Closed crmarques closed 5 years ago
Hi @crmarques , currently this operator does not watch on the created resources. It is expected that users will be prevented from updating such resources via RBAC. Implementing this feature is not trivial, in fact because we don't know which resource type the user will decide to create, basically we have to listen on any resource type, which essentially means listening on the entire etcd database.
Thank you, @raffaelespazzoli!
I'm not sure about other limitations, but implementing this operator as a helm operator could solve this specific feature more easily. Thinking about enforcing some objects to a desired state seems to me a good use of helm operators.
But thank you again for your fast anwser!!!
If we deploy the tshirt-quotas.yaml example, operator correctly deploys ResourceQuota "large-size" object in "large-project" namespace, as expected.
However, if someone with ResourceQuota edit permission in "large-project" changes the target ResourceQuota object, for example, from requests.cpu=4 to =5, it doesn't reconcile back to the desired state.
Is it the expected result? Shouldn't the operator enforce the declared state (requests.cpu=4)?