From cdb99ba8f07b7f276b6c885d293ccdd4f2b06cb7 Mon Sep 17 00:00:00 2001 From: Felix Tonnvik Date: Wed, 13 Nov 2024 15:58:03 +0100 Subject: [PATCH 1/6] added storageClassWhitelist --- content/crds-api-reference/tenant.md | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/content/crds-api-reference/tenant.md b/content/crds-api-reference/tenant.md index c0a309273..c4ac70126 100644 --- a/content/crds-api-reference/tenant.md +++ b/content/crds-api-reference/tenant.md @@ -121,3 +121,13 @@ Controls the creation and management of namespaces within the tenant: `desc` provides a human-readable description of the tenant, aiding in documentation and at-a-glance understanding of the tenant's purpose and configuration. > ⚠️ If same label or annotation key is being applied using different methods provided, then the highest precedence will be given to `namespaces.metadata.specific` followed by `namespaces.metadata.common` and in the end would be the ones applied from `openshift.project.labels`/`openshift.project.annotations` in `IntegrationConfig` + +## Storage + +```yaml title=" +storage: + storageClassWhitelist: + - staging-fast + - shared +``` +* `storageClassWhitelist` can be used to limit a tenant to only being able to create PersistentVolumeClaims for StorageClasses in the whitelist. If `storageClass` is not specified for a PersistentVolumeClaim, the default StorageClass (if set) will be evaluated as any other class name. If the default storageClass is not set, the evaluation will be deferred until a default storageClass is set. `""` is evaluated as any other class name, so if you are using it to manually bind to PersistentVolumes while using storageClassWhitelist you need to add an empty string `""` to the tenants whitelist or it will get filtered. \ No newline at end of file From 4da390b24540c1d1d502da688222fcb9482f785a Mon Sep 17 00:00:00 2001 From: Felix Tonnvik Date: Thu, 14 Nov 2024 10:53:18 +0100 Subject: [PATCH 2/6] replaced whitelist --- content/crds-api-reference/tenant.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/content/crds-api-reference/tenant.md b/content/crds-api-reference/tenant.md index c4ac70126..39006ff0f 100644 --- a/content/crds-api-reference/tenant.md +++ b/content/crds-api-reference/tenant.md @@ -124,10 +124,11 @@ Controls the creation and management of namespaces within the tenant: ## Storage -```yaml title=" +```yaml title="tenant.yaml". storage: - storageClassWhitelist: + allowedStorageClasses: - staging-fast - shared ``` -* `storageClassWhitelist` can be used to limit a tenant to only being able to create PersistentVolumeClaims for StorageClasses in the whitelist. If `storageClass` is not specified for a PersistentVolumeClaim, the default StorageClass (if set) will be evaluated as any other class name. If the default storageClass is not set, the evaluation will be deferred until a default storageClass is set. `""` is evaluated as any other class name, so if you are using it to manually bind to PersistentVolumes while using storageClassWhitelist you need to add an empty string `""` to the tenants whitelist or it will get filtered. \ No newline at end of file + +* `allowedStorageClasses` can be used to limit a tenant to only being able to create PersistentVolumeClaims for StorageClasses in the list. If `storageClass` is not specified for a PersistentVolumeClaim, the default StorageClass (if set) will be evaluated as any other class name. If the default StorageClass is not set, the evaluation will be deferred until a default StorageClass is set. `""` is evaluated as any other class name, so if you are using it to manually bind to PersistentVolumes while using StorageClass filtering you need to add an empty string `""` to the tenants allowedStorageClasses-list or it will get filtered. From 122cb5a9da54a987336e79118faa05b52cdaec60 Mon Sep 17 00:00:00 2001 From: Felix Tonnvik Date: Fri, 15 Nov 2024 10:02:53 +0100 Subject: [PATCH 3/6] renamed storage -> storageClass --- content/crds-api-reference/tenant.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/content/crds-api-reference/tenant.md b/content/crds-api-reference/tenant.md index 39006ff0f..7d3b7eb62 100644 --- a/content/crds-api-reference/tenant.md +++ b/content/crds-api-reference/tenant.md @@ -125,10 +125,10 @@ Controls the creation and management of namespaces within the tenant: ## Storage ```yaml title="tenant.yaml". -storage: - allowedStorageClasses: +storageClass: + allowed: - staging-fast - shared ``` -* `allowedStorageClasses` can be used to limit a tenant to only being able to create PersistentVolumeClaims for StorageClasses in the list. If `storageClass` is not specified for a PersistentVolumeClaim, the default StorageClass (if set) will be evaluated as any other class name. If the default StorageClass is not set, the evaluation will be deferred until a default StorageClass is set. `""` is evaluated as any other class name, so if you are using it to manually bind to PersistentVolumes while using StorageClass filtering you need to add an empty string `""` to the tenants allowedStorageClasses-list or it will get filtered. +* `allowed` can be used to limit a tenant to only being able to create PersistentVolumeClaims for StorageClasses in the list. If `storageClass` is not specified for a PersistentVolumeClaim, the default StorageClass (if set) will be evaluated as any other class name. If the default StorageClass is not set, the evaluation will be deferred until a default StorageClass is set. `""` is evaluated as any other class name, so if you are using it to manually bind to PersistentVolumes while using StorageClass filtering you need to add an empty string `""` to the tenants allow-list or it will get filtered. From 81b0dc6db23280b8e801fe592609498bb8c6b476 Mon Sep 17 00:00:00 2001 From: Felix Tonnvik Date: Fri, 15 Nov 2024 10:13:38 +0100 Subject: [PATCH 4/6] Added missing storage field to tenantSpec --- content/crds-api-reference/tenant.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/content/crds-api-reference/tenant.md b/content/crds-api-reference/tenant.md index 7d3b7eb62..722b49ac8 100644 --- a/content/crds-api-reference/tenant.md +++ b/content/crds-api-reference/tenant.md @@ -71,6 +71,10 @@ spec: annotations: specific-annotation: specific-dev-value desc: "This is a sample tenant setup for the v1beta3 version." + storageClass: + allowed: + - staging + - dev ``` ## Access Control @@ -124,7 +128,7 @@ Controls the creation and management of namespaces within the tenant: ## Storage -```yaml title="tenant.yaml". +```yaml storageClass: allowed: - staging-fast From 50da9e496afa67f48e8def745b4b7d66d92b3082 Mon Sep 17 00:00:00 2001 From: Felix Tonnvik Date: Fri, 15 Nov 2024 10:13:57 +0100 Subject: [PATCH 5/6] Added missing menu-entry for tenantPolicies/networking --- theme_override/mkdocs.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/theme_override/mkdocs.yml b/theme_override/mkdocs.yml index 534975034..2c66085ff 100644 --- a/theme_override/mkdocs.yml +++ b/theme_override/mkdocs.yml @@ -64,6 +64,8 @@ nav: - Offboarding: - how-to-guides/offboarding/uninstalling.md - Explanation: + - Tenant Policies: + - explanation/tenant-policies/networking.md - explanation/logs-metrics.md - explanation/template.md - explanation/console.md From ad07cfa9ddfdbcee606697047985efd875a091f6 Mon Sep 17 00:00:00 2001 From: Felix Date: Tue, 26 Nov 2024 12:49:21 +0100 Subject: [PATCH 6/6] Update tenant.md --- content/crds-api-reference/tenant.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/content/crds-api-reference/tenant.md b/content/crds-api-reference/tenant.md index 722b49ac8..75ec87dc3 100644 --- a/content/crds-api-reference/tenant.md +++ b/content/crds-api-reference/tenant.md @@ -71,7 +71,7 @@ spec: annotations: specific-annotation: specific-dev-value desc: "This is a sample tenant setup for the v1beta3 version." - storageClass: + storageClasses: allowed: - staging - dev @@ -129,7 +129,7 @@ Controls the creation and management of namespaces within the tenant: ## Storage ```yaml -storageClass: +storageClasses: allowed: - staging-fast - shared