rook icon indicating copy to clipboard operation
rook copied to clipboard
verified publisher icon rook

nfs: allow users to include additional files in the SSSD sidecar

Open nixpanic opened this issue 3 years ago • 3 comments

Description of your changes:

The sssd.conf may refer to additional files, like a CA bundle or TLS certificates. These files need to be made available in the SSSD sidecar. With the new sssdGenericFiles reference to a VolumeSource and a MountPath, a provided sssd.conf can use the additional files.

Checklist:

  • [x] Commit Message Formatting: Commit titles and messages follow guidelines in the developer guide).
  • [ ] Skip Tests for Docs: If this is only a documentation change, add the label skip-ci on the PR.
  • [x] Reviewed the developer guide on Submitting a Pull Request
  • [ ] Pending release notes updated with breaking and/or notable changes for the next minor release.
  • [x] Documentation has been updated, if necessary.
  • [x] Unit tests have been added, if necessary.
  • [ ] Integration tests have been added, if necessary.

nixpanic avatar Sep 08 '22 12:09 nixpanic

@BlaineEXE do you think this covers enough for including TLS support for LDAP configurations in the SSSD sidecar? If you prefer an other approach, let me know!

nixpanic avatar Sep 08 '22 14:09 nixpanic

@BlaineEXE do you think this covers enough for including TLS support for LDAP configurations in the SSSD sidecar? If you prefer an other approach, let me know!

I like the flexibility that this approach provides. I worry a bit that users might struggle to understand how to use it with it having so much flexibility, but I think that can be solved by good documentation.

The biggest aspect I have concerns about is allowing users to specify a mountPath. I rejected that idea some time ago realizing that users can too easily mess up a necessary part of the environment SSSD uses.

BlaineEXE avatar Sep 08 '22 17:09 BlaineEXE

This pull request has merge conflicts that must be resolved before it can be merged. @nixpanic please rebase it. https://rook.io/docs/rook/latest/Contributing/development-flow/#updating-your-fork

mergify[bot] avatar Sep 13 '22 16:09 mergify[bot]

This pull request has merge conflicts that must be resolved before it can be merged. @nixpanic please rebase it. https://rook.io/docs/rook/latest/Contributing/development-flow/#updating-your-fork

mergify[bot] avatar Sep 27 '22 07:09 mergify[bot]

Resolved by #11042. Thanks Niels!

BlaineEXE avatar Sep 27 '22 21:09 BlaineEXE