An index.openshift.org with proper images similar to 'index.docker.org' would be a start :)
On Wed, May 18, 2016 at 1:31 PM, Max Rydahl Andersen <[email protected]> wrote: > Yeah, if CDK was running with this enabled I would not be able to run > anything > in any meaningful timeframe on openshift. > > I wish there was a better way though. > > i.e. that I could set a flag for a specific deployment wether > it should be allowed to run as root or not without making this a fully > global flag. > > But in short - without this permission I don't see CDK/ADB being useful to > anyone > trying to use it for docker based development because dockerhub just has > too many > containers that requires it. > > /max > > I think most teams at the Brno F2F were struggling with this. It works > locally, but semi-obscure failures when pushed 'live'. And out of the 30 RH > engineers there, none knew 100% or was able to dig up a doc that explained > why and how to fix it... > > This is/will be a massive pain point moving from Dev to Production. The > very least we need some very clear, simple guides on how to make it work. > > -aslak- > > On Wed, May 18, 2016 at 1:10 PM, Clayton Coleman <[email protected]> > wrote: > >> It was a deliberate choice, predicated on other changes coming to >> Docker (user namespaces) plus the desire to ensure demos run. >> >> Ultimately, the CDK is a playground. Putting up chain link fences >> around the playground sends the wrong message. >> >> I'd prefer to have it easier to go between the levels in the short >> term than to ratchet it back. >> >> > On May 17, 2016, at 11:27 PM, Dusty Mabe <[email protected]> wrote: >> > >> > >> > Currently we are configuring openshift in the CDK/ADB to be more >> > permissive than it should be when running containers. >> > >> > At [1] we are setting: >> > >> > oadm policy add-scc-to-group anyuid system:authenticated >> > >> > From my experiments this means that containers run as anyuid and thus >> > can be root, cc clayton for confirmation. >> > >> > What this means is that we are misleading users to thinking things >> > will run in production OpenShift, when the production OpenShift most >> > likely won't have things configured this way. >> > >> > We should probably not be doing this. Reverting this change will also >> > mean that proposed demos, etc.. should be retested on the newer version >> > meticulously. >> > >> > Dusty >> > >> > [1] >> https://github.com/projectatomic/adb-utils/blob/01adadd904dea98033c9c83d0648d90f5e8f2806/services/openshift/scripts/openshift_provision#L47 >> >> _______________________________________________ >> Devtools mailing list >> [email protected] >> https://www.redhat.com/mailman/listinfo/devtools >> > > ------------------------------ > > Devtools mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/devtools > > /max > http://about.me/maxandersen >
_______________________________________________ Container-tools mailing list [email protected] https://www.redhat.com/mailman/listinfo/container-tools
