Add Namespace Selector Functionality #247
Comments
danielrbradley
added
kind/enhancement
|
Good news everyone, we just released a preview of Pulumi Kubernetes Operator v2. This new release has a whole-new architecture that is designed primarily for cluster-wide installation. Filtering on which namespaces to watch is actually an unimplemented feature: One of the main use cases for an ordinary single-namespace installation mode is that fewer permissions are needed by the operator. I doubt that would be practical in this use case of dynamic namespaces, because you'd need at least some cluster-scoped permissions to watch the namespace objects, and a role binding would be needed on a per-namespace basis to watch the stacks. I suppose I don't see much reason to do this. @ghostsquad could you say more? Please read the announcement blog post for more information: Would love to hear your feedback! Feel free to engage with us on the #kubernetes channel of the Pulumi Slack workspace. |
Hello!
Issue details
Instead of a single namespace or a comma-separated list of namespaces, I'd like the ability for an operator to dynamically watch namespaces based on the "selector" pattern.
Here's some more relevant details:
kubernetes/kubernetes#88253
https://kubernetes.io/docs/concepts/services-networking/network-policies/#behavior-of-to-and-from-selectors
https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.22/#labelselector-v1-meta
Affected area/feature
Allows WATCH_NAMESPACE to be a more dynamic value, allowing for stacks to be managed along side the apps themselves, and generally, it's easier to support namespaces that share specific requirements/permissions dynamically without needing to deploy a specific operator for each individual namespace, or to redeploy an operator because of the addition/removal of a namespace.
The text was updated successfully, but these errors were encountered: