Creating Namespaces via Tenant Custom Resource#
Bill now wants to create namespaces for
production environments for the tenant members. To create those namespaces Bill will just add those names within the
namespaces field in the tenant CR. If Bill wants to append the tenant name as a prefix in namespace name, then he can use
namespaces.withTenantPrefix field. Else he can use
namespaces.withoutTenantPrefix for namespaces for which he does not need tenant name as a prefix.
kubectl apply -f - << EOF
With the above configuration tenant members will now see new namespaces have been created.
kubectl get namespaces
NAME STATUS AGE
bluesky-dev Active 5d5h
bluesky-build Active 5d5h
prod Active 5d5h
Anna as the tenant owner can create new namespaces for her tenant.
⚠️ Anna is required to add the tenant label
stakater.com/tenant: blueskywhich contains the name of her tenant
bluesky, while creating the namespace. If this label is not added or if Anna does not belong to the
blueskytenant, then Multi Tenant Operator will not allow the creation of that namespace.
When Anna creates the namespace, MTO assigns Anna and other tenant members the roles based on their user types, such as a tenant owner getting the OpenShift
admin role for that namespace.
As a tenant owner, Anna is able to create namespaces.
Add Existing Namespaces to Tenant via GitOps#
Using GitOps as your preferred development workflow, you can add existing namespaces for your tenants by including the tenant label.
To add an existing namespace to your tenant via GitOps:
- First, migrate your namespace resource to your “watched” git repository
- Edit your namespace
yamlto include the tenant label
- Tenant label follows the naming convention
- Sync your GitOps repository with your cluster and allow changes to be propagated
- Verify that your Tenant users now have access to the namespace
For example, If Anna, a tenant owner, wants to add the namespace
bluesky-dev to her tenant via GitOps, after migrating her namespace manifest to a “watched repository”
She can then add the tenant label
Now all the users of the
Bluesky tenant now have access to the existing namespace.
Additionally, to remove namespaces from a tenant, simply remove the tenant label from the namespace resource and sync your changes to your cluster.
Remove Namespaces from your Cluster via GitOps#
GitOps is a quick and efficient way to automate the management of your K8s resources.
To remove namespaces from your cluster via GitOps;
- Remove the
yamlfile containing your namespace configurations from your “watched” git repository.
- ArgoCD automatically sets the
[app.kubernetes.io/instance](http://app.kubernetes.io/instance)label on resources it manages. It uses this label it to select resources which inform the basis of an app. To remove a namespace from a managed ArgoCD app, remove the ArgoCD label
app.kubernetes.io/instancefrom the namespace manifest.
- You can edit your namespace manifest through the OpenShift Web Console or with the OpenShift command line tool.
- Now that you have removed your namespace manifest from your watched git repository, and from your managed ArgoCD apps, sync your git repository and allow your changes be propagated.
- Verify that your namespace has been deleted.