[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
[che-dev] Add metadata.namespace to Devfile
|
- From: Lukas Krejci <lkrejci@xxxxxxxxxx>
- Date: Wed, 6 Nov 2019 15:16:50 +0100
- Autocrypt: addr=lkrejci@xxxxxxxxxx; keydata= mQENBF2dCOgBCAD5/JOv9+R+U/WliRugBDM39G42porWn4cxg3n0XnTsAPOGw4uEycm9qyYj PZ6Dx2/wWVFvjX1FOMFoSbiQF/7VsiafZy0g4a5J97SFTWZXwBqYqVInOfxHUFAegSqDEJ32 E7b8I/NivMl1/nIYgFogC1UJJ0TrfyjGeBKuXVPruTQeelqlQCi6Yoy43VoyZoWsYcrZQ9kc vDGvCAC2xkk42o8ARYuWNZkan8Q+KRLnroacAV07DslgTyBo1tobNw+uVzMhsbvK1HyVfjLt ceaBVFGy9CtTnZHY4zQ/aqjPdehZ6j53X7Mbzieckc81Rwm4PxojbWJ4pdVsjP2xHyTtABEB AAG0IUx1a2FzIEtyZWpjaSA8bGtyZWpjaUByZWRoYXQuY29tPokBVAQTAQgAPhYhBNUZeXTR D+fLJbwoiCLB0ImKMx/LBQJdnQjpAhsDBQkB4TOABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheA AAoJECLB0ImKMx/LNh8IAJczCeBkCcGPTj+YVGvDR4Bs5YNv9FtNlrTI7J9MPx92QJRBYWfO REtHMBj0BaU663rJEA46Zr8rThAXWAAOKkUPWUZSqhzLSsbEeI2imtkADqDf9cpm5WtRnLoa t5L/EYRYhZjChnrCPaP9P+F5w5VtqepohvnRQiYeBPvzkQpkz0zyP/ynLT75mv4TJiUKrgQq zo+NRfCR/cpQna7cnT88FgDeMrI+qCBkIoLxiHjAKE9dTPHlyBPwb+f15WAOkoIYvvNWTZ5B MRAKMmYGm1PBh7zVzKGA/DTH3/rHlgzFeyksoDhPMdwSJuxlHztHwJQR+iixhWhPuQLi24xz F4y5AQ0EXZ0I6AEIAOKT6aZwXMRGUsU/aeuGP/i49BE9PoBXfcc94ReOHdpI7nPxH26YRras +SoYsFUl7WZiBoxtceLnP1mxLPXqlbKRCmCx7Td7LSB6btLiT6tc8rMmZ9CZMUd86DmAaEM8 yma+che9uSPdRFSOhI1V3mvHlslQ9O3UlGUWXY/G2v0T88lXsW874RXgtpnoMVArZmnkUzma 5ykTrz8+f1f/nPaJ3sPp6bMg56zW2NI2G+3wknu6c/QmRDXQ0XQUH4ZQ6Wd/Fjz2hdIpPyw4 e1b1OCVhkLsAOM5A9bMx7FBz1BYK+mc1mF+q58oKO3+gN0IVz8SPuhwKNc5cYIuvnMuSUGEA EQEAAYkBPAQYAQgAJhYhBNUZeXTRD+fLJbwoiCLB0ImKMx/LBQJdnQjoAhsMBQkB4TOAAAoJ ECLB0ImKMx/LIyoH/jXT2J4T4eNcNPUeCfHMCvitWW+Zf8l4gCWnxYJL2nieguc68sPDBXuT 36gSzWSncz0g+UqRysV69zY9ZdcuZrcNWQuo5RKVXUDKGZ+2iRGvKc0k4Cce4w4cO6iMeL7N Rm6VtmJ60bUUpQboPEzaxns5cqgRmJTsr9YVfeptrr1e9U5xIROILu4tJpK6DMgwTNC3EsVI N9GiFy+Kb44ccz7wKhBXKZe0ghiZzlsjpEeY/aijW6I48kO7xiYFM7DWySXHP5nnK5Nf0k7p WH2pd0YlG9IRni4Lts2ILmvZHrHN1PT75GRmVMosMrSh4Zv+r15z3Zvar0aiyoojZd3u/tc=
- Delivered-to: che-dev@xxxxxxxxxxx
- List-archive: <https://www.eclipse.org/mailman/private/che-dev>
- List-help: <mailto:che-dev-request@eclipse.org?subject=help>
- List-subscribe: <https://www.eclipse.org/mailman/listinfo/che-dev>, <mailto:che-dev-request@eclipse.org?subject=subscribe>
- List-unsubscribe: <https://www.eclipse.org/mailman/options/che-dev>, <mailto:che-dev-request@eclipse.org?subject=unsubscribe>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.1
Hi all,
We're adding the ability to specify the namespace in which a workspace
should be created and we are thinking where is the best place to put it.
Kubernetes objects have a optional "metadata.namespace" field, that
defaults to "default" or whatever is supplied as -n to kubectl.
This led us to the idea that devfile, too, should have such a field with
very similar semantics:
* optional with the default determined by the Che server (using our
config vars for specifying the namespace)
* non-editable
This has some nice consequences:
* it would bring devfile yet another tiny bit closer to other k8s objects
* because namespace would become part of the devfile model, it would be
consistent with all other devfile value overrides I asked about in my
previous email
(https://www.eclipse.org/lists/che-dev/msg03420.html).
Not having the namespace in the devfile model would require special
handling of the namespace in our REST API - both in factory and the
workspace APIs, which seems a little bit ugly compared to "just override
it as any other devfile attribute".
WDYT? Do you have some concerns about this idea? Do you have some
alternative proposals that would make workspace namespace nicely
integrated into our APIs?
For those concerned about the possible security issues (like for example
trying to submit a malicious devfile into kube-system namespace), the
ability to specify a user-defined namespace can be switched off
completely in the che server and our service account can be configured
with limited ability to deploy stuff in certain namespaces.
Thanks,
Lukas
Attachment:
signature.asc
Description: OpenPGP digital signature
