Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow deploy-time configurable alwaysIgnore.namespaces #1610

Closed
mjnagel opened this issue Dec 20, 2024 · 1 comment · Fixed by #1641
Closed

Allow deploy-time configurable alwaysIgnore.namespaces #1610

mjnagel opened this issue Dec 20, 2024 · 1 comment · Fixed by #1641
Assignees
@cmwylie19
Labels
enhancement New feature or request

Comments

@mjnagel
Copy link
Contributor

mjnagel commented Dec 20, 2024

Is your feature request related to a problem? Please describe.

Currently on uds-core we set 2 namespaces to ignore by default. In some environments these namespaces should not really be ignored (one is a dev namespace) and in other namespaces additional namespaces may need to be ignored (i.e. additional "system namespaces"). Currently these are configured at build time and we have not found an obvious way to allow this to be configured at deploy time.

Describe the solution you'd like

The current setting is templated into the webhook configuration under:

        - key: kubernetes.io/metadata.name
          operator: NotIn
          values:
            - kube-system
            - pepr-system

It would be a relatively easy change to allow this to be configured in the helm chart to append to/modify the list here. In the case of uds-core we could default this list to including the dev-stack, but via overrides at deploy time it could be modified.

Describe alternatives you've considered

  1. Make this the module author's responsibility - rather than filtering out with the webhook config, the module code could filter based on namespace.
  2. Identify an alternative path with zarf/etc that would be viable to modify this.
@mjnagel mjnagel added the enhancement New feature or request label Dec 20, 2024
@cmwylie19
Copy link
Collaborator

Been thinking about dynamic configuration for a while now. Currently do not have a CP/DP paradigm but it would enable more and more dynamic config. Thanks for the issue - we will consider what the best option would be to enable this type of behavior

@cmwylie19 cmwylie19 self-assigned this Jan 3, 2025
@cmwylie19 cmwylie19 mentioned this issue Jan 3, 2025
Closed
5 tasks
@cmwylie19 cmwylie19 moved this from 🆕 New to 🏗 In progress in Pepr Project Board Jan 3, 2025
@cmwylie19 cmwylie19 mentioned this issue Jan 3, 2025
Merged
5 tasks
github-merge-queue bot pushed a commit that referenced this issue Jan 6, 2025
@cmwylie19 @btlghrants
chore: carriedNamespace/carriesIgnoredNamespace account for Namespace…
36b87fe 
… object (#1619)

## Description

CarriedNamespace did not account for Namespace objects which caused some
strange behaviors in #1610

After Fix:

```bash
[14:20:13.943] DEBUG (44989): Ignoring Watch Callback: Object carries namespace 'pepr-demo-2' but ignored namespaces include '["pepr-demo-2"]'.
```

## Related Issue

Fixes #1618 
<!-- or -->
Relates to #

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

## Checklist before merging
- [x] Unit,
[Journey](https://github.com/defenseunicorns/pepr/tree/main/journey),
[E2E Tests](https://github.com/defenseunicorns/pepr-excellent-examples),
[docs](https://github.com/defenseunicorns/pepr/tree/main/docs),
[adr](https://github.com/defenseunicorns/pepr/tree/main/adr) added or
updated as needed
- [x] [Contributor Guide
Steps](https://docs.pepr.dev/main/contribute/#submitting-a-pull-request)
followed

---------

Signed-off-by: Case Wylie <[email protected]>
Co-authored-by: Barrett <[email protected]>
@cmwylie19 cmwylie19 mentioned this issue Jan 8, 2025
Merged
9 tasks
@cmwylie19 cmwylie19 moved this from 🏗 In progress to 👀 In review in Pepr Project Board Jan 15, 2025
github-merge-queue bot pushed a commit that referenced this issue Jan 15, 2025
@cmwylie19
feat: additionalIgnoredNamespaces at runtime through helm (#1641)
4e45cf5 
## Description

This feature:
- [x] Adds additionalIgnoredNamespaces to values.yaml
- [x] Sets additionalIgnoredNamespaces in controller container envs as
`PEPR_ADDITIONAL_IGNORED_NAMESPACES`
- [x] reads `PEPR_ADDITIONAL_IGNORED_NAMESPACES` env and adds namespaces
to ignoredNamespaces
- [x] Does **not** document PEPR_ADDITIONAL_IGNORED_NAMESPACES as
feature is meant to be set through helm chart and not by hand, By hand
you should set them in `package.json`

In action:
`package.json`

```json
    "alwaysIgnore": {
      "namespaces": ["something"]
    },
```


`values.yaml`
```yaml
additionalIgnoredNamespaces: 
  - 'kube-system'
  - 'kube-public'
  - 'kube-node-lease'
  - 'default'
  - 'pepr'
  - 'pepr-system'
  - 'pepr-test-module'
```

`> helm template .`

`controllers`
```yaml
            - name: PEPR__ADDITIONAL_IGNORED_NAMESPACES
              value: "kube-system, kube-public, kube-node-lease, default, pepr, pepr-system, pepr-test-module"
```

`webhook configs`

```yaml
    namespaceSelector:
      matchExpressions:
        - key: kubernetes.io/metadata.name
          operator: NotIn
          values:
            - kube-system
            - pepr-system
            - kube-system
            - kube-public
            - kube-node-lease
            - default
            - pepr
            - pepr-system
            - pepr-test-module
            - something
```

## Related Issue

Fixes #1610 #1617 
<!-- or -->
Relates to #

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging
- [x] Unit,
[Journey](https://github.com/defenseunicorns/pepr/tree/main/journey),
[E2E Tests](https://github.com/defenseunicorns/pepr-excellent-examples),
[docs](https://github.com/defenseunicorns/pepr/tree/main/docs),
[adr](https://github.com/defenseunicorns/pepr/tree/main/adr) added or
updated as needed
- [x] [Contributor Guide
Steps](https://docs.pepr.dev/main/contribute/#submitting-a-pull-request)
followed

---------

Signed-off-by: Case Wylie <[email protected]>
@github-project-automation github-project-automation bot moved this from 👀 In review to ✅ Done in Pepr Project Board Jan 15, 2025
tamirazrab pushed a commit to tamirazrab/pepr that referenced this issue Jan 17, 2025
@cmwylie19 @tamirazrab
feat: additionalIgnoredNamespaces at runtime through helm (defenseuni…
1605721 
…corns#1641)

## Description

This feature:
- [x] Adds additionalIgnoredNamespaces to values.yaml
- [x] Sets additionalIgnoredNamespaces in controller container envs as
`PEPR_ADDITIONAL_IGNORED_NAMESPACES`
- [x] reads `PEPR_ADDITIONAL_IGNORED_NAMESPACES` env and adds namespaces
to ignoredNamespaces
- [x] Does **not** document PEPR_ADDITIONAL_IGNORED_NAMESPACES as
feature is meant to be set through helm chart and not by hand, By hand
you should set them in `package.json`

In action:
`package.json`

```json
    "alwaysIgnore": {
      "namespaces": ["something"]
    },
```


`values.yaml`
```yaml
additionalIgnoredNamespaces: 
  - 'kube-system'
  - 'kube-public'
  - 'kube-node-lease'
  - 'default'
  - 'pepr'
  - 'pepr-system'
  - 'pepr-test-module'
```

`> helm template .`

`controllers`
```yaml
            - name: PEPR__ADDITIONAL_IGNORED_NAMESPACES
              value: "kube-system, kube-public, kube-node-lease, default, pepr, pepr-system, pepr-test-module"
```

`webhook configs`

```yaml
    namespaceSelector:
      matchExpressions:
        - key: kubernetes.io/metadata.name
          operator: NotIn
          values:
            - kube-system
            - pepr-system
            - kube-system
            - kube-public
            - kube-node-lease
            - default
            - pepr
            - pepr-system
            - pepr-test-module
            - something
```

## Related Issue

Fixes defenseunicorns#1610 defenseunicorns#1617 
<!-- or -->
Relates to #

## Type of change

- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

## Checklist before merging
- [x] Unit,
[Journey](https://github.com/defenseunicorns/pepr/tree/main/journey),
[E2E Tests](https://github.com/defenseunicorns/pepr-excellent-examples),
[docs](https://github.com/defenseunicorns/pepr/tree/main/docs),
[adr](https://github.com/defenseunicorns/pepr/tree/main/adr) added or
updated as needed
- [x] [Contributor Guide
Steps](https://docs.pepr.dev/main/contribute/#submitting-a-pull-request)
followed

---------

Signed-off-by: Case Wylie <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@cmwylie19 cmwylie19

Labels
enhancement New feature or request
Projects
Pepr Project Board
Status: ✅ Done
Milestone
No milestone
2 participants
@cmwylie19 @mjnagel