-
Notifications
You must be signed in to change notification settings - Fork 163
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding podOptions to the Tenant specification #737
Comments
@prometherion makes sense to me. But since this is again an API bump i would like to explore more generic options as well. Moving towards Kyverno PoliciesAs mentioned in #51, we should reconsider moving the capsule policy engine towards Kyverno policies. Kyverno seems to be the most adapted policy engine by now and we have already seen so many use-cases where it's in use. I am coming up with that idea, since it would change . This is just a super experimental thought regarding this topic. Just wanted to hear you guys thoughts about it. If it could be remotely interesting we should move it to.a new issues. This would require probably a hefty rewrite, but might give capsule even more framework characteristics + simplifies maintenance. So just as a quick idea:
Probably we should then work with ownerReferences between policies and tenants to prevent deletion. Also the policy should probably allow referencing of custom policies. But thats already to far for now. So the capsule controller would ensure that these policies exists (eg.
As said, just a quick and dirty idea.. :) Some concerns:
Not sure what you guys think about such a change. |
@oliverbaehler this has been discussed many times in #51. However what prevented us to move in that direction was the hard dependency we will introduce. I would suggest two different approaches to explore further:
|
The current
v1beta2
Tenant API resource has multiple specs that could be added in a single struct.The proposal is to group all of these in a new spec parent key, such as
podOptions
, as we're doing withnamespaceOptions
,ingressOptions
andserviceOptions
.@bsctl @oliverbaehler @MaxFedotov please, share your thoughts!
The text was updated successfully, but these errors were encountered: