[heketi-devel] heketi copy job SA
Jose A. Rivera
jarrpa at redhat.com
Thu Feb 8 15:30:59 UTC 2018
Hey folks!
I was just made aware of something: The heketi storage copy job does
not specify a ServiceAccount. This is a problem in the OpenShift
scenario because by default no SCC has permission to mount volumes of
type "glusterfs" (e.g. heketidbstorage) except the privileged SCC.
However, for heketi itself we already recommend the creation of a
heketi-specific ServiceAccount which should be made privileged.
I think it would be a good idea to allow the user to specify which
ServiceAccount to use for the copy job so that the one for heketi
could be reused. We could also just manually insert a ServiceAccount
into the generated List object it create, but I figured a flag would
be slightly more user-friendly.
Thoughts?
--Jose
More information about the heketi-devel
mailing list