Skip to content

KEP: Centralized Namespace Management Across ManagedClusterSets #147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Aug 27, 2025
Merged

KEP: Centralized Namespace Management Across ManagedClusterSets #147

merged 5 commits into from
Aug 27, 2025

Conversation

@jnpacker
Copy link
Member

@jnpacker jnpacker commented Jul 14, 2025

  • Add support for Globally defined namespace(s) on the ManagedClusterSet
  • Support RBAC via ClusterPermissions for the Globally defined namespace(s)

@jnpacker
KEP: Centralized Namespace Management Across ManagedClusterSets
ea924a9 
 * Add support for Globally defined namespace(s) on the ManagedClusterSet
 * Support RBAC via ClusterPermissions for the Globally defined namespace(s)

Signed-off-by: Joshua Packer <[email protected]>
@openshift-ci openshift-ci bot requested review from deads2k and qiujian16 July 14, 2025 18:29
@jnpacker
Copy link
Member Author

jnpacker commented Jul 14, 2025

#146

qiujian16
qiujian16 reviewed Jul 15, 2025
View reviewed changes
enhancements/sig-architecture/146-fleet-namespaces/README.md Outdated

#### Story 1
Create a Global Namespace, this namespace will be created on all Managed Clusters in a Managed Cluster Set, and
the appropriate Cluster Permissions will be applied.
Copy link
Member

@qiujian16 qiujian16 Jul 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if we create a managedclusterbinding that binds a clusterset to a namespace, does it mean we should sync the namespace that creates managedclusterbinding to all clusters? It seems we can add a spec field in managedclusterbinding to achieve that.

Copy link
Member Author

@jnpacker jnpacker Jul 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That was one of two options I was thinking. Either we use the existing binding and just include a field as you mentioned or we create a new resource to track it.

The field is much less invasive, and we already have the namespace binding.

Copy link
Member

@qiujian16 qiujian16 Jul 21, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, I think having a field in the managedclustersetbinding indicating "this clustersetbindings needs namespace to be synced to all managed clusters" makes sense, and it could be disabled by default which ensure the backward compatibility.

@qiujian16
Copy link
Member

qiujian16 commented Aug 27, 2025

/approve
/lgtm

@openshift-ci openshift-ci bot added the lgtm label Aug 27, 2025
@openshift-ci
Copy link

openshift-ci bot commented Aug 27, 2025

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: jnpacker, qiujian16

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@qiujian16 qiujian16 mentioned this pull request Aug 27, 2025
Merged
@openshift-merge-bot openshift-merge-bot bot merged commit 8ccbe0f into open-cluster-management-io:main Aug 27, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@qiujian16 qiujian16 qiujian16 left review comments

@deads2k deads2k Awaiting requested review from deads2k

Assignees

@qiujian16 qiujian16

Labels

approved lgtm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jnpacker @qiujian16