Rook: OSD daemonset should be able to run unprivileged

Created on 14 Feb 2017  路  2Comments  路  Source: rook/rook

The OSD containers should be able to run unprivileged in the following scenarios:

  • The admin has already provisioned the storage devices on a node (for bluestore)
  • Directories will be used for filestore

The default seems like it should be to run unprivileged. If the admin wants Rook to do the provisioning of the devices he could override it with a flag and run privileged.

ceph-rados
Source
picture travisn

Most helpful comment

The privileged portion of the pods could be carried out by an Init Container.

It seems like separating storage initialization/verification from OSD startup could be a smart thing to do. At least in the case of Init Containers the OSD container wouldn't start without the initial formatting/verification returning success.

picture bzub on 13 Mar 2017
👍4

All 2 comments

related to #82

bassam picture bassam on 14 Feb 2017

The privileged portion of the pods could be carried out by an Init Container.

It seems like separating storage initialization/verification from OSD startup could be a smart thing to do. At least in the case of Init Containers the OSD container wouldn't start without the initial formatting/verification returning success.

bzub picture bzub on 13 Mar 2017
👍4
Was this page helpful?
0 / 5 - 0 ratings

Related issues

gustavomr picture gustavomr  路  4Comments
kdoustar picture kdoustar  路  3Comments
Negashev picture Negashev  路  4Comments
aocheretnoy picture aocheretnoy  路  5Comments
billimek picture billimek  路  3Comments