faros icon indicating copy to clipboard operation
faros copied to clipboard

Published 20 hours ago verified publisher icon pusher

cannot disable clustergittrackobjects CRD

Open terinjokes opened this issue 6 years ago • 2 comments

I'm looking at using Faros to manage individual namespaces, where all resources managed are namespaced. It's not currently possible to run Faros without permission to list ClusterGitTrackObjects, as the controllers don't start until after the initial informer listing.

I'm proposing a flag that could be used in conjunction with --namespace to disable support for cluster-scoped resources entirely.

terinjokes avatar May 10 '19 18:05 terinjokes

We had a chat internally about this and decided that a flag called --namespaced-only would probably be a good feature to add.

The behaviour of the flag would disable listing and watching cluster scoped resources (fixing RBAC issues) and then, in the GitTrack controller, if any resource found in the repository is not namespaced, the resource should be ignored with an appropriate error message, eg. Cluster scoped resources are not managed by this Faros

JoelSpeed avatar May 13 '19 14:05 JoelSpeed

I was thinking --no-cluster but don't want to split hairs on names. Otherwise, the behavior matches what I had in mind. I'll work on this and try to get a PR to you this week.

terinjokes avatar May 13 '19 18:05 terinjokes