Skip to content

feat(workspaceobject): Add workspace object controller #123

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat(workspaceobject): Add workspace object controller #123

wants to merge 1 commit into from

Conversation

@MisterMX
Copy link

@MisterMX MisterMX commented Nov 24, 2025

Summary

This PR introduces a new API, WorkspaceObject, which enables managing any Kubernetes object within a workspace. The controller uses a RootShard reference and the workspace path to construct the appropriate kubeconfig. The API design is inspired by the Object API from https://github.com/crossplane-contrib/provider-kubernetes and includes a spec.managementPolicies field to control which operations (create, update, delete) the controller should perform.

The goal of this PR is to address #122. Instead of supporting only a single kind, we adopt a broader, more generic approach that supports any object type, including Workspace, WorkspaceType, and RBAC configurations.

This work aims to provide the following capabilities, enabling us to fully manage a KCP instance without relying on third-party operators that add additional complexity (e.g., Crossplane):

  • Manage workspaces and workspace types from the host cluster
  • Manage RBAC roles and bindings from the host cluster

At present, the controller does not correctly handle system workspaces, which are shard-local. This may be improved in a future PR to allow administrators to define RBAC configurations in system workspaces for consistent, cluster-wide defaults (e.g., cluster-admin access via OIDC) without needing to apply them per workspace.

on-behalf-of: @eon-se opensource@eon.com

What Type of PR Is This?

/kind feature

Related Issue(s)

Fixes #122

Relates to #91 by providing a way to configure RBAC roles that can be used by generated kubeconfigs.

Release Notes

Add WorkspaceObject API to allow managing any arbitrary object in a workspace.

@MisterMX
feat(workspaceobject): Add workspace object controller
2c02473 
Add a new API WorkspaceObject that allows managing (create, apply,
delete) any kind of object in a workspace.

on-behalf-of: @eon-se opensource@eon.com
Signed-off-by: Maximilian Blatt <maximilian.blatt.external@eon.com>
@kcp-ci-bot kcp-ci-bot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. dco-signoff: yes Indicates the PR's author has signed the DCO. labels Nov 24, 2025
@kcp-ci-bot
Copy link
Contributor

kcp-ci-bot commented Nov 24, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign clubanderson for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@kcp-ci-bot kcp-ci-bot added the needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. label Nov 24, 2025
@kcp-ci-bot
Copy link
Contributor

kcp-ci-bot commented Nov 24, 2025

Hi @MisterMX. Thanks for your PR.

I'm waiting for a kcp-dev member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@kcp-ci-bot kcp-ci-bot added the size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. label Nov 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dco-signoff: yes Indicates the PR's author has signed the DCO. kind/feature Categorizes issue or PR as related to a new feature. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

feature: Manage workspaces

2 participants

@MisterMX @kcp-ci-bot