Closed brandon-bethke-timu closed 5 years ago
ncabatoff
commented
6 years ago Couldn't you simply put all the FHRs for each namespace in their own subdirectory of the git repo, then point each namespace's flux instance at that subdirectory using the git.path chart value?
brandon-bethke-timu
commented
6 years ago We install flux in namespace 'beta'. It scans the beta branch of the repo We install flux in namespace 'alpha'. It scans the alpha branch of the repo. We will promote a release by merging the alpha branch into beta.
Here are the operator logs of a flux instance installed in namespace 'latest'. It is clearly attempting to do something with an artifact in namespace 'testgitlabci'. We do not want the flux instance picking up artifacts outside the namespace.
ts=2018-09-28T16:45:22.763051375Z caller=release.go:175 component=release error="Chart release failed: testgitlabci-hello-world-temp: &os.PathError{Op:\"stat\", Path:\"/tmp/flux-working546978170/charts/hello-world\", Err:0x2}"
ts=2018-09-28T16:45:22.763119209Z caller=chartsync.go:262 component=chartsync warning="Unable to determine if release has changed" namespace=testgitlabci name=hello-world error="stat /tmp/flux-working546978170/charts/hello-world: no such file or directory"We should also mention that the namespace is not specified in the FHR file itself. We have overridden the kube/config file to specify the default namespace.
ncabatoff
commented
6 years ago That sounds like a reasonable feature request to me. I've thought before that I'd like to use flux to manage everything in a namespace, and nothing more. It's a little unclear to me what the desired semantics are, given that you want to avoid specifying the namespace in the FHR. Would it be something like "When the --only-namespace=X option is provided, flux will ignore any resources that specify a namespace other than X"?
brandon-bethke-timu
commented
6 years ago We install flux using helm, so we need this option configurable as a helm value.
We are unsure of what the best semantics might be as well. The --only-namespace=X option seems reasonable to us.
We would expect the --only-namespace=X option to cause the operator to ignore all FHRs in other namespaces when specified. When not specified, the existing behavior would be performed. The existing behavior is the default.
Here is a sample values file that represents our usage that includes the new feature:
git:
url: ssh://git@gitlab.example.com/MyUserName/product-release.git
branch: alpha
helmOperator:
onlyNamespace: alpha
createCRD: false
create: true
git:
chartsPath: charts
ssh:
known_hosts: |
xxxxxx
kube:
config: |
apiVersion: v1
clusters: []
contexts:
- context:
cluster: ""
namespace: alpha
user: ""
name: default
current-context: default
kind: Config
preferences: {}
users: []
stefanprodan
commented
6 years ago The option name should match the Flux flag
Helm-op could accept a list of namespaces and based on that the FHR informer should do the filtering when receiving events from k8s API.
Our observations lead us to believe that flux installed in namespace 'alpha' will pick up FHRs in namespace 'beta'. This is probably by design.
We would like the option to restrict flux from only finding FHRs in the namespace that flux is installed. We would like to configure this option using helm values.
We want to install multiple instances of flux in different namespaces and we don't want each instance of flux to find all FHR resources in all namespaces.