faros icon indicating copy to clipboard operation
faros copied to clipboard

Published 20 hours ago verified publisher icon pusher

Add Namespace defaulting

Open JoelSpeed opened this issue 6 years ago • 3 comments

If we parse a file that has no namespace set, it should default to the namespace that the controller is running in (if restricted to a namespace) or to the default namespace if Faros is running cluster wide

JoelSpeed avatar Feb 06 '19 11:02 JoelSpeed

To accommodate this I would recommend adding an optional field like defaultNamespace to the GitTrack spec. If defaultNamespace is not specified then the resource should not apply. That said, the philosophy of the GitOps pattern is to apply exactly what is in git to the cluster without modification. I would not want the default behavior to start applying resources in the current (or default) namespace.

tshak avatar Feb 12 '19 14:02 tshak

To accommodate this I would recommend adding an optional field like defaultNamespace to the GitTrack spec.

I don't think this is necessary as there is a --namespace flag for the controller itself which would define the behaviour. If the --namespace flag is empty then the controller operates across all namespaces and would default resources with namespace: "" to namespace: "default" (this is the behaviour of kubectl.

If the controller --namespace flag is set, then this is the same as setting the default context for kubectl, and so it would default resources with namespace: "" to whichever namespace is set by the flag.

In the GitOps model this shouldn't be necessary as people should be setting the namespace field in their YAML but it could be a nice feature to have (to match kubectl behaviour).

That said, the philosophy of the GitOps pattern is to apply exactly what is in git to the cluster without modification.

I'm not sure I entirely agree with this, most GitOps controllers I have seen fork out to kubectl for applying resources to clusters, leveraging kubectl applys three way merging. In this case, the namespace defaulting would occur anyway.

I would not want the default behavior to start applying resources in the current (or default) namespace.

I think it would be best to make this the default behaviour at the controller level but have a flag that could disable it and cause namespaces with no namespace to be considered invalid

JoelSpeed avatar Feb 18 '19 10:02 JoelSpeed

Thanks for the detailed response. I think you made a strong case for --namespace being sufficient.

tshak avatar Feb 19 '19 11:02 tshak