From 8dbd2df2747b8551229e6ba1bf237d1a1162198e Mon Sep 17 00:00:00 2001 From: Hussnain Ahmad <76955520+hussnain612@users.noreply.github.com> Date: Fri, 17 Jun 2022 17:32:53 +0500 Subject: [PATCH 1/4] [ Tenant-Operator ] Update tenant spec Updated feature in tenant spec --- .../sre/tenant-operator/customresources.md | 26 ++++++++++++++++--- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/content/sre/tenant-operator/customresources.md b/content/sre/tenant-operator/customresources.md index 097cd570..3b38daa3 100644 --- a/content/sre/tenant-operator/customresources.md +++ b/content/sre/tenant-operator/customresources.md @@ -92,9 +92,23 @@ spec: - build - preview namespaceLabels: - app.kubernetes.io/managed-by: tenant-operator + common: + app.kubernetes.io/managed-by: tenant-operator + specific: + - labels: + customer-workload-monitoring: 'true' + namespaces: + - alpha-dev + - alpha-build namespaceAnnotations: - openshift.io/node-selector: node-role.kubernetes.io/infra= + common: + openshift.io/node-selector: node-role.kubernetes.io/infra= + specific: + - annotations: + stakater.com/current-tenant: alpha + namespaces: + - alpha-build + - alpha-preview templateInstances: - spec: template: networkpolicy @@ -120,9 +134,13 @@ spec: * `argocd` can be used to list `sourceRepos` that point to your gitops repositories. The field is required if you want to create an ArgoCD AppProject for the tenant. -* `namespaceLabels` can be used to distribute common labels among tenant namespaces. +* `namespaceLabels` can be used to distribute labels among tenant namespaces. + * `common` distributes labels among all tenant namespaces + * `specific` distributes given `labels` among given tenant `namespaces` -* `namespaceAnnotations` can be used to distribute common annotations among tenant namespaces. +* `namespaceAnnotations` can be used to distribute annotations among tenant namespaces. + * `common` distributes annotations among all tenant namespaces + * `specific` distributes given `annotations` among given tenant `namespaces` * Tenant will have an option to create *sandbox namespaces* for owners and editors, when `sandbox` is set to *true*. * Sandbox will follow the following naming convention **{TenantName}**-**{UserName}**-*sandbox*. From 22b5ebf040a0808745bfebc6f88cc330df9cbd2a Mon Sep 17 00:00:00 2001 From: hussnain612 Date: Wed, 13 Jul 2022 17:33:41 +0500 Subject: [PATCH 2/4] [Tenant-Operator] Updated tenant spec --- .../sre/tenant-operator/customresources.md | 43 +++++++++---------- 1 file changed, 20 insertions(+), 23 deletions(-) diff --git a/content/sre/tenant-operator/customresources.md b/content/sre/tenant-operator/customresources.md index a24d5bc9..b58ac501 100644 --- a/content/sre/tenant-operator/customresources.md +++ b/content/sre/tenant-operator/customresources.md @@ -95,24 +95,18 @@ spec: - dev - build - preview - namespaceLabels: - common: - app.kubernetes.io/managed-by: tenant-operator - specific: - - labels: - customer-workload-monitoring: 'true' - namespaces: - - alpha-dev - - alpha-build - namespaceAnnotations: - common: + commonMetadata: + labels: + stakater.com/team: alpha + annotations: openshift.io/node-selector: node-role.kubernetes.io/infra= - specific: - - annotations: - stakater.com/current-tenant: alpha - namespaces: - - alpha-build - - alpha-preview + specificMetadata: + - annotations: + stakater.com/user: haseeb + labels: + stakater.com/sandbox: true + namespaces: + - alpha-haseeb-stakater-sandbox templateInstances: - spec: template: networkpolicy @@ -140,12 +134,6 @@ spec: * `hibernation` can be used to create a schedule during which the namespaces belonging to the tenant will be put to sleep. The values of the `sleepSchedule` and `wakeSchedule` fields must be a string in a cron format. -* `namespaceLabels` can be used to distribute common labels among tenant namespaces. - -* `namespaceAnnotations` can be used to distribute annotations among tenant namespaces. - * `common` distributes annotations among all tenant namespaces - * `specific` distributes given `annotations` among given tenant `namespaces` - * Tenant will have an option to create *sandbox namespaces* for owners and editors, when `sandbox` is set to *true*. * Sandbox will follow the following naming convention **{TenantName}**-**{UserName}**-*sandbox*. * In case of groups, the sandbox namespaces will be created for each member of the group. @@ -154,6 +142,15 @@ spec: * Tenant-Operator will append *tenant name* prefix while creating namespaces, so the format will be **{TenantName}**-**{Name}**. * `stakater.com/kind: {Name}` label will also be added to the namespaces. +* `commonMetadata` can be used to distribute common labels and annotations among tenant namespaces. + * `labels` distributes provided labels among all tenant namespaces + * `annotations` distributes provided annotations among all tenant namespaces + +* `specificMetadata` can be used to distribute specific labels and annotations among specific tenant namespaces. + * `labels` distributes given labels among specific tenant namespaces + * `annotations` distributes given annotations among specific tenant namespaces + * `namespaces` consists a list of specific tenant namespaces across which the labels and annotations will be distributed + * Tenant automatically deploys `template` resource mentioned in `templateInstances` to matching tenant namespaces. * `Template` resources are created in those `namespaces` which belong to a `tenant` and contain `matching labels`. * `Template` resources are created in all `namespaces` of a `tenant` if `selector` field is empty. From 7323f23cb9de03cfef70f982a26b00f6d8756919 Mon Sep 17 00:00:00 2001 From: hussnain612 Date: Wed, 13 Jul 2022 17:36:47 +0500 Subject: [PATCH 3/4] [Tenant-Operator] Updated tenant spec --- content/sre/tenant-operator/customresources.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/sre/tenant-operator/customresources.md b/content/sre/tenant-operator/customresources.md index b58ac501..b36aca94 100644 --- a/content/sre/tenant-operator/customresources.md +++ b/content/sre/tenant-operator/customresources.md @@ -83,7 +83,7 @@ spec: viewers: users: - jose@stakater.com - sandbox: false + sandbox: true quota: medium argocd: sourceRepos: From 808eed120d241821225b11c49f6f955a9b56db40 Mon Sep 17 00:00:00 2001 From: hussnain612 Date: Fri, 15 Jul 2022 09:35:35 +0500 Subject: [PATCH 4/4] Updated precedence --- content/sre/tenant-operator/customresources.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/content/sre/tenant-operator/customresources.md b/content/sre/tenant-operator/customresources.md index b36aca94..23a497e6 100644 --- a/content/sre/tenant-operator/customresources.md +++ b/content/sre/tenant-operator/customresources.md @@ -151,6 +151,9 @@ spec: * `annotations` distributes given annotations among specific tenant namespaces * `namespaces` consists a list of specific tenant namespaces across which the labels and annotations will be distributed +#### :memo: Note +If same label or annotation key is being applied using different methods provided, then the highest precedence will be given to `specificMetadata` followed by `commonMetadata` and in the end would be the ones applied from `openshift.project.labels`/`openshift.project.annotations` in `IntegrationConfig` + * Tenant automatically deploys `template` resource mentioned in `templateInstances` to matching tenant namespaces. * `Template` resources are created in those `namespaces` which belong to a `tenant` and contain `matching labels`. * `Template` resources are created in all `namespaces` of a `tenant` if `selector` field is empty.