Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why does the neuvector-controller run as a deployment rather than a statefulset? #457

Open
HujinoKun opened this issue Nov 14, 2024 · 2 comments
Open

Why does the neuvector-controller run as a deployment rather than a statefulset? #457

HujinoKun opened this issue Nov 14, 2024 · 2 comments

Comments

@HujinoKun
Copy link

Hello,

It's all in the title.

And why use ReadWriteMany by default on his pvc ?
@lindhe
Copy link
Contributor

lindhe commented Nov 19, 2024

Why would it need to be a StatefulSet?

Regarding the PVC, it's pretty straight-forward: the rollingUpdate strategy used is configured to never have 0 replicas available:

neuvector-helm/charts/core/values.yaml

Line 82 in 94c474e

maxUnavailable: 0

In other words, it will always try to start a new replica first and then kill the old one. And if the PVC was RWO, it would not be able to spawn a new pod until the old pod was killed. Thus, it must have RWX if that strategy should work.

And additionally, clearly it must be RWX if users should be able to configure more than 1 replica for the deployment.

@lindhe
Copy link
Contributor

lindhe commented Nov 19, 2024

BTW, for questions like this it's probably better to ask in the Slack channel #neuvector-security on Rancher Users.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lindhe @HujinoKun