Comments (6)
So would it be enough to simply remove the if namespace
? Personally, I think it's not our task to educate developers on Kubernetes and/or helm best practices. We should provide the capabilities of following those best practices but make default one-off installations helm install [-set demo=true] ory/hydra
very easy
from k8s.
Yes, I think we should remove the if namespace
conditionals. Then, we have a couple of options:
-
noop: do nothing more; helm writes the namespace key by default, and kubelet would add
default
if manifest was missing the namespace key -
neutral: we can specify that developers should deploy sensitive resources separately) in the chart documentation and values file — but it's is up to them to figure out the way to do it
-
proactive: drop silent dependency on
.Release.Namespace
(keeping it as a fallback) and guide/enable users to separate resources into multiple namespaces viavalues.yaml
:namespaces: internal: "security" external: "edge"
(e.g. Ingress would go into
external
, Deployment, ConfigMap, Secret —internal
).If not specified — all resources will be deployed to
.Release.Namespace
which comes from either--namespace
argument or isdefault
. -
extreme: enforce namespacing of resources by removing
Release.Namespace
fallback for sensitive objects — either:- require
internal
to be specified in values.yaml
OR - prohibit use of
default
regardless of where it was specified.
- require
from k8s.
The noop
only works with helm install
, not helm template
, which is why it was added in the first place!
from k8s.
I implemented the noop
changes in #21 and it seems to work correctly when running helm template
(see the rendering I posted). Let me know your thoughts.
from k8s.
I think we can close this, right? :)
from k8s.
Yup. Further improvements via follow up (you could open it as RFC / Feedback)
from k8s.
Related Issues (20)
- hydra helm image update to 2.1? HOT 1
- Inconsistency with service account annotations on maester charts
- OathKeeper Default Helm Chart Issue | Pod throwing 503. HOT 11
- Extend Test Helm Charts for Hydra, Keto and Oathkeeper to allow user defined labels for test pod HOT 1
- Warning when setting a namespaces location in keto HOT 3
- deploy image of oathkeeper-maester to arm64 HOT 4
- Helm Chart Missing Keto Link
- failed to download "https://k8s.ory.sh/helm/charts/kratos-0.36.0.tgz" at version "0.36.0" HOT 1
- Unable to rotate secretsCookie in k8s helm chart HOT 1
- 0.37 release is wrongly numbered HOT 1
- Hydra helm chart values miss hydra.config examples. HOT 2
- Hydra Maester chart does not allow env variables, but maester v0.0.31 requires it
- Kratos selfservice UI incorrectly supports `BASE_PATH`
- Ory hydra dsn configuration through existing secret causes env var to not be defined
- DSN environmental variable is not set optionally HOT 2
- Unable to use NodePort while deploying kratos and kratos-selfservice-ui-node helm charts
- Cannot "inject" values for email templates from files HOT 5
- support hooks HOT 2
- DSN is not optional for automigration HOT 5
- Allow DSN to retrieved some a separate secret
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from k8s.