Is it possible to use the kubectl-hns plugin in API form?

kubernetes-sigs / hierarchical-namespaces

Home of the Hierarchical Namespace Controller (HNC). Adds hierarchical policies and delegated creation to Kubernetes namespaces for improved in-cluster multitenancy.

Apache License 2.0

607 stars 105 forks source link

Is it possible to use the kubectl-hns plugin in API form? #345

Closed kyungminchoi closed 3 months ago

kyungminchoi commented 10 months ago

hello. I have a question. Is it possible to use the kubectl-hns plugin in REST API form? For example, currently I am using client-go to call the k8s api when creating a namespace within an application developed in the go language. I would like to modify the part that creates this namespace to the code that creates a subnamespace.

adrianludwin commented 10 months ago

If you're using client-go, your best option is probably just to create the HNC API objects directly and send them through the generic client - that's what the HNS plugin does. I doubt any of the internal code would add much value to you, it's a pretty straightforward translation of command-line to API.

On Sun, Nov 5, 2023, 6:54 p.m. kyungminchoi @.***> wrote:

hello. I have a question. Is it possible to use the kubectl-hns plugin in REST API form? For example, currently I am using client-go to call the k8s api when creating a namespace within an application developed in the go language. I would like to modify the part that creates this namespace to the code that creates a subnamespace.

— Reply to this email directly, view it on GitHub https://github.com/kubernetes-sigs/hierarchical-namespaces/issues/345, or unsubscribe https://github.com/notifications/unsubscribe-auth/AE43PZAAEWY4DJ2RLFWQM6DYDARMNAVCNFSM6AAAAAA66V3INOVHI2DSMVQWIX3LMV43ASLTON2WKOZRHE3TQMBTGQYTEMY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

zuspiel commented 8 months ago

Hi @adrianludwin, first off: Stellar effort on this project!

I'd also like to drive HNS via the API. We programmatically create compute "jobs" (which are basically entire applications). Each job works in its own namespace. HNS is a god-sent for managing permissions.

I've been looking at the documents that get created when assembling a hierarchy via kubectl. I think I can possibly reverse engineer the API calls, but it'll be a lot of trial and error. I also tried added verbosity (like kubectl -v=8 which normally shows the API calls) but that option isn't available in the HNS plugin.

Is there anything you could point us at that would help in divining the correct API calls?

Thanks a bunch in advance!

k8s-triage-robot commented 5 months ago

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle stale
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot commented 4 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Mark this issue as fresh with /remove-lifecycle rotten
Close this issue with /close
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot commented 3 months ago

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

After 90d of inactivity, lifecycle/stale is applied
After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

Reopen this issue with /reopen
Mark this issue as fresh with /remove-lifecycle rotten
Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-ci-robot commented 3 months ago

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to [this](https://github.com/kubernetes-sigs/hierarchical-namespaces/issues/345#issuecomment-2143589812): >The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. > >This bot triages issues according to the following rules: >- After 90d of inactivity, `lifecycle/stale` is applied >- After 30d of inactivity since `lifecycle/stale` was applied, `lifecycle/rotten` is applied >- After 30d of inactivity since `lifecycle/rotten` was applied, the issue is closed > >You can: >- Reopen this issue with `/reopen` >- Mark this issue as fresh with `/remove-lifecycle rotten` >- Offer to help out with [Issue Triage][1] > >Please send feedback to sig-contributor-experience at [kubernetes/community](https://github.com/kubernetes/community). > >/close not-planned > >[1]: https://www.kubernetes.dev/docs/guide/issue-triage/ Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.