Skip to content
This repository has been archived by the owner on Jun 26, 2023. It is now read-only.

HNC: Implement self-service namespace #457

Closed
yiqigao217 opened this issue Feb 26, 2020 · 4 comments
Closed

HNC: Implement self-service namespace #457

yiqigao217 opened this issue Feb 26, 2020 · 4 comments
Milestone
hnc-v0.3

Comments

@yiqigao217
Copy link
Contributor

Allow tenant admins who do not have cluster-wide namespace creation privileges to still create subnamespaces by creating custom resource instances locally.

The implementation includes:

  • Define HierarchicalNamespace (hns) CRD
  • Add allowCascadingDelete field to HierarchyConfig.spec
  • Add kubectl plugin to toggle HierarchyConfig.spec.allowCascadingDelete
  • Create an HNS reconciler to create/delete subnamespaces, interact with HC reconciler, etc.
  • Add webhook on the creation of HNS
  • Add kubectl plugin to create an HNS

See design: HNC self-service namespaces UX
This was referenced Feb 26, 2020
Merged
Merged
Closed
Closed
Merged
Closed
yiqigao217 added a commit to yiqigao217/multi-tenancy that referenced this issue Feb 28, 2020
@yiqigao217
Create a flag to toggle HC and HNS Reconcilers
a2bad3f 
Create a flag to enable/disable the HierarchicalNamespace Reconciler and
also toggle the behavior of HierarchyConfig Reconciler accordingly.
Changes to the HierarchyConfig Reconciler behaviour is not implemented
in this commit.

Tested on GKE cluster. The reconcilers were created successfully
with/without setting the flag. I saw the test logs with the correct
values set in Stackdriver.

Part of kubernetes-retired#467, kubernetes-retired#457
This was referenced Feb 28, 2020
Merged
Closed
Closed
Closed
Closed
Closed
Closed
yiqigao217 added a commit to yiqigao217/multi-tenancy that referenced this issue Mar 3, 2020
@yiqigao217
Enable hns reconciler to create namespace
3ea82cd 
In the hns reconciler, update the forest and enqueue in-memory
hierarchyConfig instance for hierarchyConfig reconciler to reconcile.
The hierarchyConfig reconciler will create the namespace with Owner
annotation and create/update both the parent and child hierarchyConfig
instances. If the hns reconciler is enabled by the flag, the hc
reconciler will get all hns objects from the forest instead of using the
"RequiredChildren" field in the hc spec.

Add integration tests with flag "make test HNS=1".

Tested by integration tests and manually with "kubectl hns create2 -n
parent child". The "child" namespace was created with Owner annotation
set to "parent".

Part of kubernetes-retired#457. Fixes kubernetes-retired#473.
This was referenced Mar 3, 2020
Merged
Closed
Closed
Merged
Closed
Merged
@yiqigao217 yiqigao217 mentioned this issue Mar 11, 2020
Closed
This was referenced Mar 18, 2020
Merged
Closed
@adrianludwin adrianludwin added this to the hnc-v0.3 milestone Mar 24, 2020
This was referenced Mar 24, 2020
Closed
Merged
Closed
Closed
Merged
This was referenced Mar 27, 2020
Merged
Merged
Merged
@adrianludwin
Copy link
Contributor

I think we're done with this? Congrats!

@yiqigao217
Copy link
Contributor Author

I think we're done with this? Congrats!

Thanks! The only thing left is the flaky test #560 . As for EX map, I unlinked the issue #495 to this main issue.

@adrianludwin
Copy link
Contributor

adrianludwin commented Apr 7, 2020 via email

@yiqigao217
Copy link
Contributor Author

I see, sure!

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
hnc-v0.3
Development

No branches or pull requests
2 participants
@adrianludwin @yiqigao217