problem hiding this comment.
That's true for rack awareness. I guess another approach would be to enable rbac by default in another incoming PR that fixes external access by making use of this (given that external access is enabled by default).
I made this choice for a couple reasons. One, to ensure that adding privilege is a conscious choice. The other reason is to allow this chart to be used by unprivileged users. In an enterprise environment, organization units are given a namespace but they don't have cluster-level privileges. In this scenario, the ServiceAccount, ClusterRole, and ClusterRoleBinding will need to be created by the cluster administrator. The chart user will still be able to use the chart by using the SA assigned to them and not enabling the rbac components. |
…charts-racks redpanda: add rack awareness feature
Set redpanda.rack to the value of the Kubernetes Node's
topology.kubernetes.io/zoneannotation.Fixes #86