search

weaveworks / flux2-openshift

OperatorHub submission repo for Flux2
Apache License 2.0
4 stars 4 forks source link

Enable Multi-tenancy lockdown #11

Open souleb opened 2 years ago

souleb commented 2 years ago

Enable multi-tenancy lockdown as described in the doc.

blezoray commented 5 months ago

After some tests, I don't see any solution to optionnaly configure multi-tenancy with OLM as the ClusterServiceVersion is not configurable. Maybe you should enforce multi-tenancy as default because Openshift is mainly deployed with multi-tenancy ?

Rgds, Bruno.

stefanprodan commented 5 months ago

Me and Soule we've been working on a new operator that allows configuring Flux. See https://operatorhub.io/operator/flux-operator which supports multi-tenancy lockdown e.g.

apiVersion: fluxcd.controlplane.io/v1
kind: FluxInstance
metadata:
  name: flux
  namespace: flux-system
  annotations:
    fluxcd.controlplane.io/reconcileEvery: 1h
    fluxcd.controlplane.io/reconcileTimeout: 5m
spec:
  distribution:
    version: 2.3.x
    registry: ghcr.io/fluxcd
  components:
    - source-controller
    - kustomize-controller
    - helm-controller
    - notification-controller
    - image-reflector-controller
    - image-automation-controller
  cluster:
    type: openshift
    multitenant: true
    networkPolicy: true
    domain: cluster.local