Remove deprecated magic-namespace
mar1n3r0 opened this issue · 5 comments
magic-namespace deprecation notice
Note that this chart manages namespaces and also Helm 2 Tiller instances within those namespaces. Helm 3 releases are scoped to namespaces and therefore cannot create namespaces. Helm 3 also does not utilize the Tiller component. Helm 3, therefore, is both incapable of installing this chart and has no practical need for this chart to begin with. With this being the case, maintainers have no intention of remediating this chart's incompatibilities with Helm 3, as that would undermine the chart's ongoing usefulness to Helm 2 users without deriving any benefit to Helm 3 users.
In conclusion, consider this chart to be deprecated, with updates and support ending on the same schedule as Helm 2 itself.
I guess with that in mind we can completely remove magic-namespace.
Originally posted by @mar1n3r0 in #46 (comment)
I merged both #49 and #48, however I dont understand why do we have cluster-role-binding.yaml ? What is this used for ? If we have dashboard-role-binding.yaml and dashboard-role.yaml where we use both for dashboard chart which makes sense and that is why we disable them when we disable dashboard.
Maybe we should always create role ? and then use that role for dashboard ? Maybe add some if condition to template where if dashboard enabled we add additional rules ?
Yes we overly complicated it. Basically in order to create objects we need one service account for the namespace. This service account needs a role which is restricted to the namespace only and a role binding which is tied to the resources and rules in that namespace.
I have put some notes this time around while fixing stuff:
- Error: parse error at (app/templates/dashboard-role.yaml:1): bad character U+002D '-'
Error: parse error at (app/templates/dashboard-role-binding.yaml:1): bad character U+002D '-'
helm/app/templates/dashboard-role.yaml
{{ if or (not (hasKey .Values.
kubernetes-dashboard"enabled")) (.Values.kubernetes-dashboard.enabled | default true) }}
{{ if or (not (hasKey .Values.dashboard "enabled")) (.Values.dashboard.enabled | default true) }}
- Service accounts, roles and role bindings
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#default-roles-and-role-bindings
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
https://github.com/kubernetes/dashboard/releases
Added support for deploying dashboard to different namespaces.
Moved dashboard from kube-system to kubernetes-dashboard namespace (kubernetes-dashboard-head namespace for head).Basically the stable chart version for kubernetes-dashboard is still at 1.10.1 which is not yet supporting having the dashboard in a different namespace. As you suggested before we have to wait for stable release 2.0.0
- helm/microservice/templates/deployment.yaml
spec.serviceAccount removed because app.fullname is different than the default service account we have created
Should we close this one ? Since your pr is merged ?