On Tue, Aug 22, 2017 at 4:38 PM, Sanjeev Rampal (srampal) <[email protected] > wrote:
> Hi, > > > > Two related (but slightly different) questions … > > > > 1) Is it possible to setup Openshift RBAC such that some specific > tenants can only use standard kubernetes APIs/ CLIs and not Openshift > specific api/ clis ? This way, a service provider can provide some tenants > a pure native kubernetes only service (if some specific tenants prefer this > and want to ensure their applications are portable to pure kubernetes > environments at all times) and some other tenants can get the full > OPenshift API/ CLI access within another project. > Yes, you could take the existing 'admin' and 'editor' roles and copy them to 'kube-admin' and 'kube-editor' roles. Then remove the 'create' and 'update' verbs from openshift resources. That should be sufficient. > 2) Any document/ guidelines on what one has to do in order to create > a private build in which Openshift Origin 3.6 is built with Kubernetes 1.7 > (or similar future combinations). This may be something someone may want to > do to pick up a new k8s feature that only exists in a future upstream > release but is otherwise completely independent of Openshift Origin. Of > course this would not be community supported (private image/ fork or > Origin only) but useful if some tenant/ project is using pure kubernetes > only functionality and needs the latest upstream kubernetes. > Unfortunately for the next few releases this is fairly expensive - we call this a "rebase" and it's a lot of refactoring to match upstream Kube. Some of the folks on the team specialize in reducing this cost (what I alluded to as being something that may be possible in the future) so that future versions of OpenShift may run directly on top of a Kube version. Today I would say it's probably very difficult and not recommended without a lot of expertise in both the OpenShift and Kube codebases. > > > > > Rgds, > Sanjeev > > > > > > *From: *<[email protected]> on behalf of Clayton > Coleman <[email protected]> > *Date: *Tuesday, August 22, 2017 at 9:36 AM > *To: *Yu Wei <[email protected]> > *Cc: *"[email protected]" <[email protected]>, > "[email protected]" <[email protected]> > *Subject: *Re: Is that possible to deploy openshift on existing k8s > cluster? > > > > Not today. We hope to do so at some point in the future, but today > openshift requires additional compiled in control points that only work > when installing origin directly from the binaries we build. > > > On Aug 22, 2017, at 6:36 AM, Yu Wei <[email protected]> wrote: > > Hi, > > Now we have existing k8s cluster running workloads. > > We also want to make use of features provided by Openshift Origin, for > example DevOps etc. > > Is that possible to integrate openshift origin with our existing k8s? > > > > Any advice? > > > > Thanks, > > Jared, (韦煜) > Software developer > Interested in open source software, big data, Linux > > _______________________________________________ > dev mailing list > [email protected] > http://lists.openshift.redhat.com/openshiftmm/listinfo/dev > >
_______________________________________________ users mailing list [email protected] http://lists.openshift.redhat.com/openshiftmm/listinfo/users
