[Container-tools] Atomic Developer Bundle and OpenShift
Clayton Coleman
ccoleman at redhat.com
Wed Nov 4 22:58:59 UTC 2015
On Wed, Nov 4, 2015 at 10:51 AM, Langdon White <langdon at redhat.com> wrote:
>
> Definitely. I would not be surprised by any of the issues described.
> However, we still have to offer our users a platform where they can develop
> containers and test them on an environment *not* running openshift.
I understand the perspective you guys are coming from, but I think our
goal should be to not have to make that distinction. In the short
term (say, a lease of 3 months) that statement is definitely valid.
But that is not our strategy for containers at Red Hat, so we need to
be doing a *much* better job of targeting the delta and make it not
exist. If we have to test on both openshift and kube in order to
guarantee things work, we've failed in our core mission to be a Kube
distribution.
Starting with 3.1, an admin who runs a pod will get exactly the same
security setup as kube. A regular user will continue not to. Once
user namespaces are enabled, regular users will be able to access
those. That's the only "runs differently on OS than Kube" that I'm
aware of.
If we *have* to test on Kube and OpenShift, AEP is dead, and probably
OpenShift gets cut off from its community. I think it's worth asking
ourselves whether we can prove via the CDK that it is unnecessary.
There may be things that the AtomicOpenShift team gets asked to do to
make them consistent (those are what we would call bugs).
More information about the Container-tools
mailing list