forked from marcredhat/dynatrace
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathrhpds_project_request_template.yaml
129 lines (129 loc) · 3.44 KB
/
rhpds_project_request_template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
apiVersion: template.openshift.io/v1
kind: Template
metadata:
creationTimestamp: "2020-07-30T21:24:41Z"
name: project-request
namespace: openshift-config
resourceVersion: "183569"
selfLink: /apis/template.openshift.io/v1/namespaces/openshift-config/templates/project-request
uid: 8f571945-f38a-4f0b-9510-a4f309b328a2
objects:
- apiVersion: v1
kind: LimitRange
metadata:
name: ${PROJECT_NAME}-core-resource-limits
namespace: ${PROJECT_NAME}
spec:
limits:
- default:
cpu: 1500m
memory: 5Gi
defaultRequest:
cpu: 150m
memory: 700Mi
max:
cpu: 12
memory: 18Gi
type: Container
- max:
cpu: 12
memory: 20Gi
type: Pod
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-all-namespaces
spec:
ingress:
- from:
- namespaceSelector: {}
podSelector: {}
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-from-ingress-namespace
spec:
ingress:
- from:
- namespaceSelector:
matchLabels:
network-policy: global
podSelector: null
- apiVersion: project.openshift.io/v1
kind: Project
metadata:
annotations:
openshift.io/description: ${PROJECT_DESCRIPTION}
openshift.io/display-name: ${PROJECT_DISPLAYNAME}
openshift.io/requester: ${PROJECT_REQUESTING_USER}
name: ${PROJECT_NAME}
spec: {}
status: {}
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
openshift.io/description: Allows all pods in this namespace to pull images from
this namespace. It is auto-managed by a controller; remove subjects to disable.
name: system:image-pullers
namespace: ${PROJECT_NAME}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:image-puller
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: Group
name: system:serviceaccounts:${PROJECT_NAME}
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
openshift.io/description: Allows builds in this namespace to push images to
this namespace. It is auto-managed by a controller; remove subjects to disable.
name: system:image-builders
namespace: ${PROJECT_NAME}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:image-builder
subjects:
- kind: ServiceAccount
name: builder
namespace: ${PROJECT_NAME}
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
annotations:
openshift.io/description: Allows deploymentconfigs in this namespace to rollout
pods in this namespace. It is auto-managed by a controller; remove subjects
to disable.
name: system:deployers
namespace: ${PROJECT_NAME}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:deployer
subjects:
- kind: ServiceAccount
name: deployer
namespace: ${PROJECT_NAME}
- apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: admin
namespace: ${PROJECT_NAME}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: ${PROJECT_ADMIN_USER}
parameters:
- name: PROJECT_NAME
- name: PROJECT_DISPLAYNAME
- name: PROJECT_DESCRIPTION
- name: PROJECT_ADMIN_USER
- name: PROJECT_REQUESTING_USER