Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Namespaced Managed Resources #251

Open
ctrox opened this issue Mar 9, 2021 · 8 comments · May be fixed by #541
Open

Support Namespaced Managed Resources #251

ctrox opened this issue Mar 9, 2021 · 8 comments · May be fixed by #541
Labels
enhancement New feature or request proposal stale wontfix This will not be worked on

Comments

@ctrox
Copy link

ctrox commented Mar 9, 2021

What problem are you facing?

Right now, crossplane-runtime does not formally support namespaced managed resources. It kind of works and only breaks if certain features are used. Because we (my team and I) were unaware that this was unintentional, we simply started using it.

How could Crossplane help solve your problem?

It would be great if crossplane-runtime formally supported namespaced managed resources. I initially thought this was a bug, but it turns out this was simply not intended to work. But most of crossplane-runtime already works when using a namespaced managed resource, just by instructing kubebuilder: +kubebuilder:resource:scope=Namespaced. While we are aware of all the other Crossplane constructs that allow to have namespaced resources (compositions, publications etc.), it introduces a lot of configuration overhead, where we just could use the managed resource directly for some resources.

After a few glances at the code, it seems only a few changes here and there would be required to make references, externalName etc. work properly with namespaced resources. If you are not totally opposed to this, I can offer to contribute the required changes.

@negz
Copy link
Member

negz commented May 8, 2021

Thanks for raising this! While I agree it would be technically straightforward to support namespaced managed resources, I'm quite wary to do so primarily out of concern about the cognitive and logical burden it would introduce - e.g. both Crossplane users and Crossplane code would need to be able to account for whether a particular managed resource was namespaced or cluster scoped. How would a provider author determine whether their managed resource should be namespaced or cluster scoped?

I'd love to hear more about your use cases for namespaced managed resources. As you point out, Crossplane's approach is to encourage you to abstract your managed resources via an XR and to offer a namespaced claim.

@nekto0n
Copy link

nekto0n commented Aug 4, 2021

Hey there! One possible user story could go like this:

I am on the infrastructure team at my company and we want to offer Azure (AKS in particular) as a service for engineers via crossplane controller. We want to be able to apply policies, grant permissions, attach quotas and perform cost and audit control.

It seems that logical to achieve this by using namespaces to get k8s native tools to work (RBAC, etc). Does that sound like a legit case?

@hikhvar
Copy link

hikhvar commented Oct 26, 2021

For our usecase namespaced managed resources would allow us to easily delete all resources created for a deployment. We create a namespace per application. To remove an application we simply delete the namespace and all resources for that application are gone. With non-namespaced crossplane resources we must also label the resources and must know which resources are created by the application.

@negz
Copy link
Member

negz commented Nov 22, 2021

I am on the infrastructure team at my company and we want to offer Azure (AKS in particular) as a service for engineers via crossplane controller. We want to be able to apply policies, grant permissions, attach quotas and perform cost and audit control.

Crossplane is designed to support this via resource claims (which are namespaced). The idea is that you'd offer AKS as a service via a claim, not via the 'raw' managed resources.

For our usecase namespaced managed resources would allow us to easily delete all resources created for a deployment. We create a namespace per application. To remove an application we simply delete the namespace and all resources for that application are gone. With non-namespaced crossplane resources we must also label the resources and must know which resources are created by the application.

FWIW, I believe this is also something you could do with claims. Deleting a namespace containing Crossplane composite resource claims (XRCs) would cause the claims to be deleted, which in turn would delete the XR and all composed resources.

Generally, I don't think we'll be adding support for namespaced managed resources - at least not without a major version bump. I will leave this issue open to gather more feedback.

@negz negz added the proposal label Nov 22, 2021
@nekto0n
Copy link

nekto0n commented Dec 20, 2021

Crossplane is designed to support this via resource claims (which are namespaced). The idea is that you'd offer AKS as a service via a claim, not via the 'raw' managed resources.

Got it! Please correct me if I got the idea wrong: if infrastructure owners want to expose all available AWS resources as claims, they need to manually create corresponding claim CRDs. Are there any means to automate this procedure?

@luebken
Copy link

luebken commented Dec 20, 2021

Mr @benagricola has created a generator https://github.com/benagricola/crossplane-composition-generator

It's on my to do list to give it a try.

@stale
Copy link

stale bot commented Aug 13, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Copy link

github-actions bot commented Sep 4, 2024

Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as stale because it has had no activity in the last 90 days. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.

@github-actions github-actions bot added the stale label Sep 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request proposal stale wontfix This will not be worked on
Projects
None yet
5 participants