-
Notifications
You must be signed in to change notification settings - Fork 54
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add single-namespace deployment mode #690
Labels
kind/enhancement
Improvements or new features
Comments
This comment has been minimized.
This comment has been minimized.
5 tasks
EronWright
added a commit
that referenced
this issue
Sep 26, 2024
<!--Thanks for your contribution. See [CONTRIBUTING](CONTRIBUTING.md) for Pulumi's contribution guidelines. Help us merge your changes more quickly by adding more details such as labels, milestones, and reviewers.--> ### Proposed changes <!--Give us a brief description of what you've done and what it solves. --> This is a new, simplified deployment app for PKO. It leverages the kustomization that is maintained in `operator/config/default` to avoid code duplication. It supports ONLY cluster-wide installation. PKOv2 is designed to natively support multi-tenancy across namespaces without needing to deploy separate instances of the operator into each namespace. Looking back at #328, we see that the ability to deploy to multiple namespaces was added to address a lack of isolation (see pulumi/home#2330). I opened #690 to track adding support for single-namespace deployment. ### Related issues (optional) <!--Refer to related PRs or issues: #1234, or 'Fixes #1234' or 'Closes #1234'. Or link to full URLs to issues or pull requests in other GitHub repositories. -->
Merged
blampe
added
kind/task
Work that's part of an ongoing epic
kind/enhancement
Improvements or new features
and removed
needs-triage
Needs attention from the triage team
kind/task
Work that's part of an ongoing epic
labels
Sep 27, 2024
This was referenced Oct 29, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A single-namespace deployment of PKO is one where the operator serves only its own namespace, and doesn't require the installation of a
ClusterRole
orClusterRoleBinding
. Of course, PKO requires various CRDs be installed, so having admin rights to install cannot be avoided altogether.PKOv2 is designed to natively support multi-tenancy across namespaces without needing to deploy separate instances of the operator into each namespace. Looking back at #328, we see that the ability to deploy to multiple namespaces was added to address a lack of isolation: https://github.com/pulumi/home/issues/2330. So, single-namespace mode isn't needed for the multi-tenancy use-case anymore.
Aside from multi-tenancy, a reasonable use-case is for non-admins to be able to install the operator into their own namespace.
Implementation-wise, we need to:
WATCH_NAMESPACE
.The text was updated successfully, but these errors were encountered: