Add AZURE_TARGET_NAMESPACES to restrict the namespaces the operator watches #1559
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
babbageclunk
requested review from
davefellows,
matthchr,
Porges and
theunrepentantgeek
as code owners
Codecov Report
@@ Coverage Diff @@
## master #1559 +/- ##
=======================================
Coverage 63.41% 63.41%
=======================================
Files 178 178
Lines 11739 11739
=======================================
Hits 7444 7444
Misses 3628 3628
Partials 667 667 Continue to review full report at Codecov.
|
babbageclunk
force-pushed
the
target-namespace
branch
from
6d8e301 to
8f5a23e
Compare
matthchr
approved these changes
Jun 15, 2021
This is handled in the same way as the secret naming version setting, but the more settings we add (some more are on the way), the more unwieldy it's going to be. We need to come up with a better way of making different settings testable.
Renamed them to install-tools and install-test-tools, since they're installing binaries used in the build process rather than code dependencies. Run the `go get` commands in a temp directory and dummy module so that they don't update the ASO go.mod and .sum files with dependencies that our code doesn't actually depend on.
When target namespaces are set, there's no guarantee that the operator's namespace is included. The identity finder always needs to look in the operator namespace so pass it the API reader which bypasses the filtered cache.
babbageclunk
force-pushed
the
target-namespace
branch
from
9fa403c to
1c8106d
Compare
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
Hmm, that doesn't seem good. Going to try one more time, otherwise I'm going to have to work something else out tomorrow. |
|
/azp run |
|
Azure Pipelines successfully started running 1 pipeline(s). |
|
Yay, thanks for merging @matthchr! |
1 task
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Add a new configuration value AZURE_TARGET_NAMESPACES which restricts the operator to only reconciling Azure resources within the listed namespaces (comma-separated).
This enables running multiple operators that each watch their own set of namespaces and work with different credentials.
Special notes for your reviewer:
Testing is a pain for settings like this - I've used the same approach as the secret-naming version testing for now, but we need to come up with a better way to do this. The next part of the multitenancy work is a setting to put the operator into webhook-only mode, so that will have the same problem.
How does this PR make you feel:
If applicable: