Create OCP project template and add organization label to projects #16
Conversation
simu
force-pushed
the
feat/support-ocp-projects
branch
4 times, most recently
from
2dfa3cf to
fc161ee
Compare
Change the OCP project template to only create a Project resource and no rolebindings.
Add a mutate policy which adds the requesting user's default organization to the project based on the value of annotation `openshift.io/requester` on the Project resource created by the OCP project template. Refactor the code a bit since this mutate policy is mostly identical to the one which handles setting a default organization when users create projects with `kubectl create ns`.
simu
force-pushed
the
feat/support-ocp-projects
branch
from
fc161ee to
a49d361
Compare
There was a problem hiding this comment.
Do these policies also work when using a Project spec from YAML (e.g. oc create -f project.yaml) ?
I ask because I'm not sure if a YAML spec is the same as oc create project because the oc binary might do more magic in the background (e.g. creating a ProjectRequest instead).
I really have no idea if there's a difference between the two, just asking here.
They don't have to, because regular users cannot |
How so? I could imagine some Kustomize or CI/CD use cases for this? |
In CI/CD, users can use the |
This PR configures a custom OCP project template which only creates a
Projectresource and no rolebindings.The PR also adds a mutate policy which adds the requesting user's default organization to the project based on the value of annotation
openshift.io/requesteron the Project resource created by the OCP project template.Additionally, we refactor the code a bit since this new mutate policy is mostly identical to the one which handles setting a default organization when users create projects with
kubectl create ns.Checklist
bug,enhancement,documentation,change,breaking,dependencyas they show up in the changelog