sigs.k8s.io/cluster-api-provider-aws@v1.5.5/docs/book/src/topics/restricting-cluster-api-to-certain-namespaces.md

sigs.k8s.io/cluster-api-provider-aws@v1.5.5/docs/book/src/topics/restricting-cluster-api-to-certain-namespaces.md (about)

     1  # Restricting Cluster API to certain namespaces <!-- omit in toc -->
     2  
     3  Cluster-api-provider-aws controllers by default, reconcile cluster-api objects
     4  across all namespaces in the cluster. However, it is possible to restrict
     5  reconciliation to a single namespace and this document tells you how.
     6  
     7  ## Contents <!-- omit in toc -->
     8  
     9  - [Use cases](#use-cases)
    10  - [Configuring `cluster-api-provider-aws` controllers](#configuring-cluster-api-provider-aws-controllers)
    11  
    12  ## Use cases
    13  
    14  - Grouping clusters into a namespace based on the AWS account will allow
    15    managing clusters across multiple AWS accounts. This will require each
    16    `cluster-api-provider-aws` controller to have credentials to their respective
    17    AWS accounts. These credentials can be created as kubernetes secret and be
    18    mounted in the pod at `/home/.aws` or as environment variables.
    19  - Grouping clusters into a namespace based on their environment, (test,
    20    qualification, canary, production) will allow a phased rolling out of
    21    `cluster-api-provider-aws` releases.
    22  - Grouping clusters into a namespace based on the infrastructure provider will
    23    allow running multiple cluster-api provider implementations side-by-side and
    24    manage clusters across infrastructure providers.
    25  
    26  ## Configuring `cluster-api-provider-aws` controllers
    27  
    28  - Create the namespace that `cluster-api-provider-aws` controller will watch for
    29    cluster-api objects
    30  
    31  ```(bash)
    32  cat <<EOF | kubectl apply -f -
    33  apiVersion: v1
    34  kind: Namespace
    35  metadata:
    36    name: my-pet-clusters #edit if necessary
    37  EOF
    38  ```
    39  
    40  - Deploy/edit `aws-provider-controller-manager` controller statefulset
    41  
    42  Specifically, edit the container spec for `cluster-api-aws-controller`, in the
    43  `aws-provider-controller-manager` statefulset, to pass a value to the `namespace`
    44  CLI flag.
    45  
    46  ```(bash)
    47          - -namespace=my-pet-clusters # edit this if necessary
    48  ```
    49  
    50  Once the `aws-provider-controller-manager-0` pod restarts,
    51  `cluster-api-provider-aws` controllers will only reconcile the cluster-api
    52  objects in the `my-pet-clusters` namespace.