Adjust docs for buildless #1765
Conversation
Co-authored-by: Grzegorz Karaluch <grzegorz.karaluch@sap.com>
Co-authored-by: Grzegorz Karaluch <grzegorz.karaluch@sap.com>
Co-authored-by: Grzegorz Karaluch <grzegorz.karaluch@sap.com>
Co-authored-by: Grzegorz Karaluch <grzegorz.karaluch@sap.com>
Co-authored-by: Grzegorz Karaluch <grzegorz.karaluch@sap.com>
| - Since Kubernetes is [moving from PodSecurityPolicies to PodSecurity Admission Controller](https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/), Kyma Functions require running in namespaces with the `baseline` Pod security level. The `restricted` level is not currently supported due to the requirements of the Function building process. | ||
|
|
||
| - The Kyma Serverless components can run with the PodSecurity Admission Controller support in the `restricted` Pod security level when using an external registry. When the Internal Docker Registry is enabled, the Internal Registry DaemonSet requires elevated privileges to function correctly, exceeding the limitations of both the `restricted` and `baseline` levels. | ||
| - Since Kubernetes is [moving from PodSecurityPolicies to PodSecurity Admission Controller](https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/), Kyma Functions require running in namespaces with the `baseline` Pod security level. |
There was a problem hiding this comment.
I wonder if the whole paragraph makes sence is buildldess mode.
restricted level was not working because of builds. So there is no need to say to the users that baseline (les restrictive) level is required for functions to run.
Please test if buildless functions work fine in namespaces where restricted pod security level is configured.
If it does work, we would need to change the message - not say what baseline is required but rather point out that by removing builds we are enable functions to be run in namespaces with more strict pod security level
There was a problem hiding this comment.
It is working with adjustment in the deployment, PR - #1773
| @@ -21,19 +21,15 @@ | |||
| * [Function CR](/serverless-manager/user/resources/06-10-function-cr.md) | |||
| * [Serverless CR](/serverless-manager/user/resources/06-20-serverless-cr.md) | |||
| * [Technical Reference](/serverless-manager/user/technical-reference/README.md) | |||
| * [Serverless Architecture Updates](/serverless-manager/user/technical-reference/serverless-architecture-updates.md) | |||
There was a problem hiding this comment.
How do you like a tittle "Buildless Serverless"
My idea would be to already start describing the build-less mode even though the regular mode is still used by default.
We could publish this part with next release of serverless, which will allow users to switch using annotation.
Please extract this document into separate PR
There was a problem hiding this comment.
Thanks, awesome title, I will move this part to separate PR
|
|
||
| ## Changes | ||
|
|
||
| - The internal Docker Registry is no longer part of the Serverless module. Instead, the Docker Registry is now a separate, standalone module. |
There was a problem hiding this comment.
change the bullet points so that it explains what would happen if user switches it on
docs/user/technical-reference/07-20-function-processing-stages.md
Outdated
Show resolved
Hide resolved
Co-authored-by: Krzysztof Kwiatosz <krzysztof.kwiatosz@sap.com>
Co-authored-by: Krzysztof Kwiatosz <krzysztof.kwiatosz@sap.com>
MichalKalke
force-pushed
the
adjust-docs-for-buildless
branch
from
2f97a37 to
cfc39ae
Compare
Description
Changes proposed in this pull request:
Related issue(s)