Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

support for private/internal CRDs #975

Closed
willholley opened this issue Aug 2, 2019 · 8 comments
Closed

support for private/internal CRDs #975

willholley opened this issue Aug 2, 2019 · 8 comments
Labels
kind/feature Categorizes issue or PR as related to a new feature. triaged Issue has been considered by a member of the OLM community

Comments

@willholley
Copy link

We have an operator that implements a public and private API using CRDs. The public API is designed to be user-facing - user's create these custom resources for the operator to act on - and the private API feeds to downstream controllers only and users should generally not need to be aware of them. Think of the public API as a domain-specific shim over a generic set of CRDs/controllers.

Is there any way to differentiate these "internal" CRDs in the ClusterServiceVersion such that users of the operator aren't guided to create them manually?
@willholley willholley mentioned this issue Aug 2, 2019
Closed
@ecordell
Copy link
Member

ecordell commented Aug 2, 2019
edited
Loading

Thanks @willholley -

You're not the first to ask for this, and I do think it's important to address this. (see also: #734)

Currently, I'm thinking that we can collect some metadata about CR visibility - we can't prevent you from seeing an API once it's been registered (this is just how CRDs/discovery work), but we can be more careful about how we generate default roles and bindings for consuming CRs.

For UIs, we would expect that they can decide to hide particular CRD apis based on the user's access to read or write them.

@stale
Copy link

stale bot commented Feb 26, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Feb 26, 2020
@openshift-ci-robot openshift-ci-robot added triage/unresolved Indicates an issue that can not or will not be resolved. and removed wontfix labels Feb 27, 2020
@njhale njhale mentioned this issue Apr 24, 2020
Closed
@stale
Copy link

stale bot commented Apr 27, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Apr 27, 2020
@stale
Copy link

stale bot commented Jul 1, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Jul 1, 2020
@stale
Copy link

stale bot commented Sep 4, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Sep 4, 2020
@stale
Copy link

stale bot commented Nov 3, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Nov 3, 2020
@stale
Copy link

stale bot commented Jan 3, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Jan 3, 2021
@dinhxuanvu dinhxuanvu added triaged Issue has been considered by a member of the OLM community and removed triage/unresolved Indicates an issue that can not or will not be resolved. labels Nov 11, 2021
@njhale
Copy link
Member

njhale commented Nov 11, 2021
edited
Loading

but we can be more careful about how we generate default roles and bindings for consuming CRs

So this has been buried for a while, but there's definitely still interest in doing this.

Basically, we're looking at becoming much less opinionated in how we approach operator/user privileges -- putting more control in the hands of operator authors. Here are a few efforts towards making this possible:

Closing out -- we'll wrap this into user stories for new features.

@njhale njhale closed this as completed Nov 11, 2021
@njhale njhale added the kind/feature Categorizes issue or PR as related to a new feature. label Nov 11, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature Categorizes issue or PR as related to a new feature. triaged Issue has been considered by a member of the OLM community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@ecordell @willholley @njhale @dinhxuanvu @openshift-ci-robot