Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-2913

ACM "lookup" functionality for included or current namespace

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Normal Normal
    • ACM 2.8.Z
    • None
    • GRC
    • ACM "lookup" functionality for included or current namespace
    • False
    • None
    • False
    • Not Selected
    • To Do
    • ACM-1215 - ACM Advanced features in Templatized Policies
    • ACM-1215ACM Advanced features in Templatized Policies

      *<--- Cut-n-Paste the entire contents of this description into your new
      Epic --->*

      Epic Goal

      ...
      Customer is using a "Policy" object to create Kubernetes objects in certain clusters. The customer is looking for a way to access the name of the namespace where the Kubernetes object is created in.

      So for example if they set the "namespaceSelector" to include some namespaces. The customer would like to access the names of the included namespaces in the "lookup" query. See the example policy below.

      Alternatively, this requests looks at a way (variables or similar) to refer to the currently defined namespace in a "Policy".

      apiVersion: policy.open-cluster-management.io/v1
kind: Policy
...
spec:
  policy-templates:
    - objectDefinition:
    ...
        spec:
          namespaceSelector:
            include:
              - poi-accos-dev
              - poi-ebilling-dev
          object-templates:
            - complianceType: musthave
              objectDefinition:
                apiVersion: networking.k8s.io/v1
                kind: NetworkPolicy
                metadata:
                  name: allow-from-accos-ebilling-dev-projects
                spec:
                  ingress:
                  - from:
                    - namespaceSelector:
                        matchLabels:
                          poi-network-access:  '{{ (lookup "v1" "Namespace" "<NAMESPACE_NAME>" "<NAMESPACE_NAME>").metadata.labels.poi-network-access }}'
                  podSelector: {}
                  policyTypes:
                  - Ingress

      Why is this important?

      ...

      Scenarios

      ...

      Acceptance Criteria

      ...

      Dependencies (internal and external)

      1. ...

      Previous Work (Optional):

      1. ...

      Open questions:

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
        Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub
        Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

        1.
        		 Task: Implement namespace context variable Sub-task New Undefined Unassigned

            rhn-support-cstark Christian Stark
            rhn-support-cstark Christian Stark
            Derek Ho Derek Ho
            Matthew Prahl Matthew Prahl
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: