On Fri, Jun 26, 2020 at 6:15 AM Tomasz Torcz <tomek@xxxxxxxxxxxxxx> wrote: > > On Fri, Jun 26, 2020 at 10:50:47AM +0100, Stephen Coady wrote: > > On Fri, 26 Jun 2020 at 10:34, David Kirwan <dkirwan@xxxxxxxxxx> wrote: > > > > > > Hi all, > > > > > > If we are moving towards openshift/kubernetes backed services, we should probably be sticking with containers rather than Vagrant. We can use CRC [1] (Code Ready Containers) or minikube [2] for most local dev work. > > > > > > > The only problem with that is not everything runs in containers. For > > example the new AAA service is backed by FreeIPA and that does not run > > in a container. > > It doesn't? What about https://github.com/freeipa/freeipa-container ? > My understanding is that it is an experimental implementation currently. FreeIPA does not necessarily work very well broken up into containers right now. > > Everything will run in a virtual machine given that > > enough care has been put into creating the VM. I don't think the same > > can be said for containers. > > I think in todays world we should develop for containers first. > Especially when k8s abstracts many things and provides useful > infrastructure for application. A bit like systemd a decade ago, by > providing useful APIs like socket-activation, watchdog, restarts, > parallel invocations locks, applications do not have to care about > re-implementing boring stuff over and over again. > The difference is that it's actually a huge pain for people to run containers on Kubernetes. All these things you described can be done with systemd units in regular RPMs. In fact, for the AAA solution, I *already* did that so that we can reuse it for the Fedora and openSUSE deployments[1]. While I think it'd be valuable to figure out the container workflow for apps deployed in containers, let's not forget all that stuff in our infrastructure requires OpenShift, and I don't know about most of you, but I'm fresh out of OpenShift at home to be able to do this sort of thing. I have made something really simple that kind of works for OKD 3.x[2], but no such equivalent exists for OKD 4.x, so that's been out of reach for me for a while. Plain Kubernetes literally does not work. Aside from plain Kubernetes being a pain to actually get working enough to run applications, we actually use OpenShift features that do not exist in Kubernetes. So I would caution all of this by stating that at least for me as an external no-name plain contributor, I'm more or less locked out of contributing to apps that are deployed exclusively through OpenShift. [1]: https://copr.fedorainfracloud.org/coprs/ngompa/fedora-aaa/ [2]: https://pagure.io/openshift-allinone-deployment-configuration -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ infrastructure mailing list -- infrastructure@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to infrastructure-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/infrastructure@xxxxxxxxxxxxxxxxxxxxxxx
