Passing Organization Information to Kubernetes Resources
peterwettstein opened this issue · 2 comments
Hi Lagoon Team,
This feature will significantly enhance the capability of the Lagoon Build/Deploy tool, bringing a more cohesive and organized approach to managing Kubernetes resources in line with Lagoon's organizational structure. It will contribute to better governance, security, and operational efficiency in Kubernetes environments managed through Lagoon.
1. Objective:
To pass the organization information, along with existing project and group details, to Kubernetes resources during the build and deployment stages in Lagoon.
2. Reason:
This feature will facilitate better resource management, and monitoring at the organization level within Kubernetes.
3. Proposed Implementation:
Metadata Injection: During the build and deployment processes, the organization name or identifier should be injected into the metadata of Kubernetes resources (like Deployments, Services, Pods, etc.). This could be implemented as labels or annotations in the resource definitions.
4. Use Cases / Benefits:
Monitoring and Logging: Allows for organization-level monitoring and logging, enabling more efficient tracking of resource usage and performance.
Billing and Cost Allocation: Facilitates easier billing and cost allocation for Cloud environments.
Streamlined Operations: Simplifies Kubernetes operations by offering a clearer mapping of resources to organizational structures.
The API needs to be updated to provide this information in the build payload initially
TLDR; these labels should not be relied on at the moment because of inconsistencies when they're updated. This may change in the future.
We've had some discussions in the team, and we are happy to add the organization name
and organization id
as labels to resources and namespaces that are deployed by Lagoon. They would aid human operators to quickly being able to search and deduce issues, but they should not be classed as 100% reliable, as described below.
Lagoon allows organization names to be changed, and it also allows for projects to be removed from and added to organizations. This may lead to conditions where a project has moved between organizations, but the environments may not receive the updated labels to indicate this change until a deployment has occurred.
At the moment, Lagoon doesn't have any way to change this on the fly, so there would always be delayed information, or possibly incorrect information. One possible solution to this would be when a project is added to or removed from an organization, that we can inform all deployed environments of the change, and the remote-controller can update the labels accordingly.