Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add single-namespace deployment mode #690

Open
EronWright opened this issue Sep 26, 2024 · 2 comments
Open

Add single-namespace deployment mode #690

EronWright opened this issue Sep 26, 2024 · 2 comments
Labels
kind/enhancement Improvements or new features

Comments

@EronWright
Copy link
Contributor

EronWright commented Sep 26, 2024

A single-namespace deployment of PKO is one where the operator serves only its own namespace, and doesn't require the installation of a ClusterRole or ClusterRoleBinding. Of course, PKO requires various CRDs be installed, so having admin rights to install cannot be avoided altogether.

PKOv2 is designed to natively support multi-tenancy across namespaces without needing to deploy separate instances of the operator into each namespace. Looking back at #328, we see that the ability to deploy to multiple namespaces was added to address a lack of isolation: https://github.com/pulumi/home/issues/2330. So, single-namespace mode isn't needed for the multi-tenancy use-case anymore.

Aside from multi-tenancy, a reasonable use-case is for non-admins to be able to install the operator into their own namespace.

Implementation-wise, we need to:

  • add code to the manager to scope its cache and its watches to a WATCH_NAMESPACE.
  • optional: make a deploy app that can target a specific namespace. We might need a different kustomization overlay for this, or might need to port the manifests into Pulumi code.
  • update the helm chart to support this mode.
@EronWright EronWright converted this from a draft issue Sep 26, 2024
@cleverguy25

This comment has been minimized.

@pulumi-bot pulumi-bot added the needs-triage Needs attention from the triage team label Sep 26, 2024
EronWright added a commit that referenced this issue Sep 26, 2024
<!--Thanks for your contribution. See [CONTRIBUTING](CONTRIBUTING.md)
    for Pulumi's contribution guidelines.

    Help us merge your changes more quickly by adding more details such
    as labels, milestones, and reviewers.-->

### Proposed changes


<!--Give us a brief description of what you've done and what it solves.
-->

This is a new, simplified deployment app for PKO. It leverages the
kustomization that is maintained in `operator/config/default` to avoid
code duplication. It supports ONLY cluster-wide installation.

PKOv2 is designed to natively support multi-tenancy across namespaces
without needing to deploy separate instances of the operator into each
namespace. Looking back at
#328, we see
that the ability to deploy to multiple namespaces was added to address a
lack of isolation (see pulumi/home#2330). I
opened #690
to track adding support for single-namespace deployment.

### Related issues (optional)

<!--Refer to related PRs or issues: #1234, or 'Fixes #1234' or 'Closes
#1234'.
Or link to full URLs to issues or pull requests in other GitHub
repositories. -->
@blampe blampe added kind/task Work that's part of an ongoing epic kind/enhancement Improvements or new features and removed needs-triage Needs attention from the triage team kind/task Work that's part of an ongoing epic labels Sep 27, 2024
@EronWright
Copy link
Contributor Author

EronWright commented Oct 29, 2024

Closes: #279
Closes: #247

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
kind/enhancement Improvements or new features
Projects
No open projects
Status: No status
Development

No branches or pull requests

4 participants