Closed crmarques closed 5 years ago
raffaelespazzoli
commented
5 years ago Hi @crmarques , currently this operator does not watch on the created resources. It is expected that users will be prevented from updating such resources via RBAC. Implementing this feature is not trivial, in fact because we don't know which resource type the user will decide to create, basically we have to listen on any resource type, which essentially means listening on the entire etcd database.
crmarques
commented
5 years ago Thank you, @raffaelespazzoli!
I'm not sure about other limitations, but implementing this operator as a helm operator could solve this specific feature more easily. Thinking about enforcing some objects to a desired state seems to me a good use of helm operators.
But thank you again for your fast anwser!!!
raffaelespazzoli
commented
5 years ago
If we deploy the tshirt-quotas.yaml example, operator correctly deploys ResourceQuota "large-size" object in "large-project" namespace, as expected.
However, if someone with ResourceQuota edit permission in "large-project" changes the target ResourceQuota object, for example, from requests.cpu=4 to =5, it doesn't reconcile back to the desired state.
Is it the expected result? Shouldn't the operator enforce the declared state (requests.cpu=4)?