Ronald Wimmer via FreeIPA-users wrote:
On 14.05.21 11:26, Ronald Wimmer via FreeIPA-users wrote:
Hi,
are there any plans (or maybe ongoing work already) to let FreeIPA run in a K8s environment?
What about tearing all the tightly coupled parts (389DS, DNS, PKI, HTTPD, KDC, Samba, ...) apart, let them run in K8s and do the coupling there?
Could that work if somebody took the effort (with support from the IPA devs I would be willing to) or are there real showstoppers preventing such an adventure?
It could require a re-architecture of IPA. Some services rely on ldapi bind to connect to 389. You'd need to switch from that socket to a TCP socket and pass the requisite bind credentials (DM). Services rely on files in various places which if done systematically might not be too bad, but might require creative bind mounting and/or duplicating files. Installing it might require a pretty massive rewrite as it assumes a monolith. Upgrades would be another challenge.
I don't know enough about K8S to know how naming would work to tie a bunch of different nodes into a single "service" with a common name.
I don't know how well scaling would work either, if that's a goal.
rob