Add 'name' label to created namespaces #4231
Conversation
k8s-ci-robot
added
cncf-cla: yes
|
I have also not implemented ensuring the label exists on the namespace, for the cases where a user may have pre-provisioned a namespace. This also means the label presumably won't be added on chart upgrades too. |
|
Any chance this PR can get some eyes on it? Not sure what the release cycle/process is for Helm, but I'm really keen to get this in some form into Helm! Right now it is not possible for me to set up validating webhooks that exclude a particular namespace, as I am unable to set a label on that namespace 😬 /cc @bacongobbler |
|
+1 seems like a reasonable add to me. I'll defer to @bacongobbler or someone else who works more on core to LGTM |
|
#pleasereleasethis :D |
|
@Stono feel free to either test this PR using either v2.10.0-rc.2 or the canaries for the time being. We're working on an official release; just fixing up a few snags we've found during testing. Thanks. |
This pull request changes Helm to add a 'name' label to namespaces it creates.
This is useful because a number of Kubernetes extension points allow configuring whether webhook/policy applies to a namespace based only on labels, and not namespace name (e.g. NetworkPolicy & Validating/MutatingWebhookConfiguration).
This PR will allow me to selectively disable resource validation on the namespace that my controller/application is deployed into.
This has been requested in #3503 (although that issue requests more metadata). Custom labels have been requested in #4178.
Given the security considerations with custom labels, and the complication in complexity with adding more metadata, for now, I have opted to add a simple 'name' label.