This one is going to be a little light on details, as we are still working through it, but I’d just like to share what I’ve been working on the past couple weeks. Note that this is for a proof-of-concept cluster, and is not for production.Continue reading
To continue with my previous investigation to Istio, and to continue the comparison with the comparable parts of OpenStack, I want to dig deeper into how Istio performs
RBAC. Specifically, I would love to answer the question: could Istio be used to perform the Role check?
After the previous two days debugging, Simo Sorce suggested that I need to tell the OS to show all AVCs, some are hidden by default.
Kubernetes is moving from Third Party Resources to the Aggregated API Server. In order to work with this and continue to deploy on OpenShift Origin, we need to move from working with the shipped and stable version that is in Fedora 26 to the development version in git. Here are my notes to get it up and running.
My cloud may not look like your cloud. The contract between the application deployment and the Kubernetes installation is a set of manifest files that guide Kubernetes in selecting, naming, and exposing resources. In order to make the generation of the Manifests sane in KubeVirt, we’ve provided a little bit of build system support.
The documentation says that to access a minishift-deployed VM you can use `minishift ssh` to log in, but what if you want to use other tooling (like Ansible) to get in there? How can you use standard ssh commands to connect?
In the interest of simplifying the development and deployment of Kubevirt, we decided to make sure it was possible to run with minishift. After downloading and running the minishift binary, I had a working minishift cluster. However, in order to deploy the api-server to the cluster, I needed an external IP; otherwise I’d get the error:
service "" is invalid spec.externalIPs: Forbidden: externalIPs have been disabled
Here is how I got around this error.