cybozu-go / accurate

Kubernetes controller for multi-tenancy. It propagates resources between namespaces accurately and allows tenant users to create/delete sub-namespaces.

https://cybozu-go.github.io/accurate/

Apache License 2.0

38 stars 5 forks source link

Add labels and annotations field to SubNamespace resource #19

Closed bells17 closed 2 years ago

bells17 commented 2 years ago

7

ymmt2005 commented 2 years ago

@zoetrope Accurate only sets the labels and annotations that are explicitly permitted in the configuration file. So, admins have full control over what a tenant user can do.

ymmt2005 commented 2 years ago

@bells17 @zoetrope One thing that I haven't determined is that whether we should have a different set of label/annotation keys for this feature than the keys for propagation.

What do you think?

zoetrope commented 2 years ago

I understand.

I prefer a simple configuration. I think we should not have the different set.

bells17 commented 2 years ago

I agree with @zoetrope.

bells17 commented 2 years ago

By the way, should we prioritize SubNamespace labels/annotations over parental Namespace labels/annotations if there have the same labels/annotations key?

ymmt2005 commented 2 years ago

OK, let's go with the current proposal.

ymmt2005 commented 2 years ago

@bells17

By the way, should we prioritize SubNamespace labels/annotations over parental Namespace labels/annotations if there have the same labels/annotations key?

Definitely not. And even if they would conflict, the parent Namespace labels/annotations win because they are propagated later on.

bells17 commented 2 years ago

Thank you @ymmt2005 @zoetrope . I've corrected the points you commented on. Would you review this PR again?

zoetrope commented 2 years ago

@bells17 I'm curious what happens when I set the same key for labelKeys and subNamespaceLabelKeys.

bells17 commented 2 years ago

@zoetrope

I'm curious what happens when I set the same key for labelKeys and subNamespaceLabelKeys.

I implemented so that SubNamespace spec.labels/spec.annotations values are preferred more than parent namespace labels/annotations values because I think a case of using SubNamespace spec.labels/spec.annotations instead of parent namespace labels/annotations is a rare case.

bells17 commented 2 years ago

@ymmt2005 @zoetrope The following points have been updated:

SubNamespace spec.labels/spec.annotations is now propagated to descendants namespaces.
Added --labels and --annotations options to the kubectl-accurate sub create command.
Wrote docs.

Would you review these points?

bells17 commented 2 years ago

Also, could you update this part of the user manual for this new feature? https://cybozu-go.github.io/accurate/subnamespaces.html#creating-a-sub-namespace

I've already updated the user manual, but should I need to make additional updates? https://github.com/cybozu-go/accurate/pull/19/files#diff-b394f5d0e85c3cd9c802a88109196f87c4f5047d04b50c0c557476474460adc4R88-R118

ymmt2005 commented 2 years ago

@bells17

I've already updated the user manual, but should I need to make additional updates?

My bad. I overlooked that. It's enough, thank you.

bells17 commented 2 years ago

Please validate the labels and annotations in SubNamespace spec field.

added.

bells17 commented 2 years ago

@ymmt2005 (cc: @zoetrope) Thank you. I fixed points that are pointed on.