Add note on restriction on openshift- project name #20473
Conversation
openshift-ci-robot
added
the
size/S
|
The preview will be available shortly at: |
|
As I know only the cluster administer can create such namespaces. The master team may know more details. @xingxingxia could you confirm? |
|
Too many manual/auto runs and on_qa bugs pushed by Dev today. Will check details next day |
There was a problem hiding this comment.
master components
To be precise, use cluster components, because components like openshift-ingress etc are not master components. master usually means apiserver, controller-manager, scheduler.
There was a problem hiding this comment.
does not allow you to create Projects starting with
openshift-
Change to
does not allow you to create Projects starting with `openshift-` and `kube-` via `oc new-project` command
Because cluster admin can oc adm new-project openshift-xxx
There was a problem hiding this comment.
The pods created in these namespaces that have a critical pod annotation are considered critical. As such
I don't think this is the cause. The cause is https://github.com/openshift/openshift-apiserver/blob/master/pkg/project/apiserver/registry/projectrequest/delegated/delegated.go#L100-L101 code restricts it:
ForbiddenPrefixes = []string{"openshift-", "kubernetes-", "kube-"}
There was a problem hiding this comment.
@xingxingxia Thank you for pointing this out. I changed the wording. I would like to have a reason for why users cannot create namespaces with openshift- and kube- Is this correct?
Projects starting with
openshift-andkubehost cluster components that run as pods and other infrastructure components. As such, {product-title} does not allow you to create Projects starting withopenshift-orkube-using the CLI.
There was a problem hiding this comment.
clustre
Typo of cluster.
There was a problem hiding this comment.
@xingxingxia I apologize for this typo. I did make the change. But I didn't save the file before doing the commit. Sorry to waste your time here.
There was a problem hiding this comment.
s/using the CLI/using the oc new-project command/
As said in #20473 (comment) , cluster admin can oc adm new-project openshift-xxx, which is CLI command.
There was a problem hiding this comment.
If previous parts add kube-, here need to add too for consistence.
|
Added new comments. Once addressed per the comments, the PR will be lgtm, thanks |
mburke5678
force-pushed
the
add-note-openshift-projects
branch
5 times, most recently
from
9c7b371 to
9cba71c
Compare
There was a problem hiding this comment.
Thanks! Cut and paste error. I always do that, then wonder why Travis fails!
adellape
added
the
peer-review-done
mburke5678
force-pushed
the
add-note-openshift-projects
branch
from
9cba71c to
ff1867f
Compare
|
/cherrypick enterprise-4.2 |
|
@mburke5678: new pull request created: #20587 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cherrypick enterprise-4.3 |
|
@mburke5678: new pull request created: #20588 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/cherrypick enterprise-4.4 |
|
@mburke5678: new pull request created: #20589 DetailsIn response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
7 participants
When investigating #20318 we found a restriction against creating projects named
openshift-.This PR adds notes to the Projects assembly and creating projects modules.
20318 addresses this issue specific to Cluster Logging where the user must create the
openshift-loggingNamespace using a YAML. I didn't want to add that work around in the Projects docs.