search

keikoproj / manager

Multi K8s cluster Namespace Management
Apache License 2.0
9 stars 3 forks source link

Allow Resource Creation with conditions #21

Closed mnkg561 closed 4 years ago

mnkg561 commented 4 years ago

Is this a BUG REPORT or FEATURE REQUEST?: FEATURE REQUEST

What happened: By default, all the resources will be created in asynchronous calls. There might be a chance where one of the k8s resource is dependent on other resource. For example: To create RoleBinding you must have Role and Service Account already exists. We should allow option to provide the dependency structure if one needed.

This should be part of Namespace Template as well as ManagedNamespace (well, behind the scenes its using same struct)

What you expected to happen: For ex: In following template, controller should create service account only after Role is created successfully.

    resource:
      - name: local_service_account2
        type: ServiceAccount
        dependsOn: local_role
        serviceAccount:
          apiVersion: v1
          kind: ServiceAccount
          metadata:
            name: ${env}-sa2
            namespace: ${name}
      - name: local_role
        type: Role
        role:
          apiVersion: rbac.authorization.k8s.io/v1
          kind: Role
          metadata:
            name: ${env}-role
          rules:
            - apiGroups:
                - ""
              resources:
                - pods/attach
                - pods/exec
              verbs:
                - get
                - list
                - watch
                - create

How to reproduce it (as minimally and precisely as possible):

Anything else we need to know?:

Environment:

Other debugging information (if applicable):

- controller logs:

$ kubectl logs

mnkg561 commented 4 years ago

We have to be careful with circular dependency and all resources with "dependsOn" variable.

mnkg561 commented 4 years ago

This should also provide the condition if resource have to be created only once and should not be overwritten after that. This might be useful in a case where administrator can provide default value but namespace owners can always update based on their requirements directly on the managed cluster itself using any CICD tool.