search

crossplane-contrib / provider-upjet-aws

Official AWS Provider for Crossplane by Upbound.
https://marketplace.upbound.io/providers/upbound/provider-aws
Apache License 2.0
137 stars 113 forks source link

Make CRDs namespaced scope #1285

Closed dmarquez-splunk closed 2 months ago

dmarquez-splunk commented 2 months ago

What problem are you facing?

As a platform provider we would like to enforce quotas on the number of aws resources a team can have provisioned at any given time. Cluster scoped CRDs makes this tough as we cannot write quotas on a per-namespace basis. Can we make the CRDs namespaced scope so that we can enforce resource quotas on a per-namespace basis?

blakeromano commented 2 months ago

I think this is an issue with Crossplane not necessarily the AWS provider specifically. There is lots of other ways you can do this though without this enhancement.

You could use a validating webhook to validate based on label that a team has not met a quota and use label based queries to validate that a specific namespace has not violated your quota as one way to solve this problem.

Folks with more knowledge of the underlying mechanics of Crossplane can probably also describe the problem in a bit more detail but my assumption is this probably would not change.

jeanduplessis commented 2 months ago

Blake is correct, this isn't specific to this provider and is a topic that belongs in Crossplane. @dmarquez-splunk I'm going to close this issue for now and suggest you have a look at maybe commenting on this open issue in crossplane-runtime: https://github.com/crossplane/crossplane-runtime/issues/251