Uploaded image for project: 'Red Hat Advanced Cluster Security'
  1. Red Hat Advanced Cluster Security
  2. ROX-28013

Add support for generic ephemeral volumes configuration in SecuredCluster CR for RHACS sensor

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Won't Do
    • Icon: Undefined Undefined
    • None
    • None
    • RHACS
    • Future Sustainability
    • False
    • Hide

      None

      Show
      None
    • False
    • Not Selected
    • Yes
    • 0

      Description:

      Currently, the RHACS sensor pod uses emptyDir for ephemeral storage, which can lead to high storage utilization on nodes (observed at 184MB). Customers need the ability to configure generic ephemeral volumes through the SecuredCluster custom resource when using GitOps deployment methods, rather than directly modifying pod or deployment configurations.

      Goal Summary:

      Enable customers to configure generic ephemeral volumes for RHACS sensors through the SecuredCluster CR, providing better storage management and resource utilization in GitOps environments.

      Goals and expected user outcomes:

      Primary users: Platform Engineers and Security Teams managing RHACS through GitOps

      Expected outcomes:

      • Ability to configure generic ephemeral volumes through SecuredCluster CR
      • Better control over sensor storage allocation
      • Reduced node storage pressure
      • Improved compatibility with GitOps workflows
      • Consistent storage management across cluster fleet

      Acceptance Criteria:

      1. Technical Requirements:

      • Add support for generic ephemeral volume configuration in SecuredCluster CR
      • Maintain backward compatibility with existing deployments
      • Support standard storage class configurations
      • Enable storage resource limits and requests specification

      2. Functional Requirements:

      • Allow specification of volume size
      • Support storage class selection
      • Enable access mode configuration
      • Preserve existing sensor functionality

      3. Non-functional Requirements:

      • Security: Maintain existing security context and permissions
      • Performance: No degradation in sensor performance
      • Reliability: Ensure stable storage operations
      • Maintainability: Clear documentation and upgrade path
      • Scalability: Support for multi-cluster deployments
      • Usability: Simple configuration syntax in SecuredCluster CR

      Success Criteria or KPIs measured:

      1. Technical Metrics:

      • Zero regression in sensor functionality
      • Successful deployment across different storage classes
      • Proper cleanup of resources when pods are terminated

      2. Operational Metrics:

      • Reduced number of storage-related alerts
      • Decreased node storage pressure
      • Improved storage utilization efficiency

      3. User Experience Metrics:

      • Successful GitOps deployments using new configuration
      • Reduced manual intervention in storage management
      • Positive feedback from GitOps users

              Unassigned Unassigned
              rhn-support-vyoganan Vivek Yoganand A (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: