weave-gitops icon indicating copy to clipboard operation
weave-gitops copied to clipboard

Published 20 hours ago verified publisher icon weaveworks

SPIKE: Hierarchical namespaces

Open ozamosi opened this issue 2 years ago • 1 comments

Does hierarchial namespaces solve gitops phase 2 problems?

ozamosi avatar Aug 24 '22 13:08 ozamosi

Outcomes:

HNS controller offers excellent flexibility in creating namespaces in a restricted cluster.

For example, Team Denim members can only work in the team-denim namespace. With the HNS controller installed, team members can freely create their sub-namespaces inside team-denim namespaces.

HNS controller's sub-namespaces are the real namespaces. They can contain normal K8s workloads. Their set of permissions is inherited from the parent namespace.

Limitations:

  • It's not a native K8s capability. The platform operator is required to install the HNS controller beforehand.
  • Although sub-namespaces are the real namespaces, we need to manage them via the Custom Resource provided by the controller. We cannot use Namespace APIs to manage them directly.

chanwit avatar Aug 25 '22 11:08 chanwit