default config to enforce quotas on new users
This commit is contained in:
parent
bf8b053e84
commit
ea58cf0678
2 changed files with 91 additions and 0 deletions
91
devolab-user-config/default-template.yaml
Normal file
91
devolab-user-config/default-template.yaml
Normal file
|
|
@ -0,0 +1,91 @@
|
|||
apiVersion: template.openshift.io/v1
|
||||
kind: Template
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: project-request
|
||||
objects:
|
||||
- apiVersion: project.openshift.io/v1
|
||||
kind: Project
|
||||
metadata:
|
||||
annotations:
|
||||
openshift.io/description: ${PROJECT_DESCRIPTION}
|
||||
openshift.io/display-name: ${PROJECT_DISPLAYNAME}
|
||||
openshift.io/requester: ${PROJECT_REQUESTING_USER}
|
||||
labels:
|
||||
size: small
|
||||
creationTimestamp: null
|
||||
name: ${PROJECT_NAME}
|
||||
spec: {}
|
||||
status: {}
|
||||
- apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
annotations:
|
||||
openshift.io/description: Allows all pods in this namespace to pull images from
|
||||
this namespace. It is auto-managed by a controller; remove subjects to disable.
|
||||
creationTimestamp: null
|
||||
name: system:image-pullers
|
||||
namespace: ${PROJECT_NAME}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:image-puller
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: Group
|
||||
name: system:serviceaccounts:${PROJECT_NAME}
|
||||
- apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
annotations:
|
||||
openshift.io/description: Allows builds in this namespace to push images to
|
||||
this namespace. It is auto-managed by a controller; remove subjects to disable.
|
||||
creationTimestamp: null
|
||||
name: system:image-builders
|
||||
namespace: ${PROJECT_NAME}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:image-builder
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: builder
|
||||
namespace: ${PROJECT_NAME}
|
||||
- apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
annotations:
|
||||
openshift.io/description: Allows deploymentconfigs in this namespace to rollout
|
||||
pods in this namespace. It is auto-managed by a controller; remove subjects
|
||||
to disable.
|
||||
creationTimestamp: null
|
||||
name: system:deployers
|
||||
namespace: ${PROJECT_NAME}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: system:deployer
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: deployer
|
||||
namespace: ${PROJECT_NAME}
|
||||
- apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: RoleBinding
|
||||
metadata:
|
||||
creationTimestamp: null
|
||||
name: admin
|
||||
namespace: ${PROJECT_NAME}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: admin
|
||||
subjects:
|
||||
- apiGroup: rbac.authorization.k8s.io
|
||||
kind: User
|
||||
name: ${PROJECT_ADMIN_USER}
|
||||
parameters:
|
||||
- name: PROJECT_NAME
|
||||
- name: PROJECT_DISPLAYNAME
|
||||
- name: PROJECT_DESCRIPTION
|
||||
- name: PROJECT_ADMIN_USER
|
||||
- name: PROJECT_REQUESTING_USER
|
||||
Loading…
Reference in a new issue