No longer auto-installing maistra on openshift [SRVKS-196]

[jcrossley3]

I removed the SCC stuff, too, which I think was only required for maistra, but I need @nak3 to confirm

[nak3]

Please let me confirm. The SCC stuff is necessary for not only Maistra but also any Istio env when it uses side-car injection due to requirement of NET_ADMIN. And Knative's autoscaler and activator still uses the side-car injection as knative/serving#966.

So, do you think that we should let users configure the SCC by themselves?

[markusthoemmes]

@nak3 SCC is not necessary as of Maistra TP12 (when using CNI). It's part of their multi-tenancy story to not need these cluster roles. The sidecars no longer need NET_ADMIN access as they don't setup the network through iptables anymore.

[nak3]

Thank you for the clarification. Then, I think that we do not need the privileged SCC.

But I think that the anyuid SCC was added by @savitaashture. So can you also confirm it? @savitaashture

[markusthoemmes]

In the interest of usability: Should we call out "ServiceMesh not detected" here? I know that technically we only need Istio, but the user of Openshift Serverless might think "hey, what the hell is Istio? I only see something like ServiceMesh referenced in the docs". Maybe we could also write something like "Istio not detected, ServiceMesh is likely not installed" to satisfy both ends?

[jcrossley3]

Good call. Done.

[markusthoemmes]

@nak3 thanks for being on the watch 😂 The anyuid thing was needed for custom gateway and was indeed added by @savitaashture. Seems like we no longer need that in newer releases though as I haven't heard any complaints for this setup lately.

[markusthoemmes]

LGTM modulo the one comment I left. Thanks for throwing this together quickly!