[FEATURE] Onboarding teams which has ability to create,delete namespaces and operate objects within namespace
cshivashankar opened this issue · 2 comments
I don't know if the Namespace configurator currently supports this feature, but looking at the docs, I couldn't find any information about this.
Scenario :
What if a team is onboarded which in turn has subteams and those subteams need to have independent sandboxes/namespaces for work. Assuming there is a team T1 and there are subteams T1A, T1B, T1C. With current onboarding, there is an ability to create namespaces and set configurations like ResourceQuota, LimitRange, PSP, etc. But if T1 needs to create different namespaces for its subteams with the same namespace configs applied to T1. How to do it? Assuming subteams are dynamic and can keep changing. There might be a requirement to create a new namespace for subteam T1D and delete namespace for team T1C.
The whole point here is T1 is an onboarded entity and it won't have privileges like cluster-admin but it should have the ability to create namespaces. Permission to operate and delete namespaces should be possible only in the namespaces created by T1. So team T1 can only access or delete the namespaces it created, nothing else.
Other similar scenarios could be onboarding teams that have pipelines where the creation and deletion of the namespace is a requirement.
If I understand correctly this request,. you are asking for the possibility to create loops in the resource template so that multiple resources of the same type will be created based on an arbitrary list.
@cnuland is working on a PR to add this feature: redhat-cop/operator-utils#32
Take a look at my examples here @cshivashankar
https://github.com/cnuland/namespace-config-argocd-ocp-demo/blob/master/resources/onboarding-groupconfig.yaml
https://github.com/cnuland/namespace-config-argocd-ocp-demo/blob/master/resources/group.yaml
This is using the changes in operator-util that @raffaelespazzoli posted that haven't been implemented yet into any release. This should give you an idea though what we're trying to work towards soon.