-
Story
-
Resolution: Done
-
Undefined
-
None
-
0.3.0 [R4], 0.2.0 [R3], 0.4.0 [R5]
-
None
-
False
-
None
-
False
-
No
As a user, I want the option to specify namespace label selector(s) in the policy/inventory CRs. The operator would then treat any namespace(s) with said selector as valid "connection namespaces", thus allowing connections from those namespaces.
per rhn-gps-rspazzol - "Namespaces come and go, so If one has to list the exact namespaces in that policy one would have to update the CR every time a namespace is added or removed. Instead, having a namespace label selector would make the list of namespaces dynamic with a configuration that does not have to change. This is how a label selector works: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/."
"What if you want to choose only the namespaces where the label is `foo: bar`?"
The result of this change would be a new *metav1.LabelSelector field.
In the DBaaSPolicy object, this would look like the following -
spec:
connections:
nsSelector:
matchExpressions:
- key: test
operator: NotIn
values:
- production
matchLabels:
- foo: one
- two: bar
In the DBaaSInventory object, this would look like the following -
spec:
policy:
connections:
nsSelector:
matchExpressions:
- key: test
operator: NotIn
values:
- production
matchLabels:
- foo: one
- two: bar
As part of this, we’ll restructure the current policy type/object(s) which will require new versions of both the DBaaSPolicy & DBaaSInventory APIs.
MVP for R4 will look like this -
spec:
connectionNsSelector:
matchExpressions:
- key: test
operator: NotIn
values:
- production
matchLabels:
- foo: one
- two: bar
- is depended on by
-
DBAAS-969 Policy usability improvement
-
- Closed
-
