Rancher + Kubernetes - Tenancy (project)

[dbones]

• for each cluster, we need to add a tenancy (applied filter?)
• we need to assign the team id to the project
• the bot needs to be the owner

RBAC

• non-prod - team member needs to be a memeber
• prod - read only.
• guest is always read only

FF is seperate from this

[dbones]

apiVersion: management.cattle.io/v3
kind: Project
metadata:
  annotations:
    authz.management.cattle.io/creator-role-bindings: '{"created":["project-owner"],"required":["project-owner"]}'
    field.cattle.io/creatorId: user-krjz4
    lifecycle.cattle.io/create.mgmt-project-rbac-remove: "true"
    lifecycle.cattle.io/create.project-namespace-auth_c-m-ptwk8q76: "true"
  finalizers:
  - controller.cattle.io/mgmt-project-rbac-remove
  - clusterscoped.controller.cattle.io/project-namespace-auth_c-m-ptwk8q76
  generateName: p-
  generation: 3
  labels:
    cattle.io/creator: norman
  name: p-k2lwg
  namespace: c-m-ptwk8q76
spec:
  clusterName: c-m-ptwk8q76
  containerDefaultResourceLimit: {}
  description: this is a test
  displayName: epic
  enableProjectMonitoring: false
  namespaceDefaultResourceQuota:
    limit: {}
  resourceQuota:
    limit: {}
    usedLimit: {}

labels and annotations are key to this one

the generate is name is powerful

not interested in setting quota's atm