Ask questionsSupport Any Additional resource
<!-- Yay, it look you're enjoying Capsule and, first, thanks for that!
We're trying to build a community drive Open Source project, so don't hesitate proposing your enhancement ideas: keep in mind, since we would like to keep it as agnostic as possible, to motivate all your assumptions.
If you need to reach the maintainers, please join the Clastix Slack workspace:
https://clastix.slack.com, #capsule channel.
I would like to have a generic approach on resources, which are created for each new namespace belonging to a tenant. The same behavior that
.spec.networkPolicies already implement, but for any kubernetes resource.
As of why:
We are currently moving to Cilium Network Policies, and we would require each namespace to implement those policies (same could also apply for calico resources or really anything else). So instead of writing an own workaround, it would make sense to be able to declare something like this:
--- apiVersion: capsule.clastix.io/v1beta1 kind: Tenant metadata: name: gas spec: additionalResources: - apiVersion: "cilium.io/v2" kind: CiliumNetworkPolicy metadata: name: "l3-rule" spec: endpointSelector: matchLabels: role: backend ingress: - fromEndpoints: - matchLabels: role: frontend
How would the new interaction with Capsule look like? E.g.
A clear and concise description of what you expect to happen.
When I have defined
.spec.additionalResources on a tenant, those resources are created for each namespace that is assigned or created in that tenant.
Answer questions bsctl
@oliverbaehler thanks for suggesting this improvement. I think this will require some sort of refactoring of the code. Let's to see what @prometherion says.
Related questionsNo questions were found.