Responsible for cluster configuration and isolation of org / tenants. Also is administartor of repo https://github.com/nzacharia/multi-tenancy-single and is managing the cluster through https://github.com/nzacharia/multi-tenancy-single/blob/main/charts/landlord/values.sample.yaml
To add a new org with name :
org:
- cecg:
.
.
- testorg:
flux:
path: ./team-manifests/cecg. # This the "virtual" repo (for the bootcamp , instead of creating new repo for each org/tenant we 're creating a subfolder for each org/tenant
To add a new tenant with name :
org:
- cecg:
.
.
- testorg:
tenants:
- tenanttest:
flux:
path: ./team-manifests/tenanttest
To add a new subnamespace with name :
org:
- cecg:
.
.
- testorg:
tenants:
- tenanttest:
flux:
path: ./team-manifests/tenanttest
subnamespaces:
- name: subnstest
flux:
path: ./team-manifests/tenanttest/subnstest
podLimits: # This is a Gatekeeper policy . Platform engineer can define the resources/limits of pods in each namespace
memory: 256Mi
cpu: 500m
To remove a subnamespace / tenant / org , platform engineer has to delete the values from https://github.com/nzacharia/multi-tenancy-single/blob/main/charts/landlord/values.sample.yaml
minikube start --network-plugin=cni --kubernetes-version=v1.24.3 --extra-config=kubeadm.pod-network-cidr=10.244.0.0/16
k create -f setup/1-tigera-operator.yaml
k create -f setup/2-calico-custom-resources.yaml
k apply -f setup/3-hnc-default.yml
k apply -f setup/4-flux.yaml
k apply -f setup/5-gatekeeper.yaml
helm install ./charts/gk-policy-charts/gk-policy-charts --name-template gk-policy-helm
helm install ./charts/landlord/ -f ./charts/landlord/values.sample.yaml --name-template hnc-namespaces
./test_netpol.sh
./clean_netpol.sh