actions/fluxcd-flux2
3
0
Fork 0
mirror of https://github.com/fluxcd/flux2.git synced 2026-02-17 21:21:51 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge pull request #5597 from anshuishere/skip-tenant-ns-create

Browse source 
Allow option to skip tenant namespace creation
This commit is contained in:
Stefan Prodan 2025-11-21 17:16:29 +02:00 committed by GitHub
commit d6dec730d8
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 60 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

47
cmd/flux/create_tenant.go
View file

@ -58,9 +58,10 @@ const (
) )
type tenantFlags struct { type tenantFlags struct {
namespaces []string namespaces []string
clusterRole string clusterRole string
account string account string
skipNamespace bool
} }
var tenantArgs tenantFlags var tenantArgs tenantFlags
@ -69,6 +70,7 @@ func init() {
createTenantCmd.Flags().StringSliceVar(&tenantArgs.namespaces, "with-namespace", nil, "namespace belonging to this tenant") createTenantCmd.Flags().StringSliceVar(&tenantArgs.namespaces, "with-namespace", nil, "namespace belonging to this tenant")
createTenantCmd.Flags().StringVar(&tenantArgs.clusterRole, "cluster-role", "cluster-admin", "cluster role of the tenant role binding") createTenantCmd.Flags().StringVar(&tenantArgs.clusterRole, "cluster-role", "cluster-admin", "cluster role of the tenant role binding")
createTenantCmd.Flags().StringVar(&tenantArgs.account, "with-service-account", "", "service account belonging to this tenant") createTenantCmd.Flags().StringVar(&tenantArgs.account, "with-service-account", "", "service account belonging to this tenant")
createTenantCmd.Flags().BoolVar(&tenantArgs.skipNamespace, "skip-namespace", false, "skip namespace creation (namespace must exist already)")
createCmd.AddCommand(createTenantCmd) createCmd.AddCommand(createTenantCmd)
} }
@ -157,7 +159,7 @@ func createTenantCmdRun(cmd *cobra.Command, args []string) error {
if createArgs.export { if createArgs.export {
for i := range tenantArgs.namespaces { for i := range tenantArgs.namespaces {
if err := exportTenant(namespaces[i], accounts[i], roleBindings[i]); err != nil { if err := exportTenant(namespaces[i], accounts[i], roleBindings[i], tenantArgs.skipNamespace); err != nil {
return err return err
} }
} }
@ -173,9 +175,11 @@ func createTenantCmdRun(cmd *cobra.Command, args []string) error {
} }
for i := range tenantArgs.namespaces { for i := range tenantArgs.namespaces {
logger.Actionf("applying namespace %s", namespaces[i].Name) if !tenantArgs.skipNamespace {
if err := upsertNamespace(ctx, kubeClient, namespaces[i]); err != nil { logger.Actionf("applying namespace %s", namespaces[i].Name)
return err if err := upsertNamespace(ctx, kubeClient, namespaces[i]); err != nil {
return err
}
} }
logger.Actionf("applying service account %s", accounts[i].Name) logger.Actionf("applying service account %s", accounts[i].Name)
@ -284,19 +288,24 @@ func upsertRoleBinding(ctx context.Context, kubeClient client.Client, roleBindin
return nil return nil
} }
func exportTenant(namespace corev1.Namespace, account corev1.ServiceAccount, roleBinding rbacv1.RoleBinding) error { func exportTenant(namespace corev1.Namespace, account corev1.ServiceAccount, roleBinding rbacv1.RoleBinding, skipNamespace bool) error {
namespace.TypeMeta = metav1.TypeMeta{ var data []byte
APIVersion: "v1", var err error
Kind: "Namespace",
}
data, err := yaml.Marshal(namespace)
if err != nil {
return err
}
data = bytes.Replace(data, []byte("spec: {}\n"), []byte(""), 1)
printlnStdout("---") if !skipNamespace {
printlnStdout(resourceToString(data)) namespace.TypeMeta = metav1.TypeMeta{
APIVersion: "v1",
Kind: "Namespace",
}
data, err = yaml.Marshal(namespace)
if err != nil {
return err
}
data = bytes.Replace(data, []byte("spec: {}\n"), []byte(""), 1)
printlnStdout("---")
printlnStdout(resourceToString(data))
}
account.TypeMeta = metav1.TypeMeta{ account.TypeMeta = metav1.TypeMeta{
APIVersion: "v1", APIVersion: "v1",

5
cmd/flux/create_tenant_test.go
View file

@ -54,6 +54,11 @@ func TestCreateTenant(t *testing.T) {
args: "create tenant dev-team --with-namespace=apps --cluster-role=custom-role --export", args: "create tenant dev-team --with-namespace=apps --cluster-role=custom-role --export",
assert: assertGoldenFile("./testdata/create_tenant/tenant-with-cluster-role.yaml"), assert: assertGoldenFile("./testdata/create_tenant/tenant-with-cluster-role.yaml"),
}, },
{
name: "tenant with skip namespace",
args: "create tenant dev-team --with-namespace=apps --cluster-role=cluster-admin --skip-namespace --export",
assert: assertGoldenFile("./testdata/create_tenant/tenant-with-skip-namespace.yaml"),
},
} }
for _, tt := range tests { for _, tt := range tests {

27
cmd/flux/testdata/create_tenant/tenant-with-skip-namespace.yaml vendored Normal file
View file

@ -0,0 +1,27 @@
---
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
toolkit.fluxcd.io/tenant: dev-team
name: dev-team
namespace: apps
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
toolkit.fluxcd.io/tenant: dev-team
name: dev-team-reconciler
namespace: apps
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: gotk:apps:reconciler
- kind: ServiceAccount
name: dev-team
namespace: apps