Uploaded image for project: 'Openshift sandboxed containers'
  1. Openshift sandboxed containers
  2. KATA-2411

Enable OpenShift sandboxed containers peerpods

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Obsolete
    • Icon: High High
    • OSC 1.5.0
    • None
    • None
    • None
    • False
    • None
    • False
    • Not Selected
    • 0% To Do, 0% In Progress, 100% Done
    • 0
    • 0

      Feature Overview (aka. Goal Summary)  

      An elevator pitch (value statement) that describes the Feature in a clear, concise way.  Complete during New status.

      OpenShift sandboxed containers is limited to running on baremetal.  In order to allow user to use sandboxed containers in all environments without making use of nested virtualization we can use a remote hypervisor instance outside the OCP cluster and run kata workload on it.  This is also necessary to enable Confidential Container use cases.

      Goals (aka. expected user outcomes)

      The observable functionality that the user now has as a result of receiving this feature. Complete during New status.

      Create a feature that provisions a remote hypervisor instance and executes isolated workloads.

      Requirements (aka. Acceptance Criteria):

      A list of specific needs or objectives that a feature must deliver in order to be considered complete.  Be sure to include nonfunctional requirements such as security, reliability, performance, maintainability, scalability, usability, etc.  Initial completion during Refinement status.

      Tech Preview Features:

      1. Deployment: Establish a reliable deployment process that integrates peer-pods into OpenShift Sandboxed Containers. This process should be thoroughly documented and straightforward for users to follow. Peer Pods support can be enabled optionally by the user.
      2. Basic Workloads Running: Ensure that basic Kubernetes workloads can run successfully within peer-pods in OpenShift Sandboxed Containers. A RuntimeClass is provided for users to choose Peer Pods.
      3. Support on AWS and Azure: Ensure the peer-pods approach is functional and stable on both AWS and Azure platforms. This includes thorough testing and troubleshooting guides for each platform.
      4. Pod VM Image Creation: Develop a method for creating the pod VM image that adheres to Red Hat standards, utilizing Red Hat approved methods and binaries built in Red Hat build infrastructure. This could include the use of a Kubernetes job or providing a ready-made image available in the cloud provider's image gallery. It could also mean create RHEL RPMs for Peer Pod binaries.
      5. Automatic Resource Cleanup: Develop functionality that automatically removes cloud resources when workloads are deleted. This should help to prevent resource leaks and unnecessary costs for users.

      GA Features:

      1. Flexible Pod VM Sizes: Implement and test support for different Pod VM sizes to accommodate a variety of workloads. This should include detailed guidance for users on how to select and configure the appropriate VM size for their needs.
      2. FIPS compliance: Podvm needs to FIPS compliant, kernel flags, build flags

      Optional Features:

      1. Persistent Volume Support: Implement CSI cloud driver for AWS and Azure
      2. Cloud Credentials Integration: Ensure that cloud credentials can be seamlessly obtained from the OpenShift Cloud Credentials Operator. This should be straightforward for users and support all necessary permissions for managing resources.
      3. Prebuilt podvm images: Fully supported images created by us and delivered through cloud providers
      4.  

      Use Cases (Optional):

      Include use case diagrams, main success scenarios, alternative flow scenarios.  Initial completion during Refinement status.

      Run isolated workloads on AWS using peerpods

      Run isolated workloads on Azure using peerpods

      Questions to Answer (Optional):

      Include a list of refinement / architectural questions that may need to be answered before coding can begin.  Initial completion during Refinement status.

      • How can we build peer pods binaries for the podvm image officially for GA?
      • How can we place the podvm image in Azure Marketplace and the equivalent for AWS?

      Out of Scope

      High-level list of items that are out of scope.  Initial completion during Refinement status.

       

      Background

      Provide any additional context is needed to frame the feature.  Initial completion during Refinement status.

       

      Customer Considerations

      Provide any additional customer-specific considerations that must be made when designing and delivering the Feature.  Initial completion during Refinement status.

       

      Documentation Considerations

      Provide information that needs to be considered and planned so that documentation will meet customer needs.  Initial completion during Refinement status.

       

      Interoperability Considerations

      Which other projects and versions in our portfolio does this feature impact?  What interoperability test scenarios should be factored by the layered products?  Initial completion during Refinement status.

              jfreiman Jens Freimann
              cmeadors@redhat.com Cameron Meadors
              Miriam Weiss Miriam Weiss
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: