Automatically use pod build strategy in "AllNamespaces" setup

[nicolaferraro]

I was thinking we can inspect the WATCH_NAMESPACE env variable in the operator and if it's empty (meaning all namespaces) we can set the build mode to pod on the platforms that the user will create.

This way we enable multi-tenancy (although not optimized yet) and we can enable the AllNamespaces setup on operator hub.

Wdyt @astefanutti ?

[astefanutti]

I think this is a very good idea!

The builds will be serialized by namespace, and there won't be any Maven cache concurrent access issues, given the current pod build strategy implementation. The Kaniko cache should be able to handle concurrent RO accesses and the Kaniko publisher already creates unique temp directories for each build, so we are safe there too. Hopefully the PV is already configured correctly.

The (existing) limitation is that all the builds will be scheduled on the same node as the operator. But that is acceptable and can be tackled separately.

[nicolaferraro]

I remember we had some discussion around affinity, but I suspect we missed the point. For the pod strategy to work, there's need that the builder pod and kaniko pod to be on the same node, but there are no requirements on the operator... right?

[astefanutti]

I remember we had some discussion around affinity, but I suspect we missed the point. For the pod strategy to work, there's need that the builder pod and kaniko pod to be on the same node, but there are no requirements on the operator... right?

Right. It's actually for re-using the Kaniko warmer cache. So, for the moment, the operator pod node is used, so that the host PV contains the cache and the build output.

[nicolaferraro]

I guess one of the issues we can encounter is that the cache can be possibly used concurrently by 2 platforms in different namespaces.

Uhm.. but I guess the current way we use to specify affinity doesn't work across ns boundaries...

[nicolaferraro]

I'd try to have a working version for next 0.3.4 release