-
Notifications
You must be signed in to change notification settings - Fork 169
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(process): Naive namespaces (#312)
Now that lists are always unwrapped, we assume all other objects use `ObjectMeta`, so they do accept a namespace, regardless of whether they actually use it. This allows us to simplify our code, by always setting it. For yet unknown edge-cases, we allow using the `tanka.dev/namespaced` annotation to override this behaviour.
- Loading branch information
Showing
13 changed files
with
246 additions
and
141 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,46 @@ | ||
--- | ||
name: Namespaces | ||
route: /namespaces | ||
--- | ||
|
||
# Namespaces | ||
|
||
When using Tanka, namespaces are handled slightly different compared to | ||
`kubectl`, because environments offer more granular control than contexts used | ||
by `kubectl`. | ||
|
||
## Default namespaces | ||
|
||
In the [`spec.json`](/config/#file-format) of each environment, you can set the | ||
`spec.namespace` field, which is the default namespace. The default namespace is | ||
set for every resource that **does not** have a namespace **set from Jsonnet**. | ||
|
||
| | Scenario | Action | | ||
| --- | ---------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | | ||
| 1. | Your resource **lacks namespace** information (`metadata.namespace`) unset or `""` | Tanka sets `metadata.namespace` to the value of `spec.namespace` in `spec.json` | | ||
| 2. | Your resource **already has** namespace information | Tanka does nothing, accepting the explicit namespace | | ||
|
||
While we recommend keeping environments limited to a single namespace, there are | ||
legit cases where it's handy to have them span multiple namespaces, for example: | ||
|
||
- Some other piece of software (Operators, etc) require resources to be in a specific namespace | ||
- A rarely changing "base" environment holding resources deployed for many clusters in the same way | ||
- etc. | ||
|
||
## Cluster-wide resources | ||
|
||
Some resources in Kubernetes are cluster-wide, meaning they don't belong to a single namespace at all. | ||
|
||
To Tanka these appear as _Scenario 1 (see above)_, so it will set the default | ||
namespace. In reality however, this is **not a problem**, because `kubectl` | ||
discards this information silently. We made this design-choice, because it | ||
simplifies our code a lot. | ||
|
||
In case this ever becomes a problem, you can **override this** behavior | ||
per-resource, by setting the `tanka.dev/namespaced` annotation to `"false"` | ||
(must be of `string` type): | ||
|
||
```jsonnet | ||
thing: clusterRole.new("myClusterRole") | ||
+ clusterRole.mixin.metadata.withAnnotationsMixin({ "tanka.dev/namespaced": "false" }) | ||
``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.