Load image policies from all namespaces. #151
Conversation
Signed-off-by: Vlad Losev <vladimir.losev@sage.com>
vladlosev
force-pushed
the
misc-load-image-policies-from-all-namespaces
branch
from
3d636d7 to
0ccd0b6
Compare
|
@vladlosev thanks for taking the time to open this PR, but in its current form, we can’t accept such a change that would break everyone’s setups. A better way of doing this, without changing the default behavior, would be to introduce a namespace label selector in the API spec. |
|
Hmm, I see what you mean - you want explicit control over which I could try my hand at the API change. When you talk about the API change are you talking about one of the two approaches mentioned in #85 (comment)? If so, which one? |
|
Closing in favor of #157. |
|
@vladlosev Would it also work to define the |
|
@squaremo certainly. I'd be happy to use cross-namespace |
This PR allows the image update automation to apply image update policies from namespaces other than its own, as a quick way of implementing #85. This is done by loading the policies for consideration from all namespaces rather than from just the automation's own namespace.
In our company we have multiple semi-independent teams working on different
projects in our cluster and a single infrastructure team managing the
infrastructure for them, including the cluster itself. For the purposes of
data protection we have to keep the teams isolated, so each team has a
namespace it controls, and the infrastructure team runs the system namespaces,
including
flux-system, where the repository and image automation CRDs aredefined. The individual teams control the exact set of images they generate
and push and the image selection criteria for deployment so we want to allow
them to manage the
ImageRepositoryandImageUpdatePolicyin theirnamespaces. But with the
GitRepositoryandImageUpdateAutomationresidingin
flux-system, they can't, unless ImageUpdateAutomation can handle policiesfrom other namespaces.