[Feature Request] Support for running inside a namespace

beacon-biosignals / K8sClusterManagers.jl

A Julia cluster manager for Kubernetes

Other

31 stars 5 forks source link

[Feature Request] Support for running inside a namespace #109

Open schlichtanders opened 11 months ago

schlichtanders commented 11 months ago

Hello,

I would like to use K8sClusterManagers.jl inside a predefined namespace to prevent accidental (or voluntary) damage to other infrastructures inside kubernetes.

Currently this is not possible. It fails as soon as get_pod is run - it asks for the pod name globally, which is not allowed by its RBAC role. https://github.com/beacon-biosignals/K8sClusterManagers.jl/blob/main/src/pod.jl#L29

Could this be added to the project or is it out of scope?

omus commented 7 months ago

Could this be added to the project or is it out of scope?

This is most definitely in scope.

The get_pod function runs within the current namespace used by your kubectl context. Can you elaborate more on the problem you're seeing and the RBAC role you're using? We've documented the the K8s role permissions required in our documentation. Note we use a K8s Role and not a ClusterRole so it is scoped to the namespace to which the resource is deployed.

schlichtanders commented 7 months ago

I understand I think. You mean I can just switch the namespace by using kubectl directly and switch the context's namespace (or switch to another context with another namespace)