Page MenuHomePhabricator

Investigate removing maintain-kubeusers from PAWS
Closed, ResolvedPublic


maintain-kubeusers ( is largely for toolforge maintenance, managing quotas, namespaces, and creating a .kube/config for each tool account.

PAWS doesn't do most of these things, quotas are managed statically on the singleuser pod, users all share the same namespace, and non-admin users do not get a .kube/config. Indeed the only thing that the maintain-kubeusers seems to do is for admin users it drops a .kube/config file in their home directories on PAWS nodes. This can be overcome by copying it from /etc. It would come with a few extra abilities, though at the same time, one has to be an admin user, so they would have sudo regardless so far as I know.

Event Timeline

I agree that the value of maintain-kubeusers isn't especially high on PAWS, so no concerns from me on removing it.

rook changed the status of subtask T326554: Move PAWS to magnum from Open to In Progress.Jan 17 2023, 3:16 PM
rook claimed this task.

Change 888293 had a related patch set uploaded (by Majavah; author: Majavah):

[labs/tools/maintain-kubeusers@master] deployments: Drop PAWS deployment

Change 888293 merged by jenkins-bot:

[labs/tools/maintain-kubeusers@master] deployments: Drop PAWS deployment