Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • aatemnke3-PLATFORM-2768
  • aatemnke-PLATFORM-2768
  • PLATFORM-2634-MutateJobs
  • swarm-PLATFORM-2200
  • renovate/configure
  • allow-skipping-shared-resources
  • 0.43.1
  • 0.43.0
  • 0.42.0
  • 0.41.10
  • 0.41.9
  • 0.41.8
  • 0.41.7
  • 0.41.6
  • 0.41.5
  • 0.41.4
  • 0.41.3
  • 0.41.2
  • 0.41.1
  • 0.41.0
  • 0.40.5
  • 0.40.4
  • 0.40.3
  • 0.40.2
  • 0.40.1
  • 0.40.0
27 results
History
Mark Williams's avatar
Merge branch 'bbooker-cnpg-access' into 'master'
Mark Williams authored 
Enable access to read CRDs for CloudNativePG

See merge request !250
650867a0
Name Last commit Last update
templates
.gitlab-ci.yml
.helmignore
Chart.yaml
README.md
renovate.json
test-values.yaml
values.yaml
wip-values.schema.json
README.md

The Landlord

The "landlord" is in charge of defining the various requirements and configuration for all of the tenants. This includes namespace setup, Flux configuration, authorized hostnames, pod placement mutations, log forwarding configuration, and more.

Tenant Configuration

Tenants can be defined by providing a values.yaml file using the following schema:

tenants:
  tenant-a: TenantDefinition
  tenant-b: TenantDefinition
  tenant-c: TenantDefinition

where tenant-a, tenant-b, and tenant-c reflect the name of the tenant. This name is used for the Kubernetes namespace and other identifying information.

TenantDefinition

The TenantDefinition resources defines configuration for a specific tenant. It supports the following:

tenants:
  tenant-a:

    domains: [string]       # Additional domains, beyond tenant domain, the tenant is able to use for Ingress/cert requests. Does support wildcarded domains (defaults to [])

    rbac: [list]
      - group: ed.group.name  # ED group with read-only access to namespaced resources (ClusterRole/platform-tenant)
        exec: boolean         # Optionally allow exec into pods !!! Use with caution !!! (ClusterRole/platform-tenant-exec)

    flux:
      branch: main          # Branch to watch (defaults to "main")
      path: ./              # Path in repo to watch (defaults to "./")

    logging:
      splunkIndex: sample   # Reserved for future use (no default value)

    quotas:
      cpu: 200m             # Namespace CPU limits (no default value)
      memory: 2Gi           # Namespace memory limits (no default value)

    tolerations:            # Tolerations that will be mutated on all pods in the namespace (defaults to none)
      - key: "lifecycle"
        operator: Equal
        value: "spot" 

    affinity:               # Pod affinity that will be mutated on all pods in the tenant namespace (defaults to none)
      nodeAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          nodeSelectorTerms:
          - matchExpressions:
            - key: node-type
              operator: In
              values:
              - spot

Using GK Mutators

When using GK Mutators, you may need resources that are not being monitored by the mutating webhook. Please take a look here to see which resources are current being monitored.