-
-
Notifications
You must be signed in to change notification settings - Fork 257
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Helm] Remove if-else handling of the namespace key #19
Comments
So would it be enough to simply remove the |
Yes, I think we should remove the
|
The |
I think we can close this, right? :) |
Yup. Further improvements via follow up (you could open it as RFC / Feedback) |
Since 09b61e5 we added a
namespace
key to the kubernetes manifests generated in Hydra helm chart. I hoped to address it via #15 & #18, but perhaps it's better to discuss here.First of all, Helm always writes a namespace, and more than that kubernetes doesn't have a notion of "no namespace" — rather they have a "default". The principles of working with namespaces are decided by the owner of the cluster, and it is most common to separate it into
staging
/prod
, for multiple versions of the same grouping of applications, and/or define layers and semantic groupings in the cluster such ascore
,monitoring
,edge
, etc.Then, Helm never actually deploys without a namespace. If you template the current chart you will see that helm will ignore the
if-else
clause by the virtue of specifying the namespacedefault
.Lastly, it is a common administrative practice to forbid deployment to
default
for reasons of security and clear team/org boundaries. But this is not be the case for someone trying out a chart in minikube or on their personal cloud.With these in mind, I usually specify
namespace
key explicitly, as we already did, to bring the template and the result of helm's execution closer together (no magic keys appearing, everything is easily readable in either form, and easy to compare). It does not need a conditional. We should advise deployment in a dedicated namespace (also protects secrets).The text was updated successfully, but these errors were encountered: