Bug 1337329 - [Docs] Add support for DaemonSet into OpenShift
Summary: [Docs] Add support for DaemonSet into OpenShift
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.1.0
Hardware: Unspecified
OS: Unspecified
urgent
urgent
Target Milestone: ---
: ---
Assignee: brice
QA Contact: DeShuai Ma
Vikram Goyal
URL:
Whiteboard:
Depends On: 1291786
Blocks: 1291866
TreeView+ depends on / blocked
 
Reported: 2016-05-18 20:55 UTC by Eric Rich
Modified: 2019-11-14 08:05 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1291786
Environment:
Last Closed: 2016-09-22 01:13:03 UTC
Target Upstream Version:
pweil: needinfo-


Attachments (Terms of Use)

Comment 3 brice 2016-06-10 00:10:11 UTC
PR here:

https://github.com/openshift/openshift-docs/pull/2242

Comment 8 brice 2016-06-17 01:28:00 UTC
As discussed in the PR and here, Daemonset work is limited to what's currently doc'ed in the PR. This has been merged, but as DeShuai Ma comments, requires more work to be Enterprise ready. This has been targeted for 3.3.

The PR work has merged into the Origin docs, but I'll keep an eye out for anything required for more Daemonsets work for 3.3. So I'll move this to CLOSED DEFERRED.

Sorry if this causes confusion for anyone. If anyone has questions please let me know.

Comment 11 Luke Meyer 2016-08-09 21:25:59 UTC
Ordinary project admins do not have permission to create DaemonSets by default, as this would give them undue scheduling priority on nodes. cluster-admin users, of course, can create one if they want, and that will be sufficient for most use cases.

If you want to grant the ability to manage DaemonSets to non-cluster-admins then as far as I know the best way is to define a cluster role and grant it to them. (I don't believe system:daemonset-controller is intended for this purpose.)

I have an example of ClusterRole YAML from logging at https://github.com/openshift/origin-aggregated-logging/blob/b476bedea4d5afd4625e76b81725b336c2311f56/deployer/deployer.yaml#L53-L68

Once this is created, then you can grant it to users as desired, either with:

$ oc policy add-role-to-user daemonset-admin luke

... which provides the ability to create a daemonset in only the current project, or:

$ oadm policy add-cluster-role-to-user daemonset-admin luke

... which allows luke to create daemonsets in any project (probably not what you want).

Comment 12 brice 2016-08-11 04:06:16 UTC
Eric, Luke, I think this goes against what I understood...

I thought the only supported use for daemonsets was during the registry install process, ie, what was doc'ed in the PR above.

So why would an admin need to be able to give daemonset permission? If this ties into 3.3 work, and the features that are with that release leading to other users needing permissions, then maybe this can be done as part of that.

I'll ask Paul if he agrees, but feel free to give me any more information.

Comment 13 Eric Rich 2016-08-11 12:34:34 UTC
(In reply to brice from comment #12)
> Eric, Luke, I think this goes against what I understood...
> 
> I thought the only supported use for daemonsets was during the registry
> install process, ie, what was doc'ed in the PR above.
> 
> So why would an admin need to be able to give daemonset permission? If this
> ties into 3.3 work, and the features that are with that release leading to
> other users needing permissions, then maybe this can be done as part of that.
> 
> I'll ask Paul if he agrees, but feel free to give me any more information.

Please see https://bugzilla.redhat.com/show_bug.cgi?id=1361349 which is also requesting docs for this.

Comment 14 Josep 'Pep' Turro Mauri 2016-08-11 13:16:20 UTC
(In reply to Eric Rich from comment #13)
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=1361349 which is also
> requesting docs for this.

That bz is not about daemonsets, it's about general pod/container labels/SCCs, so I believe it's not directly related to the discussion in this bz.

Comment 15 brice 2016-08-12 00:25:47 UTC
If Pep is right, then I think we'd still need a use case for daemonsets for this to be documented. If so, then I can work to get something going.

Comment 16 Eric Rich 2016-08-12 15:26:50 UTC
(In reply to brice from comment #15)
> If Pep is right, then I think we'd still need a use case for daemonsets for
> this to be documented. If so, then I can work to get something going.

Monitoring Solution: https://github.com/kubernetes/kubernetes/tree/master/examples/newrelic << Use Case

Comment 30 brice 2016-09-05 04:07:20 UTC
PR submitted for this:

https://github.com/openshift/openshift-docs/pull/2786

Open to suggestions if people have any.

Comment 31 brice 2016-09-07 23:47:19 UTC
Sounds like everyone is happy with the PR. I'll put this onto QA.

DeShuai Ma, can I get you to please look at the PR in the comment above? Please let me know if you have any comments.

Thanks very much!

Comment 32 DeShuai Ma 2016-09-08 02:22:30 UTC
The pr doc LGTM, thanks.

Comment 33 brice 2016-09-08 03:24:53 UTC
Thanks! I'll move this to review.

Comment 34 openshift-github-bot 2016-09-09 04:10:47 UTC
Commit pushed to master at https://github.com/openshift/openshift-docs

https://github.com/openshift/openshift-docs/commit/8af11cafb97260c98ae91ce2c800cacf9b0e47dc
Merge pull request #2786 from bfallonf/daemonset-bz1337329

Bug 1337329 Added information on daemonsets

Comment 35 brice 2016-09-22 01:13:03 UTC
Link to released docs:

https://docs.openshift.com/enterprise/3.2/dev_guide/daemonsets.html


Note You need to log in before you can comment on or make changes to this bug.