On Fri, Jun 26, 2020 at 6:15 AM Tomasz Torcz <tomek(a)pipebreaker.pl> wrote:
On Fri, Jun 26, 2020 at 10:50:47AM +0100, Stephen Coady wrote:
> On Fri, 26 Jun 2020 at 10:34, David Kirwan <dkirwan(a)redhat.com> wrote:
> > Hi all,
> > If we are moving towards openshift/kubernetes backed services, we should
probably be sticking with containers rather than Vagrant. We can use CRC  (Code Ready
Containers) or minikube  for most local dev work.
> The only problem with that is not everything runs in containers. For
> example the new AAA service is backed by FreeIPA and that does not run
> in a container.
It doesn't? What about https://github.com/freeipa/freeipa-container
My understanding is that it is an experimental implementation
currently. FreeIPA does not necessarily work very well broken up into
containers right now.
> Everything will run in a virtual machine given that
> enough care has been put into creating the VM. I don't think the same
> can be said for containers.
I think in todays world we should develop for containers first.
Especially when k8s abstracts many things and provides useful
infrastructure for application. A bit like systemd a decade ago, by
providing useful APIs like socket-activation, watchdog, restarts,
parallel invocations locks, applications do not have to care about
re-implementing boring stuff over and over again.
The difference is that it's actually a huge pain for people to run
containers on Kubernetes. All these things you described can be done
with systemd units in regular RPMs. In fact, for the AAA solution, I
*already* did that so that we can reuse it for the Fedora and openSUSE
While I think it'd be valuable to figure out the container workflow
for apps deployed in containers, let's not forget all that stuff in
our infrastructure requires OpenShift, and I don't know about most of
you, but I'm fresh out of OpenShift at home to be able to do this sort
I have made something really simple that kind of works for OKD 3.x,
but no such equivalent exists for OKD 4.x, so that's been out of reach
for me for a while. Plain Kubernetes literally does not work. Aside
from plain Kubernetes being a pain to actually get working enough to
run applications, we actually use OpenShift features that do not exist
So I would caution all of this by stating that at least for me as an
external no-name plain contributor, I'm more or less locked out of
contributing to apps that are deployed exclusively through OpenShift.
真実はいつも一つ！/ Always, there's only one truth!