SRE team should have the option to provide custom resources to sync to the kcp syncer
ramessesii2 opened this issue · 3 comments
Current State
The register.sh script and openshift_dev_setup.sh currently has a flag/parameter (resources) to sync the list of resources between kcp and workload clusters. For now, we've a fixed number of resources to sync.
Desired State
With different customers, the resources to sync may vary and we want the customer's SRE team to have control over the resources to be synced based on their requirement. Provide an additional flag (eg: CR_TO_SYNC) in register.sh and openshift_dev_setup.sh scripts so that users can provide their custom resources to be synced.
@ramessesii2 although I do agree that we may need to make it configurable I tend to disagree that we may want to support different resources to be synced for different customers.
My point of view is that the service offered is built with a defined set of resources getting synced and may not work properly if some of these resources are not synced and may not be secure if additional resources that have not been validated get synced.
I am happy to listen to your arguments to convince me otherwise.
Hi @fgiloux, I wanted this change so that we could have other resources like NetworkPolicy synced as and when there's necessity. We could have this as hard-coded and as one of the resources that Pipelines-Service maintains but the other argument against it was - "not every user would require this resource".
if some of these resources are not synced and may not be secure if additional resources that have not been validated get synced.
Indeed, I completely agree with this statement as well.
Closing this issue.
For retrospective - Pipelines-Service is going to support syncing only defined resources between kcp workspaces and computes.