-
Notifications
You must be signed in to change notification settings - Fork 162
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use selectors instead of AllowedList for IngressClasses, StorageClasses, PriorityClasses #436
Comments
@MaxFedotov sounds good to me since more Kubernetes like. What about For backward compatibility same concerns. Let’s see @prometherion point of view |
Can you please explain in more details? |
just this: apiVersion: capsule.clastix.io/v1beta1
kind: Tenant
metadata:
name: oil
spec:
owners:
- name: alice
kind: User
storageClasses:
labelSelector:
foo: bar |
Couldn't agree more on this.
This change is absolutely breaking and not portable using a conversion. The unique way to use it would be adding However, this would make things even more complicated on I got a plan:
Do you think this could be feasible? |
@prometherion as we're approaching new API version for Tenant resource, what about to introduce this enhancement? To avoid breaking changes, we can just add another method of specifying Classes to make the transition smooth: apiVersion: capsule.clastix.io/v1beta1
kind: Tenant
metadata:
name: oil
spec:
owners:
- name: alice
kind: User
storageClasses:
labelSelector: # <<< new way in v1beta2
foo: bar
allowed: # <<< old way deprecated but still supported in v1beta2, removed in v1
- default
allowedRegex: "^tier-.*$" |
@bsctl you're right, @MaxFedotov agreed on working on this. |
We are using a specific struct,
AllowedListSpec
:to allow tenant users to use only specific IngressClasses, StorageClasses or PriorityClasses.
While it allows additional fine-grained configuration, that is not a kubernetes way of specifying resources.
Much better will be to use label selectors (the same way, as it is in
nodeSelector
option for tenant).With this,
tenant spec
will look like:This change will simplify webhook code, make it works much faster (no regexp check), and will simplify the code of a
capsule-proxy
(as we won't need to get all resources first and then perform regexp validation or array probing).The downside of this change is that it is completely backward incompatible and there will be no way to automatically upgrade tenant spec to this new version.
@bsctl, @prometherion need your opinion on this.
The text was updated successfully, but these errors were encountered: