stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions!
Closed xhejtman closed 1 year ago
stale[bot]
commented
1 year ago This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions!
aslafy-z
commented
1 year ago I'm doing this using Kyverno policies, the same thing can also be achieved with Gatekeeper or any other validation solution. I doubt we'll implement that kind of access control in the product itself. What do you think @pepov @ahma?
xhejtman
commented
1 year ago Isn't it a bit overkill, if you can do simple if in the helm chart, to not define the file item in the CRD?
pepov
commented
1 year ago @aslafy-z is right it should be handled with policy engines.
The solution @xhejtman proposed is impossible unfortunately, we cannot dynamically enable/disable CRD fields. We could in theory enable/disable the functionality behind it, but that would add a lot of complexity so please use a policy engine to achieve that.
Is your feature request related to a problem? Please describe. In the current logging-operator,
fileoutput is always present and possible to use. Being an admin of a cluster, I do not want users to use thefileoutput as it stores logs into the fluend container without filtering output path, not sure if you can actually set path different to/tmpor not. I would like to make thefileoutput optional, e.g., via values in charts. I see that I can mount PVC into/tmpbut I would like to see this output completely disabled.