Red Hat Bugzilla – Bug 1297320
Automatically apply resource quota to users(To track of https://trello.com/c/GsCfvXWA/484-13-automatically-apply-resource-quota-to-users)
Last modified: 2016-05-18 16:34:00 EDT
1. Proposed title of this feature request
Automatically apply resource quota to users(to track of https://trello.com/c/GsCfvXWA/484-13-automatically-apply-resource-quota-to-users)
3. What is the nature and description of the request?
As a user of OpenShift Origin v3
So that I can deploy a multi-tenant hosted Origin system
and so that system can serve multiple "customer" users in a manner resembling the OpenShift Online free tier today, but not limited to the features and capabilities of that platform:
I want a new step added to project/namespace creation that creates an annotation on customer-provisioned projects, which maps the user who created the project as the project's owner
I want a new setting in the openshift master configuration whereby a maximum number of self-provisioned projects per-customer can be specified
the default for this setting should not set any maximum, and can be expressed as '-1'
valid maximum settings can be expressed as a positive integer value
I want a new setting in the openshift master configuration that allows certain users to be excluded from these restrictions, and thus not be bound by policy constraints (specifically the self-provisioned project limit) which apply to customers
these exclusions could be role based and we could potentially start with excluding the cluster-admin role from these restrictions
I want a custom admission controller associated with the project creation process that will enforce the limit on the number of self-provisioned projects that can be created by customers
The admission controller should ensure that only regular users (not service accounts or other things) should be allowed to create projects.
This is a card to capture the effort required for implementing the work items identified by the R&D story: (8) R&D Online Authorization/Quota (Defaulting the correct level of access to projects)
We need to ensure that the admission controller that we create has a default behavior of taking no action if the admission controller specific config is either not present or the config values are set to a "default" value that signifies no-op. The "default"/no-op values will be specific to each admission controller being created.
4. Why does the customer need this? (List the business requirements here)
5. How would the customer like to achieve this? (List the functional requirements here)
6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.
7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?
10. List any affected packages or components.
11. Would the customer be able to assist in testing this functionality if implemented?
Yes they will
This seems to have shipped with 3.2 https://docs.openshift.com/enterprise/3.2/architecture/additional_concepts/admission_controllers.html
In short this feature is covered by the https://docs.openshift.com/enterprise/3.2/admin_guide/managing_projects.html, https://docs.openshift.com/enterprise/3.2/dev_guide/projects.html
Focus should be given to https://docs.openshift.com/enterprise/3.2/admin_guide/managing_projects.html#modifying-the-template-for-new-projects to set pod/build limits for the project, in addition to simply setting the number of projects uses can have.
*** Bug 1302446 has been marked as a duplicate of this bug. ***