set-namespace
set-namespace #
Overview #
The set-namespace function update or add namespace to all namespaced
resources. Kubernetes supports multiple virtual clusters backed by the same
physical cluster through namespaces.
Namespaces are often used in the following scenarios:
- Separate resources between environments (prod, staging and test).
- Separate resources between different team or users to divide resource quota.
You can learn more about namespace [here][namespace].
Usage #
This function can be used with any KRM function orchestrators (e.g. kpt).
For all namespaced resurces, the set-namespace function adds the namespace
if metadata.namespace doesn’t exist. Otherwise, it updates the existing value.
It will skip the resources that are known to be cluster-scoped (e.g. Node
, CustomResourceDefinitions, ClusterRole). Whether a resource is namespaced
is determined by the OpenAPI schema. If the API path
contains namespaces/{namespace} then the resource is considered namespaced.
Otherwise, it’s not. Currently, this function is using API version 1.20.4.
In addition to updating the metadata.namespace field for applicable resources,
by default the function will also update the [fields][commonnamespace] that
target the namespace. There are a few cases that worth pointing out:
- If there is a
Namespaceresource, itsmetadata.namefield will be updated. - If there’s a
RoleBindingorClusterRoleBindingresource, the function will update the namespace in theServiceAccountif one of the following are true:- the subject element
nameisdefault. - the subject element
namematches the name of aServiceAccountresource declared in the package.
- the subject element
In the following example, the set-namespace function will update:
subjects[0].namespacesincesubjects[0].nameisdefault.subjects[1].namespacesincesubjects[1].namematches aServiceAccountname declared in the package.
apiVersion: v1
kind: ServiceAccount
metadata:
name: service-account
namespace: original-namespace