On Fri, Mar 17, 2023 at 11:37:54AM +0100, Ronald Wimmer via FreeIPA-users wrote:
On 14.05.21 11:26, Ronald Wimmer via FreeIPA-users wrote:
Hi,
are there any plans (or maybe ongoing work already) to let FreeIPA run in a K8s environment?
What about tearing all the tightly coupled parts (389DS, DNS, PKI, HTTPD, KDC, Samba, ...) apart, let them run in K8s and do the coupling there?
Could that work if somebody took the effort (with support from the IPA devs I would be willing to) or are there real showstoppers preventing such an adventure?
We had an effort to get IPA running in OpenShift (with accompanying operator), but we shelved it. One of the main goals was that the solution should support multi-tenancy (e.g. to operate it as a managed service for different customers). The lack of support for user namespaces in k8s/OpenShift became a show-stopper to the "lift and shift" approach (run whole IPA system as a single container). The approach of breaking IPA up and running all the bits in separate containers was technically viable, but it was considered too costly both in up-front engineering effort and ongoing maintenance (as we would essentially be maintaining two distinct architectures of FreeIPA for a long time).
We redeployed the team working on that to another project. In the future perhaps it will be revisited, but it is not in the current plans. If you are keen to contribute, we can discuss further and share all that we have learned. But regardless of the approach, it would be a huge effort.
Cheers, Fraser
Cheers, Ronald _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue