Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Make deployment programs and instructions target multiple namespaces #328

Merged
merged 4 commits into from
Oct 31, 2022

Conversation

squaremo
Copy link
Contributor

@squaremo squaremo commented Sep 27, 2022

The correct way to deploy the operator to work in several namespaces is one deployment in each namespace, with permissions just for that namespace. This PR updates the deployment programs (in deploy/) so that they accept a config entry namespaces, assumed to be a list of strings, and deploy an operator in each of the namespaces mentioned. The operator version (image tag) and CRD version (git tag at which to fetch it) are also configurable.

CHANGELOG.md Outdated Show resolved Hide resolved
deploy/deploy-operator-cs/MyStack.cs Outdated Show resolved Hide resolved
deploy/deploy-operator-go/main.go Outdated Show resolved Hide resolved
deploy/deploy-operator-go/main.go Outdated Show resolved Hide resolved
@squaremo
Copy link
Contributor Author

The config entry exclude-crds is also accepted just in case the CRD is installed some other way.

This may introduce a problem, which is this: if you run it without this flag in your config, it will install the CRDs; then if you run it with the flag, it will want to delete the CRD. Perhaps using a get instead of ignoring them altogether would work.

@squaremo squaremo force-pushed the multi-namespace-deploy branch 2 times, most recently from a5c150e to b84b473 Compare October 28, 2022 13:41
This commit makes it possible to install the operator in several
namespaces, by supplying multiple values in the config item
`namespaces` when running one of the Pulumi programs under deploy/.

(This also makes the deployed operator log level `error` in the Go and
.NET programs, to bring them in line with the other programs and
canonical YAML configuration.)

The CRD and operator tags are now items of config, for each of the
programs under deploy/, with defaults. An upgrade is then a case of
e.g.,

    pulumi config set operator-version v1.10.2
    pulumi up

The defaults are consts at the top of the file, and can be updated more
easily.

Signed-off-by: Michael Bridgen <[email protected]>
@squaremo squaremo force-pushed the multi-namespace-deploy branch from b84b473 to 14396cc Compare October 28, 2022 14:11
@squaremo
Copy link
Contributor Author

The config entry exclude-crds is also accepted just in case the CRD is installed some other way.

This may introduce a problem, which is this: if you run it without this flag in your config, it will install the CRDs; then if you run it with the flag, it will want to delete the CRD. Perhaps using a get instead of ignoring them altogether would work.

I removed this flag, as it's a trap. On the expectation that only one stack is going to be doing the installation for a cluster, I've left the CRD installation unconditional; you can supply a version (i.e., a git ref) at which to fetch it.

@squaremo squaremo requested a review from lblackstone October 28, 2022 14:26
@squaremo
Copy link
Contributor Author

Note for reviewer(s): in the instructions it uses pulumi new <URL> as a way to use a directory in this repo as a template. This assumes the templates are in the default branch To do the equivalent while they is still in this PR branch:

pulumi new https://github.com/pulumi/pulumi-kubernetes-operator/tree/multi-namespace-deploy/$TEMPLATE

deploy/deploy-operator-py/__main__.py Outdated Show resolved Hide resolved
@roothorp
Copy link
Contributor

Is there a situation in which you'd want differing CRD and Image versions?

@squaremo
Copy link
Contributor Author

Is there a situation in which you'd want differing CRD and Image versions?

The CRD versions and operator versions are not the same domain. Operator versions include images from releases (e.g., v1.10.1), but also images you build locally (e.g., 7ef98a0); whereas, the CRD version is git refs -- tags, branches. You might want to set the operator version to a locally-built image, while leaving the CRD version to default.

 - use `pulumi new` rather than downloading a tarball
 - aside from choosing the directory, the instructions don't depend on
   the template you use, so just give them once
 - explain the new namespaces config item
 - explain how to upgrade the operator

Signed-off-by: Michael Bridgen <[email protected]>
@squaremo squaremo force-pushed the multi-namespace-deploy branch from 7ef98a0 to eb8d3c3 Compare October 31, 2022 14:23
@squaremo squaremo merged commit 68b5627 into master Oct 31, 2022
@squaremo squaremo deleted the multi-namespace-deploy branch October 31, 2022 14:25
EronWright added a commit that referenced this pull request Sep 26, 2024
<!--Thanks for your contribution. See [CONTRIBUTING](CONTRIBUTING.md)
    for Pulumi's contribution guidelines.

    Help us merge your changes more quickly by adding more details such
    as labels, milestones, and reviewers.-->

### Proposed changes


<!--Give us a brief description of what you've done and what it solves.
-->

This is a new, simplified deployment app for PKO. It leverages the
kustomization that is maintained in `operator/config/default` to avoid
code duplication. It supports ONLY cluster-wide installation.

PKOv2 is designed to natively support multi-tenancy across namespaces
without needing to deploy separate instances of the operator into each
namespace. Looking back at
#328, we see
that the ability to deploy to multiple namespaces was added to address a
lack of isolation (see pulumi/home#2330). I
opened #690
to track adding support for single-namespace deployment.

### Related issues (optional)

<!--Refer to related PRs or issues: #1234, or 'Fixes #1234' or 'Closes
#1234'.
Or link to full URLs to issues or pull requests in other GitHub
repositories. -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants