redhat-cop/namespace-configuration-operator

Openshift namespace config doesn't apply to system namespaces (openshift-*)

yaroslavkasatikov opened this issue · 2 comments

Hello team,

I want to create a resource in openshift-* ns, but it doesn't work for me.

I want to select them with default cluster-monitoring label:

[yaroslav@instance-1 yaml]$ oc get ns -l openshift.io/cluster-monitoring="true"|wc -l
39

But when I tried to use this label as selector, I faced to openshift-* ignoring.

spec:
  labelSelector:
    matchLabels:
      openshift.io/cluster-monitoring: "true"
  templates:
  - objectTemplate: |
        YAML HERE

I understand that it is a kind of protection (

func isProhibitedNamespaceName(name string) bool {
return name == "default" || strings.HasPrefix(name, "openshift") || strings.HasPrefix(name, "kube")
}
), but is it possible to implement something like 'force' for creating resources inside system ns? It may be used for creating TLS Secrets for routers or something like this.

Many thanks,
Yaroslav

@yaroslavkasatikov sorry for taking so long to respond, this slipped. No at the moment the openshift and kube namespaces are protected. IT's a safety feature to prevent this operator from disrupting a cluster.
Can I close this?

Closing this out since there's no current solution and the issue has gone stale.