Bug 1297320 - Automatically apply resource quota to users(To track of https://trello.com/c/GsCfvXWA/484-13-automatically-apply-resource-quota-to-users)
Automatically apply resource quota to users(To track of https://trello.com/c/...
Status: CLOSED CURRENTRELEASE
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE (Show other bugs)
3.1.0
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Cesar Wong
Johnny Liu
:
: 1302446 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-11 03:16 EST by Miheer Salunke
Modified: 2016-05-18 16:34 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-05-18 16:32:55 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Miheer Salunke 2016-01-11 03:16:15 EST
1. Proposed title of this feature request  
Automatically apply resource quota to users(to track of https://trello.com/c/GsCfvXWA/484-13-automatically-apply-resource-quota-to-users)
  
3. What is the nature and description of the request?  

  As a user of OpenShift Origin v3

So that I can deploy a multi-tenant hosted Origin system

and so that system can serve multiple "customer" users in a manner resembling the OpenShift Online free tier today, but not limited to the features and capabilities of that platform:

    I want a new step added to project/namespace creation that creates an annotation on customer-provisioned projects, which maps the user who created the project as the project's owner
    I want a new setting in the openshift master configuration whereby a maximum number of self-provisioned projects per-customer can be specified
        the default for this setting should not set any maximum, and can be expressed as '-1'
        valid maximum settings can be expressed as a positive integer value
    I want a new setting in the openshift master configuration that allows certain users to be excluded from these restrictions, and thus not be bound by policy constraints (specifically the self-provisioned project limit) which apply to customers
        these exclusions could be role based and we could potentially start with excluding the cluster-admin role from these restrictions
    I want a custom admission controller associated with the project creation process that will enforce the limit on the number of self-provisioned projects that can be created by customers
    The admission controller should ensure that only regular users (not service accounts or other things) should be allowed to create projects.

This is a card to capture the effort required for implementing the work items identified by the R&D story: (8) R&D Online Authorization/Quota (Defaulting the correct level of access to projects)
Notes:

We need to ensure that the admission controller that we create has a default behavior of taking no action if the admission controller specific config is either not present or the config values are set to a "default" value that signifies no-op. The "default"/no-op values will be specific to each admission controller being created.

4. Why does the customer need this? (List the business requirements here)  
NA
  
5. How would the customer like to achieve this? (List the functional requirements here)  
 NA
  
6. For each functional requirement listed, specify how Red Hat and the customer can test to confirm the requirement is successfully implemented.  
 NA

7. Is there already an existing RFE upstream or in Red Hat Bugzilla?
https://trello.com/c/GsCfvXWA/484-13-automatically-apply-resource-quota-to-users


8. Does the customer have any specific timeline dependencies and which release would they like to target (i.e. RHEL5, RHEL6)?  
NA
    
10. List any affected packages or components.  
Openshift-master pakages
  
11. Would the customer be able to assist in testing this functionality if implemented? 
Yes they will
Comment 2 Eric Rich 2016-05-18 16:32:55 EDT
This seems to have shipped with 3.2 https://docs.openshift.com/enterprise/3.2/architecture/additional_concepts/admission_controllers.html

In short this feature is covered by the https://docs.openshift.com/enterprise/3.2/admin_guide/managing_projects.html, https://docs.openshift.com/enterprise/3.2/dev_guide/projects.html

Focus should be given to https://docs.openshift.com/enterprise/3.2/admin_guide/managing_projects.html#modifying-the-template-for-new-projects to set pod/build limits for the project, in addition to simply setting the number of projects uses can have.
Comment 3 Eric Rich 2016-05-18 16:34:00 EDT
*** Bug 1302446 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.