[Helm] Remove if-else handling of the namespace key about k8s HOT 6 CLOSED

So would it be enough to simply remove the if namespace? Personally, I think it's not our task to educate developers on Kubernetes and/or helm best practices. We should provide the capabilities of following those best practices but make default one-off installations helm install [-set demo=true] ory/hydra very easy

from k8s.

Yes, I think we should remove the if namespace conditionals. Then, we have a couple of options:

1. noop: do nothing more; helm writes the namespace key by default, and kubelet would add default if manifest was missing the namespace key

2. neutral: we can specify that developers should deploy sensitive resources separately) in the chart documentation and values file — but it's is up to them to figure out the way to do it

3. proactive: drop silent dependency on .Release.Namespace (keeping it as a fallback) and guide/enable users to separate resources into multiple namespaces via values.yaml:

   namespaces: 
       internal: "security"
       external: "edge"

   (e.g. Ingress would go into external, Deployment, ConfigMap, Secret — internal).

   If not specified — all resources will be deployed to .Release.Namespace which comes from either --namespace argument or is default.

4. extreme: enforce namespacing of resources by removing Release.Namespace fallback for sensitive objects — either:

   • require internal to be specified in values.yaml
     OR
   • prohibit use of default regardless of where it was specified.

from k8s.

The noop only works with helm install, not helm template, which is why it was added in the first place!

from k8s.

I implemented the noop changes in #21 and it seems to work correctly when running helm template (see the rendering I posted). Let me know your thoughts.

from k8s.

I think we can close this, right? :)

from k8s.

Yup. Further improvements via follow up (you could open it as RFC / Feedback)

from k8s.