Allow inclusive configuration of resources to propagate #16
Comments
yiqigao217
added
good first issue
|
Yes, this is a good idea and we considered it when we were first designing exceptions:
We haven't seen a strong demand from this from our own customers, but I think the interface and semantics are fairly clear so I'd welcome PRs for this feature. Note that the majority of the work here would likely be in coming up with suitable integration tests; the code itself would likely be relatively easy. /good-first-issue |
|
@adrianludwin: Please ensure the request meets the requirements listed here. If this request no longer meets these requirements, the label can be removed In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Issues go stale after 90d of inactivity. If this issue is safe to close now please do so with Send feedback to sig-contributor-experience at kubernetes/community. |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
removed
the
lifecycle/stale
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
k8s-ci-robot
added
lifecycle/frozen
|
I have run into exactly this problem. Only being able to exclude secrets makes it so that all automatically generated secrets, such as Helm release secrets, need to be annotated so that they won't get propagated. This is not optimal, when all we want to do is only propagate one single Kubernetes secret to the sub-namespaces. |
…rces
an additional SyncornizationMode called 'Allow' which only enables
propagation when a selector is set is added. An 'all' selector is also
addded.
Tested: e2e-testing covering secrets resource in 'Allow' mode and checking
propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all').
Unit testing is also modified to account for the new 'all' selection
Signed-off-by: mzeevi <[email protected]>
See issue kubernetes-sigs#16. To allow inclusive propagation of resources an additional SyncornizationMode called 'Allow' which only enables propagation when a selector is set is added. An 'all' selector is also addded. Tested: e2e-testing covering secrets resource in 'Allow' mode and checking propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all'). Unit testing is also modified to account for the new 'all' selection Signed-off-by: mzeevi <[email protected]>
See issue kubernetes-sigs#16. To allow inclusive propagation of resources an additional SyncornizationMode called 'Allow' which only enables propagation when a selector is set is added. An 'all' selector is also addded. Tested: e2e-testing covering secrets resource in 'Allow' mode and checking propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all'). Unit testing is also modified to account for the new 'all' selection Signed-off-by: mzeevi <mzeevi@[email protected]>
See issue kubernetes-sigs#16. To allow inclusive propagation of resources an additional SyncornizationMode called 'Allow' which only enables propagation when a selector is set is added. An 'all' selector is also addded. Tested: e2e-testing covering secrets resource in 'Allow' mode and checking propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all'). Unit testing is also modified to account for the new 'all' selection Signed-off-by: mzeevi <[email protected]>
See issue kubernetes-sigs#16. To allow inclusive propagation of resources an additional SyncornizationMode called 'Allow' which only enables propagation when a selector is set is added. An 'all' selector is also addded. Tested: e2e-testing covering secrets resource in 'Allow' mode and checking propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all'). Unit testing is also modified to account for the new 'all' selection Signed-off-by: mzeevi <[email protected]>
See issue kubernetes-sigs#16. To allow inclusive propagation of resources an additional `SyncornizationMode` called 'AllowPropagate' which only enables propagation when a selector is set is added. An 'all' selector is also addded. Tested: e2e-testing covering secrets resource in 'AllowPropagate' mode and checking propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all'). Unit testing is also modified to account for the new 'all' selection Signed-off-by: mzeevi <[email protected]>
See issue kubernetes-sigs#16. To allow inclusive propagation of resources an additional `SyncornizationMode` called 'AllowPropagate' which only enables propagation when a selector is set is added. An 'all' selector is also addded. Tested: e2e-testing covering secrets resource in 'AllowPropagate' mode and checking propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all'). Unit testing is also modified to account for the new 'all' selection Signed-off-by: mzeevi <[email protected]>
See issue kubernetes-sigs#16. To allow inclusive propagation of resources an additional `SyncornizationMode` called 'AllowPropagate' which only enables propagation when a selector is set is added. An 'all' selector is also addded. Tested: e2e-testing covering secrets resource in 'AllowPropagate' mode and checking propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all'). Unit testing is also modified to account for the new 'all' selection Signed-off-by: mzeevi <[email protected]>
See issue kubernetes-sigs#16. To allow inclusive propagation of resources an additional `SyncornizationMode` called 'AllowPropagate' which only enables propagation when a selector is set is added. An 'all' selector is also addded. Tested: e2e-testing covering secrets resource in 'AllowPropagate' mode and checking propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all'). Unit testing is also modified to account for the new 'all' selection Signed-off-by: mzeevi <[email protected]>
See issue kubernetes-sigs#16. To allow inclusive propagation of resources an additional `SyncornizationMode` called 'AllowPropagate' which only enables propagation when a selector is set is added. An 'all' selector is also addded. Tested: e2e-testing covering secrets resource in 'AllowPropagate' mode and checking propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all'). Unit testing is also modified to account for the new 'all' selection Signed-off-by: mzeevi <[email protected]>
See issue kubernetes-sigs#16. To allow inclusive propagation of resources an additional `SyncornizationMode` called 'AllowPropagate' which only enables propagation when a selector is set is added. An 'all' selector is also addded. Tested: e2e-testing covering secrets resource in 'AllowPropagate' mode and checking propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all'). Unit testing is also modified to account for the new 'all' selection Signed-off-by: mzeevi <[email protected]>
See issue kubernetes-sigs#16. To allow inclusive propagation of resources an additional `SyncornizationMode` called 'AllowPropagate' which only enables propagation when a selector is set is added. An 'all' selector is also addded. Tested: e2e-testing covering secrets resource in 'AllowPropagate' mode and checking propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all'). Unit testing is also modified to account for the new 'all' selection Signed-off-by: mzeevi <[email protected]>
See issue kubernetes-sigs#16. To allow inclusive propagation of resources an additional `SyncornizationMode` called 'AllowPropagate' which only enables propagation when a selector is set is added. An 'all' selector is also addded. Tested: e2e-testing covering secrets resource in 'AllowPropagate' mode and checking propagation when selectors are set and unset ('select', 'treeSelect', 'none', 'all'). Unit testing is also modified to account for the new 'all' selection Signed-off-by: mzeevi <[email protected]>
|
This one feels like it has been addressed using "Allow Propagate" on the resource type and adding an annotation ("propagate.hnc.x-k8s.io/all" = "true") to the specific resources one wants to propagate |
Tuesday Mar 16, 2021 at 09:34 GMT
Originally opened as kubernetes-retired/multi-tenancy#1436
When synchronizing additional resource types, eg Secrets, it is currently only possible to configure this globally (see #1435) and the propagation configuration only allows to exclude certain resources from propagation (via annotation).
It would be nice to have an inclusive way of configuring propagation as well. For example, assume the root namespace contains multiple secrets and I would like to only propagate specific secrets (something like what reflector does). In this case I would like to annotate the Secret to propagate and maybe somehow configure to which child namespaces it should be propagated.
This might require changing the propagation modes and adding a new one.
The text was updated successfully, but these errors were encountered: