You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
thanks for this project. In a multi tenant Kubernetes cluster, setting up new ClusterRole and ClusterRoleBinding resources is typically problematic and needs more consideration from the cluster administrator team. It would be great if kuma-ingress-watcher could be configured to either a) track Kubernetes resources in just a single namespace -- the one it is deployed in -- or b) to track the resources in a configurable list of namespaces. Most likely b) is the better approach as it is more flexible but of course also a bit more work. This allows the application to be deployed for single/multiple namespaces with just Role and RoleBinding resources.
As far as I understand from the Python code, the code is using the networking_api_instance.list_ingress_for_all_namespaces() to find all Ingress resources in the cluster is doing so similarly for IngressRoutes. I assume this portion of the code could be adjusted to somehow switch between a namespaced deployment mode and cluster-wide deployment mode.
Besides of that, there will also be a Helm Chart change necessary to not create the Cluster* resources in case of a namespaced deployment: ClusterRole and ClusterRoleBinding. If you want, I can help with that part. Unfortunately I am not a Python programmer so I would rather not get into implementing this feature itself in your Python code.
What do you think? :)
The text was updated successfully, but these errors were encountered:
Hi,
thanks for this project. In a multi tenant Kubernetes cluster, setting up new
ClusterRoleandClusterRoleBindingresources is typically problematic and needs more consideration from the cluster administrator team. It would be great ifkuma-ingress-watchercould be configured to either a) track Kubernetes resources in just a single namespace -- the one it is deployed in -- or b) to track the resources in a configurable list of namespaces. Most likely b) is the better approach as it is more flexible but of course also a bit more work. This allows the application to be deployed for single/multiple namespaces with justRoleandRoleBindingresources.As far as I understand from the Python code, the code is using the
networking_api_instance.list_ingress_for_all_namespaces()to find allIngressresources in the cluster is doing so similarly forIngressRoutes. I assume this portion of the code could be adjusted to somehow switch between a namespaced deployment mode and cluster-wide deployment mode.Besides of that, there will also be a Helm Chart change necessary to not create the
Cluster*resources in case of a namespaced deployment: ClusterRole and ClusterRoleBinding. If you want, I can help with that part. Unfortunately I am not a Python programmer so I would rather not get into implementing this feature itself in your Python code.What do you think? :)
The text was updated successfully, but these errors were encountered: