On 06/23/2017 09:17 AM, Matthew Miller wrote: > On Thu, Jun 22, 2017 at 05:12:32PM -0500, Adam Miller wrote: >> There's no real technical reason why it can't be a tenant, OSBS these >> days is OpenShift namespace aware. However, from a Fedora Project >> standpoint I expect we'll keep OSBS on it's own independent >> installation because it's in the builder network within the Fedora >> Infrastructure and therefore is quite locked down compared to what >> people would expect out of a traditional OpenShift environment (for >> example, containers don't have access to the outside Internet). > > Could we do that lock-down with OpenShift multitenant features? Like: > https://docs.openshift.com/container-platform/3.3/admin_guide/managing_pods.html#admin-guide-limit-pod-access-egress Thats possible, but I am pretty sure releng will not want us to put this into the same basket at the openshift we use for general applications. For really the same reason we don't run general purpose vm's on the koji builders, ie, we want to make sure that all build artifacts are made in an isolated env where there is no chance something else will interfere with them. (And vm's are much more isolating than containers). kevin
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx
