-
Notifications
You must be signed in to change notification settings - Fork 56
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make deployment programs and instructions target multiple namespaces #328
Conversation
de86166
to
2a822cf
Compare
This may introduce a problem, which is this: if you run it without this flag in your config, it will install the CRDs; then if you run it with the flag, it will want to delete the CRD. Perhaps using a |
a5c150e
to
b84b473
Compare
This commit makes it possible to install the operator in several namespaces, by supplying multiple values in the config item `namespaces` when running one of the Pulumi programs under deploy/. (This also makes the deployed operator log level `error` in the Go and .NET programs, to bring them in line with the other programs and canonical YAML configuration.) The CRD and operator tags are now items of config, for each of the programs under deploy/, with defaults. An upgrade is then a case of e.g., pulumi config set operator-version v1.10.2 pulumi up The defaults are consts at the top of the file, and can be updated more easily. Signed-off-by: Michael Bridgen <[email protected]>
b84b473
to
14396cc
Compare
I removed this flag, as it's a trap. On the expectation that only one stack is going to be doing the installation for a cluster, I've left the CRD installation unconditional; you can supply a version (i.e., a git ref) at which to fetch it. |
Note for reviewer(s): in the instructions it uses
|
Is there a situation in which you'd want differing CRD and Image versions? |
The CRD versions and operator versions are not the same domain. Operator versions include images from releases (e.g., |
- use `pulumi new` rather than downloading a tarball - aside from choosing the directory, the instructions don't depend on the template you use, so just give them once - explain the new namespaces config item - explain how to upgrade the operator Signed-off-by: Michael Bridgen <[email protected]>
Signed-off-by: Michael Bridgen <[email protected]>
Signed-off-by: Michael Bridgen <[email protected]>
7ef98a0
to
eb8d3c3
Compare
<!--Thanks for your contribution. See [CONTRIBUTING](CONTRIBUTING.md) for Pulumi's contribution guidelines. Help us merge your changes more quickly by adding more details such as labels, milestones, and reviewers.--> ### Proposed changes <!--Give us a brief description of what you've done and what it solves. --> This is a new, simplified deployment app for PKO. It leverages the kustomization that is maintained in `operator/config/default` to avoid code duplication. It supports ONLY cluster-wide installation. PKOv2 is designed to natively support multi-tenancy across namespaces without needing to deploy separate instances of the operator into each namespace. Looking back at #328, we see that the ability to deploy to multiple namespaces was added to address a lack of isolation (see pulumi/home#2330). I opened #690 to track adding support for single-namespace deployment. ### Related issues (optional) <!--Refer to related PRs or issues: #1234, or 'Fixes #1234' or 'Closes #1234'. Or link to full URLs to issues or pull requests in other GitHub repositories. -->
The correct way to deploy the operator to work in several namespaces is one deployment in each namespace, with permissions just for that namespace. This PR updates the deployment programs (in deploy/) so that they accept a config entry
namespaces
, assumed to be a list of strings, and deploy an operator in each of the namespaces mentioned. The operator version (image tag) and CRD version (git tag at which to fetch it) are also configurable.