Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Simple implementation of control naming of namespaces #34

Closed
gabrilabs75 opened this issue Aug 5, 2020 · 3 comments · Fixed by #41
Closed

Simple implementation of control naming of namespaces #34

gabrilabs75 opened this issue Aug 5, 2020 · 3 comments · Fixed by #41
Assignees
@prometherion
Labels
enhancement New feature or request

Comments

@gabrilabs75
Copy link
Contributor

gabrilabs75 commented Aug 5, 2020
edited by prometherion

Describe the feature

We may need a simple implementation of control naming of namespaces.
Currently during creation of a new namespace by tenant-owner we receive an error message from k8s if the name of our selected namespace is already used by another tenant.

For example:

[ansible@k8s-caas-ansible-installer ~/capsule/hack]$ kubectl create ns production
Error from server (AlreadyExists): namespaces "production" already exists

What would the new user story look like?

  1. Tenant owner creates a new Namespace (eg. production like the example above)

  2. Capsule creates the new namespace having the name "tenantname-production" where the "tenantname" is the name of the tenant and "production" is the name of the namespace.

  3. This is going to be attached to the Tenant

  4. All the magic happens in the background
@gabrilabs75 gabrilabs75 added the blocked-needs-validation Issue need triage and validation label Aug 5, 2020
@bsctl
Copy link
Member

bsctl commented Aug 5, 2020
edited

@gabrilabs75 thanks for submitting this request. A control on the naming convention may have sense since it is likely that different tenant owners want to call their namespaces "production", "test", and "development".

Another viable solution is just instruct Capsule to deny the namespace creation if the name is not in the form of "tenantname"-"namespace" leaving the tenant owner to implement the naming convention himself.

Also I think this should be a configurable option in Capsule since this policy may be useful in some environments and too much annoying in other environments.

@bsctl bsctl added enhancement New feature or request needs-discussion No outline on the feature, discussion is welcome labels Aug 5, 2020
@prometherion
Copy link
Member

Another viable solution is just instruct Capsule to deny the namespace creation if the name is not in the form of "tenantname"-"namespace" leaving the tenant owner to implement the naming convention himself.

I guess this should be the preferred implementation, maybe providing a simple boolean flag to the CLI as --force-tenant-prefix.

tl;dr; with --force-tenant-prefix as true the validation webhook will ensure the desired pattern, otherwise, it will reject the request.

WDYT @gabrilabs75?

@gabrilabs75
Copy link
Contributor Author

@prometherion it seems to be perfect for our scope...
Thanx in advance!

@prometherion prometherion removed the blocked-needs-validation Issue need triage and validation label Aug 6, 2020
@prometherion prometherion self-assigned this Aug 6, 2020
@prometherion prometherion removed the needs-discussion No outline on the feature, discussion is welcome label Aug 6, 2020
@prometherion prometherion mentioned this issue Aug 6, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prometherion prometherion

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Programmatic Tenant prefix for the Capsule namespaces projectcapsule/capsule
3 participants
@bsctl @prometherion @gabrilabs75