CASMPET-6811: Add information for global tenant webhooks (#5339)

* CASMPET-6811: Add information for global tenant webhooks * Apply suggestions from code review Signed-off-by: Russell Bunch <doomslayer@hpe.com> --------- Signed-off-by: Russell Bunch <doomslayer@hpe.com> Co-authored-by: Ryan Bak <rbak@cray.com> Co-authored-by: Russell Bunch <doomslayer@hpe.com>
Cray-HPE · Sep 3, 2024 · 1e84236 · 1e84236
1 parent 65a5a72
commit 1e84236
Show file tree

Hide file tree

Showing 3 changed files with 71 additions and 8 deletions.
diff --git a/operations/README.md b/operations/README.md
@@ -806,3 +806,4 @@ these backups.
 - [Slurm Operator](multi-tenancy/SlurmOperator.md)
 - [Tenant and Partition Management System (TAPMS) Overview](multi-tenancy/Tapms.md)
 - [TAPMS Tenant Status API](../api/tapms-operator.md)
+- [Global Tenant Hooks](multi-tenancy/GlobalTenantHooks.md)
diff --git a/operations/multi-tenancy/GlobalTenantHooks.md b/operations/multi-tenancy/GlobalTenantHooks.md
@@ -0,0 +1,57 @@
+# Global Tenant Hooks
+
+- [Overview](#overview)
+- [Creating a global tenant hook CRD](#create-a-global-hook-crd)
+- [Apply the global tenant hook CR](#apply-the-global-hook-cr)
+
+## Overview
+
+Global Tenant Hooks behave in a similar manner to hooks defined in the tenant definition, but apply to all tenants. This is useful for cases where administrators want to be alerted to all tenant events regardless of the tenant definition.
+
+## Create a Global Hook CRD
+
+Creating a global tenant hook involves creating a Custom Resource Definition (CRD) and then applying the Custom Resource (CR).
+
+- (`ncn-mw#`) The full schema is available by executing the following command:
+
+    ```bash
+    kubectl get customresourcedefinitions.apiextensions.k8s.io globaltenanthooks.tapms.hpe.com -o yaml
+    ```
+
+- An example of a global tenant hook custom resource (CR):
+
+    ```yaml
+    apiVersion: tapms.hpe.com/v1alpha3
+    kind: GlobalTenantHook
+    metadata:
+      name: hook-test
+    spec:
+      name: notify-hook
+      url: http://10.252.1.4:7000
+      blockingcall: false
+      eventtypes:
+        - CREATE
+        - UPDATE
+        - DELETE
+      hookcredentials:
+        secretname: notify-hook-cm
+        secretnamespace: services
+    ```
+
+## Apply the Global Hook CR
+
+- (`ncn-mw#`) Once the CR has been crafted for the global hook, the following command will apply the definition:
+
+    > All global tenant hooks should be applied in the `tenants` namespace.
+
+    ```bash
+    kubectl apply -n tenants -f <hook.yaml>
+    ```
+
+    Example output:
+
+    ```text
+    globaltenanthooks.tapms.hpe.com/hook-test created
+    ```
+
+- The global hook is created immediately and any tenant events that occur after this point will send data to the global hook endpoint.
diff --git a/operations/multi-tenancy/Overview.md b/operations/multi-tenancy/Overview.md
@@ -2,15 +2,16 @@
 
 - [Disclaimer](#disclaimer)
 - [Components](#components)
-  - [Hierarchical Namespace Controller (HNC)](#hierarchical-namespace-controller-hnc)
-  - [Tenant and Partition Management System (TAPMS)](#tenant-and-partition-management-system-tapms)
-  - [Slurm operator](#slurm-operator)
-  - [Vault integration](#vault-integration)
+    - [Hierarchical Namespace Controller (HNC)](#hierarchical-namespace-controller-hnc)
+    - [Tenant and Partition Management System (TAPMS)](#tenant-and-partition-management-system-tapms)
+    - [Slurm operator](#slurm-operator)
+    - [Vault integration](#vault-integration)
+    - [Global tenant hooks](#global-tenant-hooks)
 - [Getting started](#getting-started)
-  - [Create a tenant](#create-a-tenant)
-  - [Modify a tenant](#modify-a-tenant)
-  - [Remove a tenant](#remove-a-tenant)
-  - [Tenant administrator configuration](#tenant-administrator-configuration)
+    - [Create a tenant](#create-a-tenant)
+    - [Modify a tenant](#modify-a-tenant)
+    - [Remove a tenant](#remove-a-tenant)
+    - [Tenant administrator configuration](#tenant-administrator-configuration)
 
 ## Disclaimer
 
@@ -42,6 +43,10 @@ tenant. See [Slurm Operator](SlurmOperator.md) for details.
 The `tapms` operator can create a Cray Vault transit engine for the tenant. Creating a transit engine is accomplished by enabling the feature in the `Tenant` custom resource, which is managed and reconciled by `tapms`.
 See the [Vault Overview](Vault.md) for details.
 
+### Global tenant hooks
+
+Web-hooks that apply to all tenants can be defined by using [Global Tenant Hooks](GlobalTenantHooks.md) outside the tenant definition.
+
 ## Getting started
 
 Below are common activities performed by an infrastructure administrator for managing a tenant's lifecycle.