This tutorial walks you through building and deploying a Kubernetes Initializer that helps provision namespaces and grant access to users.
Initializers are an alpha feature and subject to change. Please report any Initializer specific issues on the Kubernetes issue tracker.
A Custom Resource Definiiton Project is created and is using initializers to trigger creation of sub-namespaces and grant of user access with rolebindings.
An RBAC role project-admin is granted privileges to manage projects.
Project admins on separate namespaces and manage their own projects isolated from each other.
Kubernetes 1.7.0+ is required with support for Initializers enabled. If you're using Google Container Engine create an alpha cluster:
gcloud alpha container clusters create k0 \
--enable-kubernetes-alpha \
--cluster-version 1.7.0If you're using minikube 0.27+, activate admissionregistration.k8s.io/v1alpha1 on runtime-config:
minikube start --extra-config=apiserver.runtime-config=admissionregistration.k8s.io/v1alpha1Download the tutorial by cloning this repository:
git clone https://github.com/harbur/kubernetes-project-initializer-tutorial.git
cd kubernetes-project-initializer-tutorial