*<--- Cut-n-Paste the entire contents of this description into your new
Epic --->*
Epic Goal
...
Customer is using a "Policy" object to create Kubernetes objects in certain clusters. The customer is looking for a way to access the name of the namespace where the Kubernetes object is created in.
So for example if they set the "namespaceSelector" to include some namespaces. The customer would like to access the names of the included namespaces in the "lookup" query. See the example policy below.
Alternatively, this requests looks at a way (variables or similar) to refer to the currently defined namespace in a "Policy".
apiVersion: policy.open-cluster-management.io/v1
kind: Policy
...
spec:
policy-templates:
- objectDefinition:
...
spec:
namespaceSelector:
include:
- poi-accos-dev
- poi-ebilling-dev
object-templates:
- complianceType: musthave
objectDefinition:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-accos-ebilling-dev-projects
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
poi-network-access: '{{ (lookup "v1" "Namespace" "<NAMESPACE_NAME>" "<NAMESPACE_NAME>").metadata.labels.poi-network-access }}'
podSelector: {}
policyTypes:
- Ingress
Why is this important?
...
Scenarios
...
Acceptance Criteria
...
Dependencies (internal and external)
- ...
Previous Work (Optional):
- ...
Open questions:
- …
Done Checklist
- CI - CI is running, tests are automated and merged.
- Release Enablement <link to Feature Enablement Presentation>
- DEV - Upstream code and tests merged: <link to meaningful PR or GitHub
Issue> - DEV - Upstream documentation merged: <link to meaningful PR or GitHub
Issue> - DEV - Downstream build attached to advisory: <link to errata>
- QE - Test plans in Polarion: <link or reference to Polarion>
- QE - Automated tests merged: <link or reference to automated tests>
- DOC - Downstream documentation merged: <link to meaningful PR>
- duplicates
-
ACM-2156 "lookup" functionality for included or current namespace
-
- Closed
-
1.
|
Task: Implement namespace context variable |
|
New | |
Unassigned |