Sandbox replacement leftovers (#76)

kubesaw · Sep 13, 2024 · b9a725f · b9a725f
1 parent 1fbffd4
commit b9a725f
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 4 deletions.
diff --git a/README.adoc b/README.adoc
@@ -193,6 +193,35 @@ serviceAccounts:
       - ...
 ```
 
+===== ServiceAccount namespace location
+
+By default, all `ServiceAccounts` are created in default namespaces:
+
+* `kubesaw-admins-host` for the host cluster
+* `kubesaw-admins-meber` for the member cluster
+
+The default location can be changed in `kubesaw-admin.yaml` file:
+
+```yaml
+defaultServiceAccountsNamespace:
+  host: your-host-namespace
+  member: your-member-namespace
+```
+
+These two namespaces has to have different names.
+
+It's also possible to override the namespace location for a given `ServiceAccount`:
+
+```yaml
+serviceAccounts:
+- name: in-namespace-sa
+  namespace: specific-sa-namespace
+  host:
+    ...
+  member:
+    ...
+```
+
 ===== Generate ksctl.yaml files
 
 For each ServiceAccount defined in this section, the `ksctl generate cli-configs` generates a separate `ksctl.yaml` file with the corresponding cluster configuration and tokens. As an administrator of the clusters, run this command and distribute securely the generated `ksctl.yaml` files to other team members.
@@ -201,7 +230,7 @@ For each ServiceAccount defined in this section, the `ksctl generate cli-configs
 1. Run `make install`
 2. Create `kubesaw-admins.yaml` (as an example, check link:test-resources/dummy.openshiftapps.com/kubesaw-admins.yaml[kubesaw-admins.yaml])
 3. Run `ksctl generate admin-manifests --kubesaw-admins <path>/kubesaw-admins.yaml --out-dir <admin-manifests-out-dir-path>`
-4. Create resources from the `<admin-manifests-out-dir-path>` of the previous command. Please, note that you will need to create some namespaces manually (`oc create ns <namespace-name>`), such as `sandbox-sre-host`, `first-component`, `second-component`, `some-component`, `sandbox-sre-member`, and `crw`, for example.
+4. Create resources from the `<admin-manifests-out-dir-path>` of the previous command. Please, note that you will need to create some namespaces manually (`oc create ns <namespace-name>`), such as `host-sre-namespace`, `first-component`, `second-component`, `some-component`, `member-sre-namespace`, and `crw`, for example.
 - Run `oc apply -k <admin-manifests-out-dir-path>/host`
 - Run `oc apply -k <admin-manifests-out-dir-path>/member`
 - Run `oc apply -k <admin-manifests-out-dir-path>/member-3`

diff --git a/pkg/cmd/adm/adm.go b/pkg/cmd/adm/adm.go
@@ -10,7 +10,7 @@ func NewAdmCmd() *cobra.Command {
 	admCommand := &cobra.Command{
 		Use:   "adm",
 		Short: "Administrative Commands",
-		Long:  `Actions for administering Dev Sandbox instance.`,
+		Long:  `Actions for administering a KubeSaw instance.`,
 	}
 	registerCommands(admCommand)
 

diff --git a/pkg/cmd/generate/cluster.go b/pkg/cmd/generate/cluster.go
@@ -20,7 +20,7 @@ func ensureServiceAccounts(ctx *clusterContext, objsCache objectsCache) error {
 			continue
 		}
 
-		// by default, it should use the sandbox sre namespace. let's keep this empty (if the target namespace is not defined) so it is recognized in the ensureServiceAccount method based on the cluster type it is being applied in
+		// let's keep this empty (if the target namespace is not defined) so it is recognized in the ensureServiceAccount method based on the cluster type it is being applied in
 		saNamespace := ""
 		if sa.Namespace != "" {
 			saNamespace = sa.Namespace

diff --git a/pkg/cmd/generate/permissions_test.go b/pkg/cmd/generate/permissions_test.go
@@ -109,7 +109,7 @@ func TestEnsureServiceAccount(t *testing.T) {
 
 		// when
 		subject, err := ensureServiceAccount("openshift-customer-monitoring")(
-			ctx, cache, "john", "sandbox-sre-host", labels)
+			ctx, cache, "john", "default-ns-is-ignored", labels)
 
 		// then
 		require.NoError(t, err)