Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add kubernetes namespace override #106

Merged
merged 1 commit into from
May 13, 2022
Merged

Add kubernetes namespace override #106

merged 1 commit into from
May 13, 2022

Conversation

chrisdoherty4
Copy link
Member

@chrisdoherty4 chrisdoherty4 commented May 13, 2022
edited
Loading

When launching Hegel in Kubernetes it can default, if no Kubeconfig is specified, to using the ServiceAccount configured with the Pod. The ServiceAccount is the same as the Pod deployment namespace and consequently Hegel defaults to reading from its own namespace. This isn't always desirable as users may want to place the Hardware custom resource in a different namespace.

By defaulting to in-cluster config and requiring an operator to configure RBAC and explicitly set the --kube-namespace override we have a 'secure and predictable' out of the box deployment model.

@chrisdoherty4
Add kubernetes namespace override.
ca88a0f 
When launching Hegel in Kubernetes it can default, if no Kubeconfig is
specified, to using the ServiceAccount configured with the Pod. The
ServiceAccount is the same as the Pod deployment namespace and
consequently Hegel defaults to reading from its own namespace. This
isn't always desirable as users may want to place Hardware in a
different namespace and configure the necessary RBAC rules for Hegel to
read.

Signed-off-by: Chris Doherty <[email protected]>
@chrisdoherty4 chrisdoherty4 force-pushed the feature/support-kube-namespace-override branch from f6632d3 to ca88a0f Compare May 13, 2022 00:51
@codecov
Copy link

codecov bot commented May 13, 2022
edited
Loading

Codecov Report

Merging #106 (ca88a0f) into main (7b286fd) will decrease coverage by 0.22%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##             main     #106      +/-   ##
==========================================
- Coverage   43.13%   42.90%   -0.23%     
==========================================
  Files           8        8              
  Lines         575      578       +3     
==========================================
  Hits          248      248              
- Misses        296      299       +3     
  Partials       31       31
Impacted Files Coverage Δ
hardware/client.go 0.00% <0.00%> (ø)
hardware/kubernetes.go 46.15% <0.00%> (-1.38%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 7b286fd...ca88a0f. Read the comment docs.

@chrisdoherty4 chrisdoherty4 mentioned this pull request May 13, 2022
Merged
@chrisdoherty4 chrisdoherty4 changed the title Add kubernetes namespace override. Add kubernetes namespace override May 13, 2022
micahhausler
micahhausler approved these changes May 13, 2022
View reviewed changes
Copy link
Contributor

@micahhausler micahhausler left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@chrisdoherty4 chrisdoherty4 added ready-to-merge Signal to Mergify to merge the PR. and removed ready-to-merge Signal to Mergify to merge the PR. labels May 13, 2022
@chrisdoherty4 chrisdoherty4 merged commit c296b5d into tinkerbell:main May 13, 2022
@chrisdoherty4 chrisdoherty4 deleted the feature/support-kube-namespace-override branch May 13, 2022 21:28
@micahhausler micahhausler mentioned this pull request May 13, 2022
Merged
3 tasks
mergify bot added a commit to tinkerbell/tink that referenced this pull request May 17, 2022
@mergify
Add kube namespace override and default to in cluster namespace (#622)
7b60369 
See tinkerbell/hegel#106 for explanation.
@chrisdoherty4 chrisdoherty4 mentioned this pull request May 20, 2022
Merged
mergify bot added a commit to tinkerbell/smee that referenced this pull request May 23, 2022
@mergify
Add Kubernetes namespace override flag (#275)
625c6bc 
Add Kubernetes namespace override. See tinkerbell/hegel#106 for more details.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jacobweinstock jacobweinstock jacobweinstock approved these changes

@micahhausler micahhausler micahhausler approved these changes

@mmlb mmlb Awaiting requested review from mmlb

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@chrisdoherty4 @micahhausler @jacobweinstock