diff --git a/README.adoc b/README.adoc index 13c6117..72b265f 100644 --- a/README.adoc +++ b/README.adoc @@ -193,6 +193,35 @@ serviceAccounts: - ... ``` +===== ServiceAccount namespace location + +By default, all `ServiceAccounts` are created in default namespaces: + +* `kubesaw-admins-host` for the host cluster +* `kubesaw-admins-meber` for the member cluster + +The default location can be changed in `kubesaw-admin.yaml` file: + +```yaml +defaultServiceAccountsNamespace: + host: your-host-namespace + member: your-member-namespace +``` + +These two namespaces has to have different names. + +It's also possible to override the namespace location for a given `ServiceAccount`: + +```yaml +serviceAccounts: +- name: in-namespace-sa + namespace: specific-sa-namespace + host: + ... + member: + ... +``` + ===== Generate ksctl.yaml files For each ServiceAccount defined in this section, the `ksctl generate cli-configs` generates a separate `ksctl.yaml` file with the corresponding cluster configuration and tokens. As an administrator of the clusters, run this command and distribute securely the generated `ksctl.yaml` files to other team members. @@ -201,7 +230,7 @@ For each ServiceAccount defined in this section, the `ksctl generate cli-configs 1. Run `make install` 2. Create `kubesaw-admins.yaml` (as an example, check link:test-resources/dummy.openshiftapps.com/kubesaw-admins.yaml[kubesaw-admins.yaml]) 3. Run `ksctl generate admin-manifests --kubesaw-admins /kubesaw-admins.yaml --out-dir ` -4. Create resources from the `` of the previous command. Please, note that you will need to create some namespaces manually (`oc create ns `), such as `sandbox-sre-host`, `first-component`, `second-component`, `some-component`, `sandbox-sre-member`, and `crw`, for example. +4. Create resources from the `` of the previous command. Please, note that you will need to create some namespaces manually (`oc create ns `), such as `host-sre-namespace`, `first-component`, `second-component`, `some-component`, `member-sre-namespace`, and `crw`, for example. - Run `oc apply -k /host` - Run `oc apply -k /member` - Run `oc apply -k /member-3` diff --git a/pkg/cmd/adm/adm.go b/pkg/cmd/adm/adm.go index 4034d37..05bc63f 100644 --- a/pkg/cmd/adm/adm.go +++ b/pkg/cmd/adm/adm.go @@ -10,7 +10,7 @@ func NewAdmCmd() *cobra.Command { admCommand := &cobra.Command{ Use: "adm", Short: "Administrative Commands", - Long: `Actions for administering Dev Sandbox instance.`, + Long: `Actions for administering a KubeSaw instance.`, } registerCommands(admCommand) diff --git a/pkg/cmd/generate/cluster.go b/pkg/cmd/generate/cluster.go index e32d836..1a2711a 100644 --- a/pkg/cmd/generate/cluster.go +++ b/pkg/cmd/generate/cluster.go @@ -20,7 +20,7 @@ func ensureServiceAccounts(ctx *clusterContext, objsCache objectsCache) error { continue } - // by default, it should use the sandbox sre namespace. let's keep this empty (if the target namespace is not defined) so it is recognized in the ensureServiceAccount method based on the cluster type it is being applied in + // let's keep this empty (if the target namespace is not defined) so it is recognized in the ensureServiceAccount method based on the cluster type it is being applied in saNamespace := "" if sa.Namespace != "" { saNamespace = sa.Namespace diff --git a/pkg/cmd/generate/permissions_test.go b/pkg/cmd/generate/permissions_test.go index 9e0c136..92fd669 100644 --- a/pkg/cmd/generate/permissions_test.go +++ b/pkg/cmd/generate/permissions_test.go @@ -109,7 +109,7 @@ func TestEnsureServiceAccount(t *testing.T) { // when subject, err := ensureServiceAccount("openshift-customer-monitoring")( - ctx, cache, "john", "sandbox-sre-host", labels) + ctx, cache, "john", "default-ns-is-ignored", labels) // then require.NoError(t, err)