Workspace Provisioner
A Carvel package for provisioning and configuring workspaces (namespaces or virtual clusters) with the necessary credentials, roles and limit ranges to work with the Kadras Engineering Platform.
🚀 Getting Started
Prerequisites
-
Kubernetes 1.25+
-
Carvel
kctrl
CLI. -
Carvel kapp-controller deployed in your Kubernetes cluster. You can install it with Carvel
kapp
(recommended choice) orkubectl
.kapp deploy -a kapp-controller -y \ -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml
Dependencies
Workspace Provisioner is used as part of the Kadras Engineering Platform that you can install from the Kadras package repository.
Installation
Add the Kadras package repository to your Kubernetes cluster:
kctrl package repository add -r kadras-packages \
--url ghcr.io/kadras-io/kadras-packages \
-n kadras-packages --create-namespace
Installation without package repository
The recommended way of installing the Workspace Provisioner package is via the Kadras package repository. If you prefer not using the repository, you can add the package definition directly usingkapp
or kubectl
.
kubectl create namespace kadras-packages
kapp deploy -a workspace-provisioner-package -n kadras-packages -y \
-f https://github.com/kadras-io/workspace-provisioner/releases/latest/download/metadata.yml \
-f https://github.com/kadras-io/workspace-provisioner/releases/latest/download/package.yml
Install the Workspace Provisioner package:
kctrl package install -i workspace-provisioner \
-p workspace-provisioner.packages.kadras.io \
-v ${VERSION} \
-n kadras-packages
Note
You can find the ${VERSION}
value by retrieving the list of package versions available in the Kadras package repository installed on your cluster.
kctrl package available list -p workspace-provisioner.packages.kadras.io -n kadras-packages
Verify the installed packages and their status:
kctrl package installed list -n kadras-packages
📙 Documentation
Documentation, tutorials and examples for this package are available in the docs folder. For documentation specific to the Kadras Engineering Platform, check out kadras.io.
🎯 Configuration
The Workspace Provisioner package can be customized via a values.yml
file.
namespaces:
- name: qa
- name: staging
oci_registry:
secret:
name: supply-chain-registry-credentials
namespace: kadras-packages
Reference the values.yml
file from the kctrl
command when installing or upgrading the package.
kctrl package install -i workspace-provisioner \
-p workspace-provisioner.packages.kadras.io \
-v ${VERSION} \
-n kadras-packages \
--values-file values.yml
Values
The Workspace Provisioner package has the following configurable properties.
Configurable properties
Config | Default | Description |
---|---|---|
namespaces |
[] |
Configuration for the namespaces the platform will provision and manage. |
service_account |
default |
The ServiceAccount to be configured with credentials and roles in each workspace. |
oci_registry.secret.name |
"" |
The name of the Secret holding the credentials to access the OCI registry. |
oci_registry.secret.namespace |
"" |
The namespace of the Secret holding the credentials to access the OCI registry. |
cosign.secret.name |
"" |
The name of the Secret holding the Cosign key pair. |
cosign.secret.namespace |
"" |
The namespace of the Secret holding the Cosign key pair. |
git.server |
https://github.com |
The Git server hosting the Git repositories used by the platform. |
git.secret.name |
"" |
The name of the Secret holding the Git credentials. |
git.secret.namespace |
"" |
The namespace of the Secret holding the Git credentials. |
🛡️ Security
The security process for reporting vulnerabilities is described in SECURITY.md.
🖊️ License
This project is licensed under the Apache License 2.0. See LICENSE for more information.
🙏 Acknowledgments
This package is inspired by the namespace setup package developed by Scott Rosenberg.