Multi-Tenancy
If your Operator creates or manages NetworkPolicy configurations ensure that your solution:
- applies fine-grained network policies to enable your managed application internal components to communicate among each other
- does not create type policies
Traffic sharding
The goal is to split or to isolated ingress traffic from certain environments, e.g. production and development environments, ending up on different routers and in this way, being managed by a different Ingress controller. This is a popular configuration option for heavily populated multi-tenant clusters, with several IngressController deployed.
To run on the OpenShift distribution of Kubernetes you probably will use the API. When sharding these routes may be configured with a label selector. Based on this label selector they will amend their configuration when a route (having the label) is created or not (if the route does not have the label). The label is applied at the level and there is no pre-defined convention here, so users set these custom labels in accordance to how they configured their IngressController from operator.openshift.io/v1 instances.