Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Tenant owner is unable to label namespaces #663

Closed
MaxFedotov opened this issue Nov 24, 2022 · 0 comments · Fixed by #664
Closed

Tenant owner is unable to label namespaces #663

MaxFedotov opened this issue Nov 24, 2022 · 0 comments · Fixed by #664
Assignees
Labels
bug Something isn't working
Milestone

Comments

@MaxFedotov
Copy link
Collaborator

Having the following tenant spec

kubectl create -f - << EOF
apiVersion: capsule.clastix.io/v1beta1
kind: Tenant
metadata:
  annotations:
    capsule.clastix.io/forbidden-namespace-labels-regexp: pod-security.kubernetes.io.*
  name: foo
spec:
  namespaceOptions:
    additionalMetadata:
      labels:
        capsule.clastix.io/tenant: foo
        pod-security.kubernetes.io/audit: restricted
        pod-security.kubernetes.io/enforce: baseline
        pod-security.kubernetes.io/warn: restricted
    quota: 500
  nodeSelector:
    capsule.clastix.io/tenant: foo
  owners:
  - kind: Group
    name: bar
EOF

tenant admin is unable to label namespace:

kubectl label ns foo-one foo=bar
Error from server (Label pod-security.kubernetes.io/audit is forbidden for namespaces in the current Tenant. Forbidden are one of the following () or matching the regex pod-security.kubernetes.io.*): admission webhook "namespaces.capsule.clastix.io" denied the request: Label pod-security.kubernetes.io/audit is forbidden for namespaces in the current Tenant. Forbidden are one of the following () or matching the regex pod-security.kubernetes.io.*
@MaxFedotov MaxFedotov added bug Something isn't working blocked-needs-validation Issue need triage and validation labels Nov 24, 2022
@prometherion prometherion added this to the v0.2.0 milestone Nov 24, 2022
@prometherion prometherion self-assigned this Nov 24, 2022
@prometherion prometherion removed the blocked-needs-validation Issue need triage and validation label Nov 24, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants