You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When we register a cluster, a Secret of type solo.io/kubeconfig is created in the provided namespace on the management cluster to allow access to the remote cluster.
To watch for changes to kubeconfig secrets, we create a ClusterWatcher. Currently, we cannot constrain the namespaces in which to watch secrets, so the clusterWatcher will reconcile secrets from all namespaces. This can cause conflicts if a management cluster has registered multiple remote clusters with the same name but in different namespaces, since we key the managers only by cluster name. To fix this, we should allow watching only secrets from specified namespace(s).
When we register a cluster, a Secret of type
solo.io/kubeconfig
is created in the provided namespace on the management cluster to allow access to the remote cluster.To watch for changes to kubeconfig secrets, we create a ClusterWatcher. Currently, we cannot constrain the namespaces in which to watch secrets, so the clusterWatcher will reconcile secrets from all namespaces. This can cause conflicts if a management cluster has registered multiple remote clusters with the same name but in different namespaces, since we key the managers only by cluster name. To fix this, we should allow watching only secrets from specified namespace(s).
Perhaps a longer term solution might also involve changing how we store cluster names
The text was updated successfully, but these errors were encountered: