Comments (5)
xunholy
commented on June 11, 2024
This should be configurable, or at least if I specify <namespace>/<chart-name> syntax it should accept the prefix as the namespace - it could default to the namespace of the helmRelease.
from helm-controller.
hiddeco
commented on June 11, 2024
This should be configurableI would like this to be configurable, or at least if I specify<namespace>/<chart-name>syntax itshouldwould accept the prefix as the namespace - it could default to the namespace of the helmRelease.
We deliberately choose to not support this in the initial version, as we were still working out the details around RBAC and crossing namespaces in particular. This is also one of the reasons it is no longer possible to refer to ConfigMap and Secret resources in another namespaces for ValuesFrom items.
I can see the usefulness of being able to refer to a HelmRelease in another namespace, especially because otherwise it would not be possible to for example refer to a Linkerd deployment released via Helm. It also would not result in any data leaks, which is the reason we eliminated support for cross namespace ValuesFrom references.
from helm-controller.
xunholy
commented on June 11, 2024
@hiddeco I figured the secrets being used as ValuesFrom other namespaces was a realistic constraint seeing as the workload should be self-contained in the sense all of its dependencies are within the same namespace scope.
For DependsOn I can't see any real issues in terms of RBAC for chart dependencies - This is more for cluster tooling that gets deployed either by my fleet or cluster repo as I'll have things like cert-manager which deploys with service monitors which means I have a dependency on my observability charts like prometheus-operator however, I wouldn't deploy these into a singular scoped namespace as they have individual RBAC models of their own in a multi-tenant cluster.
from helm-controller.
xunholy
commented on June 11, 2024
@stefanprodan @hiddeco given the use case and how this is likely to be a valuable feature is it on the foreseeable roadmap? I'm also willing to assist where possible to help and/or contribute any required functionality or be involved in any design discussions that may need to take place.
from helm-controller.
hiddeco
commented on June 11, 2024
It is on our to-do list, and the option that has crossed our minds thus far (label selectors as a replacement for specific resource selectors) will be a breaking API change.
We can however not give a timeframe on design finalization or actual implementation at this point, as the pile of things with a short-term priority in terms of issues, design questions, and UX improvements across the GitOps Toolkit is as you can imagine still pretty high. We also prioritize Flux v1 feature parity issues at the moment, and none of the above (or even the feature as it stands right now) is available in the v1 of Flux and the Helm Operator.
In addition to all of this it comes with a couple of technical questions / challenges, for example the changes that would be required to the algorithm (Tarjan's SCC) we use for sorting.
from helm-controller.
Related Issues (20)
- HelmRelease does redundant validation on chart name HOT 1
- Missing some crucial events HOT 2
- HelmRelease verify provider gpg HOT 1
- Drift mode should detect extra properties HOT 1
- Chart version only includes git SHA at root chart HOT 2
- Only deploy prerelease versions HOT 1
- Feature Request: Replace reconciliation interval with cron schedule in HelmRelease CRD HOT 1
- [BUG] Drift Detection can not be disabled for specific resources using annotations or labels
- [BUG] memory usage grows exponentially when there are lots of CRDs HOT 2
- [BUG] Helm drift detection on configmap patching '*** (after)' instead of the actual template from the helm chart HOT 13
- Backward compatibility of helm-controller HOT 6
- FEATURE: First-class support for secret decryption HOT 1
- Unable to detect server capabilities HOT 16
- HelmRelease: CRDs of disabled subcharts get installed anyway HOT 8
- Failed to reconcile HelmRelease field immutable HOT 1
- DependsOn readiness check should only rely on Ready condition HOT 10
- (site) DependsOn does not document cross-namespace dependencies HOT 2
- Changes in postRenderers are ingored HOT 6
- v0.37.4 has CVE-2024-26147 high vulnerability HOT 1
- Flux Helm Not Removing HPA objects on upgrade HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm-controller.