openfaas-operator
openfaas-operator copied to clipboard
openfaas
[Feature] Add support for managing multiple-namespaces
Expected Behaviour
Add support for the namespaces endpoint, as per faas-netes
Current Behaviour
Currently unavailable (404)
Possible Solution
- Quick fix / work-around: implement a stub that returns the default namespace
- Longer term fix: copy patches from faas-netes, test e2e with the operator
Related: #91
cc @stefanprodan @LucasRoesler
In order to have this working e2e, we may also need (via Bruno):
- Make the operator watch resources across all Kubernetes namespaces.
- Introduce the required RBAC policies (cluster role and cluster role binding).
- Copy whatever faas-netes is doing as per openfaas/faas-netes#511.
A quick-fix has been implemented to return the default namespace, but we still need to add support for managing/fetching valid namespaces.
To avoid using a cluster role, we could add a flag with a list of namespaces to the operator cmd. At startup we would create a controller per namespace that runs in is own go routine. I think this way we can bind the operator service account to each namespace with a role binding.
@stefanprodan I think that approach is over-complicated and error prone. What is the issue with using a cluster role?
We've discussed this and see pros/cons in both approaches. Since the optional ClusterRole is available for faas-netes, we want to copy that approach and then revisit once we have parity.
See https://github.com/openfaas/faas-netes/issues/511 for how this was completed in other components.
@adamjohnson01 did you have any questions? Feel free to coordinate with @stefanprodan and @LucasRoesler
@alexellis, I did not get much time this weekend but I have started going through the code.