default config to enforce quotas on new users
This commit is contained in:
parent
bf8b053e84
commit
ea58cf0678
2 changed files with 91 additions and 0 deletions
91
devolab-user-config/default-template.yaml
Normal file
91
devolab-user-config/default-template.yaml
Normal file
|
|
@ -0,0 +1,91 @@
|
||||||
|
apiVersion: template.openshift.io/v1
|
||||||
|
kind: Template
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: project-request
|
||||||
|
objects:
|
||||||
|
- apiVersion: project.openshift.io/v1
|
||||||
|
kind: Project
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
openshift.io/description: ${PROJECT_DESCRIPTION}
|
||||||
|
openshift.io/display-name: ${PROJECT_DISPLAYNAME}
|
||||||
|
openshift.io/requester: ${PROJECT_REQUESTING_USER}
|
||||||
|
labels:
|
||||||
|
size: small
|
||||||
|
creationTimestamp: null
|
||||||
|
name: ${PROJECT_NAME}
|
||||||
|
spec: {}
|
||||||
|
status: {}
|
||||||
|
- apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
openshift.io/description: Allows all pods in this namespace to pull images from
|
||||||
|
this namespace. It is auto-managed by a controller; remove subjects to disable.
|
||||||
|
creationTimestamp: null
|
||||||
|
name: system:image-pullers
|
||||||
|
namespace: ${PROJECT_NAME}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:image-puller
|
||||||
|
subjects:
|
||||||
|
- apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Group
|
||||||
|
name: system:serviceaccounts:${PROJECT_NAME}
|
||||||
|
- apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
openshift.io/description: Allows builds in this namespace to push images to
|
||||||
|
this namespace. It is auto-managed by a controller; remove subjects to disable.
|
||||||
|
creationTimestamp: null
|
||||||
|
name: system:image-builders
|
||||||
|
namespace: ${PROJECT_NAME}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:image-builder
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: builder
|
||||||
|
namespace: ${PROJECT_NAME}
|
||||||
|
- apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
annotations:
|
||||||
|
openshift.io/description: Allows deploymentconfigs in this namespace to rollout
|
||||||
|
pods in this namespace. It is auto-managed by a controller; remove subjects
|
||||||
|
to disable.
|
||||||
|
creationTimestamp: null
|
||||||
|
name: system:deployers
|
||||||
|
namespace: ${PROJECT_NAME}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: system:deployer
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: deployer
|
||||||
|
namespace: ${PROJECT_NAME}
|
||||||
|
- apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
creationTimestamp: null
|
||||||
|
name: admin
|
||||||
|
namespace: ${PROJECT_NAME}
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: ClusterRole
|
||||||
|
name: admin
|
||||||
|
subjects:
|
||||||
|
- apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: User
|
||||||
|
name: ${PROJECT_ADMIN_USER}
|
||||||
|
parameters:
|
||||||
|
- name: PROJECT_NAME
|
||||||
|
- name: PROJECT_DISPLAYNAME
|
||||||
|
- name: PROJECT_DESCRIPTION
|
||||||
|
- name: PROJECT_ADMIN_USER
|
||||||
|
- name: PROJECT_REQUESTING_USER
|
||||||
Loading…
Reference in a new issue