Allow multi namespace cache scoping #1341
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Note to reviewers: remember to look at the commits in this PR and consider if they can be squashed
Summary Of Changes
Allows scoping the cache namespace to more than 1 namespace if
OPERATOR_SCOPE_NAMESPACE
is a comma delimited list.Additional Context
If someone needed to configure their RBAC with non-cluster
roles
androlebindings
they would be unable to run the operator. This project requires access to a lot of resources and not everyone's security stance allows for usingclusterroles
.Without providing
OPERATOR_SCOPE_NAMESPACE
and usingrole
instead ofclusterrole
you get errors such asand a similar error if a resource is added in a namespace not covered by
OPERATOR_SCOPE_NAMESPACE
.Without this change, it's only possible to scope the cache to a single namespace, and this allows for scoping to a list of namespaces.
Local Testing
Please ensure you run the unit, integration and system tests before approving the PR.
To run the unit and integration tests:
You will need to target a k8s cluster and have the operator deployed for running the system tests.
For example, for a Kubernetes context named
dev-bunny
: