A Carvel package for provisioning and configuring workspaces (namespaces or virtual clusters) with the necessary credentials, roles and limit ranges to work with the Kadras Engineering Platform.
-
Kubernetes 1.29+
-
Carvel
kctrlCLI. -
Carvel kapp-controller deployed in your Kubernetes cluster. You can install it with Carvel
kapp(recommended choice) orkubectl.kapp deploy -a kapp-controller -y \ -f https://github.com/carvel-dev/kapp-controller/releases/latest/download/release.yml
Workspace Provisioner is used as part of the Kadras Engineering Platform that you can install from the Kadras package repository.
Add the Kadras package repository to your Kubernetes cluster:
kctrl package repository add -r kadras-packages \
--url ghcr.io/kadras-io/kadras-packages \
-n kadras-system --create-namespaceInstallation without package repository
The recommended way of installing the Workspace Provisioner package is via the Kadras package repository. If you prefer not using the repository, you can add the package definition directly usingkapp or kubectl.
kubectl create namespace kadras-system
kapp deploy -a workspace-provisioner-package -n kadras-system -y \
-f https://github.com/kadras-io/workspace-provisioner/releases/latest/download/metadata.yml \
-f https://github.com/kadras-io/workspace-provisioner/releases/latest/download/package.ymlInstall the Workspace Provisioner package:
kctrl package install -i workspace-provisioner \
-p workspace-provisioner.packages.kadras.io \
-v ${VERSION} \
-n kadras-systemNote You can find the
${VERSION}value by retrieving the list of package versions available in the Kadras package repository installed on your cluster.kctrl package available list -p workspace-provisioner.packages.kadras.io -n kadras-system
Verify the installed packages and their status:
kctrl package installed list -n kadras-systemDocumentation, tutorials and examples for this package are available in the docs folder. For documentation specific to the Kadras Engineering Platform, check out kadras.io.
The Workspace Provisioner package can be customized via a values.yml file.
namespaces:
- name: qa
- name: staging
oci_registry:
secret:
name: supply-chain-registry-credentials
namespace: kadras-systemReference the values.yml file from the kctrl command when installing or upgrading the package.
kctrl package install -i workspace-provisioner \
-p workspace-provisioner.packages.kadras.io \
-v ${VERSION} \
-n kadras-system \
--values-file values.ymlThe Workspace Provisioner package has the following configurable properties.
Configurable properties
| Config | Default | Description |
|---|---|---|
namespaces |
[] |
Configuration for the namespaces the platform will provision and manage. |
service_account |
supply-chain |
The ServiceAccount to be configured with credentials and roles in each workspace. |
oci_registry.secret.name |
"" |
The name of the Secret holding the credentials to access the OCI registry. |
oci_registry.secret.namespace |
"" |
The namespace of the Secret holding the credentials to access the OCI registry. |
cosign.secret.name |
"" |
The name of the Secret holding the Cosign key pair. |
cosign.secret.namespace |
"" |
The namespace of the Secret holding the Cosign key pair. |
git.server |
https://github.com |
The Git server hosting the Git repositories used by the platform. |
git.secret.name |
"" |
The name of the Secret holding the Git credentials. |
git.secret.namespace |
"" |
The namespace of the Secret holding the Git credentials. |
The security process for reporting vulnerabilities is described in SECURITY.md.
This project is licensed under the Apache License 2.0. See LICENSE for more information.
This package is inspired by the namespace setup package developed by Scott Rosenberg.