usage

a k8s controller that lets an owner of a namespace create more namespaces.

this is particular useful if you have several teams using k8s, and you want to allow a team to create and delete their own namespaces, without giving them permissions to accidently break someone elses stuff.

this is for prevening accidental namespace escape. i have not actually checked if this allows intentional escape, i.e. don't use this when you dont trust your users.

example:

apiVersion: subns.subns.kraud.cloud/v1alpha1
kind: SubNamespaceClaim
metadata:
  name: sub1
  namespace: parent
spec:
  name: sub1
  roleBindings:
    - name: developers
      subjects:
      - kind: ServiceAccount
        name: bobi
        namespace: klum
      roleRef:
        apiGroup: rbac.authorization.k8s.io
        kind: ClusterRole
        name: admin

this will create an ns called parent-sub1

usage

Install the CRD:

make install

deploy the image:

kubectl apply -f prod.yaml

dev

build img:

make docker-build docker-push IMG=ctr.0x.pt/subns-controller/subns-controller:latest

Name		Name	Last commit message	Last commit date
Latest commit History 2 Commits
.devcontainer		.devcontainer
.github/workflows		.github/workflows
api/v1alpha1		api/v1alpha1
cmd		cmd
config		config
hack		hack
internal/controller		internal/controller
test		test
.dockerignore		.dockerignore
.gitignore		.gitignore
.golangci.yml		.golangci.yml
Dockerfile		Dockerfile
Makefile		Makefile
PROJECT		PROJECT
README.md		README.md
go.mod		go.mod
go.sum		go.sum
prod.yaml		prod.yaml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Repository files navigation

usage

dev

About

Uh oh!

Releases

Packages

Languages

kraudcloud/subns-controller

Folders and files

Latest commit

History

Repository files navigation

usage

dev

About

Topics

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages