lima-kilo: replicate sssd setup from Toolforge
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	aborrero
	Apr 19 2024, 10:10 AM

Description

So we can have processes query the users outside the Pod usernamespace, like we do in normal Toolforge.

Example use case:

jobs-api is creating a new job
to create a proper securityContext specification, it queries what the uid is for the user creating the job
it does so by hitting the sssd socket mounted into the pod, from the worker node
the worker node has knowledge of all the defined tool accounts, via LDAP (production) or unix files (lima-kilo)

This task is to track the work to enable this.

Status	Assigned	Task
Open	None	T362869 [k8s,infra] Upgrade Toolforge to Uwubernetes (1.30)
Open	None	T362868 [infra,k8s] Upgrade Toolforge Kubernetes to version 1.29
Open	None	T362867 [infra,k8s] Upgrade Toolforge Kubernetes to version 1.28
Open	None	T359641 [infra,k8s] Upgrade Toolforge Kubernetes to version 1.27
Open	None	T327025 [infra,k8s] Upgrade Toolforge Kubernetes to version 1.26
Open	None	T316107 [infra,k8s] Upgrade Toolforge Kubernetes to version 1.25
In Progress	aborrero	T279110 [infra] Replace PodSecurityPolicy in Toolforge Kubernetes
In Progress	aborrero	T362050 toolforge: review pod templates for PSP replacement
Resolved	aborrero	T362966 lima-kilo: replicate sssd setup from Toolforge

aborrero changed the task status from Open to In Progress.Apr 19 2024, 10:10 AM

aborrero triaged this task as Medium priority.

aborrero created this task.

aborrero moved this task from Backlog to Doing on the User-aborrero board.

basic_system: install sssd

aborrero closed this task as Resolved.Thu, Apr 25, 2:58 PM