-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clean up volumes list for ovn-controller pod #182
base: main
Are you sure you want to change the base?
Clean up volumes list for ovn-controller pod #182
Conversation
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: booxter The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
var-run is consumed by config-job for nicMappings etc. So the config job never exits because:
Need to reconcile with it. Maybe we don't need a config-job and can squash it into the same statefulset somehow?.. |
This allows to get rid of a hostMount shared between the job pod and the main ovsdb-server pod container (to enable communication of vsctl command with the database socket). Getting rid of hostMounts is needed to be able to eventually stop running ovn-controller pods as privileged containers.
This is to prove that this is possible, now that configJob is squashed into the main ovn-controller pod.
We log to stdout. Nothing else is needed.
This directory can be local to the container and does not need to persist. Note the rundir directory is not present in the image, so we have to switch OVN_RUNDIR to point to /tmp, same as we do for other ovn services managed by the operator.
I am not aware of anything using the directory.
a9095b8
to
a76e967
Compare
Rebased on top of #195 |
/ok-to-test |
Some of the volumes can be cleaned up with no bad effect. But at least the volume that passes over the ovsdb-server AF_UNIX socket to configJob via a file cannot be removed until we switch this communication channel to AF_INET sockets. This is technically possible but requires significant work to e.g. deploy SSL certificates for the channel. This PR may still be useful, but I should drop the removal of the socket volume from it first before we can proceed with a partial volume list cleanup. |
PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
These seem unnecessary; and they block our progress on moving from HostPaths to e.g. PVCs, which would allow us to disable privileged mode (/home hostPaths seems to carry selinux labels that are not available for the containers.)