New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The admin team should see all pipelines, volumes, containers, and workers across all teams #1012

Open
rfliam opened this Issue Apr 13, 2017 · 6 comments

Comments

@rfliam
Copy link
Contributor

rfliam commented Apr 13, 2017

Feature Request

What challenge are you facing?

I administer a fairly large cluster for several teams (10+). These cluster sometimes has issues which cross teams. Troubleshooting this is very difficult, as even listing containers is namespaced. Worse these teams are authed based on github team groups, which I try not to maintain membership in unless necessary.

A Modest Proposal

The main team should be able to see into all namespaces. As an administrator the ability to troubleshoot and inspect multiple team pipelines is critical to workflows. Particularly when auth is broken out such that the admins are not necessarily a member of all sub teams.

@pms1969

This comment has been minimized.

Copy link

pms1969 commented May 3, 2017

I'll second that. It would be handy to see all pipelines (as if an expose-pipeline had been applied to all pipelines in all teams) when logged into "main" as well. (not sure it that was included in the request, just wanted to explicitly state it.)

@joshzarrabi

This comment has been minimized.

Copy link
Contributor

joshzarrabi commented May 3, 2017

We are running into similar issues as a team right now, as we are taking on managing a large multi-
tenant concourse instance, so we feel your pain.
You can follow our progress here: https://www.pivotaltracker.com/story/show/143692391

@vito vito changed the title The Main (admin) Team Needs Access to All Teams Containers/Pipelines Etc. The admin team should see all pipelines, volumes, containers, and workers across all teams May 8, 2017

@vito vito modified the milestones: v2.10.0, v2.9.0 May 8, 2017

@vito vito removed the scheduled label May 8, 2017

@vito vito modified the milestone: v3.1.0 May 13, 2017

@vito vito added the multi-tenancy label May 14, 2017

@clarafu clarafu modified the milestones: v3.2.0, v3.1.0 May 29, 2017

@chendrix chendrix modified the milestones: Staging, v3.2.0 Jun 5, 2017

@topherbullock

This comment has been minimized.

Copy link
Member

topherbullock commented Jun 6, 2017

In lieu of allowing the main team to see all pipelines (due to security risks) we're working on a proposal to give teams the ability to temporarily expose information to another team #1209 . Feel free to discuss your needs, use cases, and opinions around sharing pipeline access in a multi-tenant Concourse in that issue.

@topherbullock topherbullock modified the milestones: Staging, v3.3.x Jul 31, 2017

@topherbullock topherbullock modified the milestones: v3.6.0, Staging Aug 8, 2017

@x6j8x

This comment has been minimized.

Copy link
Contributor

x6j8x commented Aug 30, 2017

While I'm not sure about such broad rights for the admin team, as we're also running a big multi-tenant concourse cluster (>50 teams) and face similar issues.

The most pressing thing for us at the moment would be the ability to simply see for how many containers on our workers a team is responsible for. We're hitting the "max container" limit from time to time (mostly due to misconfigurations in individual pipelines), but not knowing which teams is responsible for it, makes running such a large concourse cluster challenging to say the least.

@vito vito added this to Icebox in Operations Oct 18, 2017

@vito vito moved this from Icebox to Multi-tenancy in Operations Oct 18, 2017

@vito vito moved this from Multi-tenancy to Day N in Operations Oct 18, 2017

@vito vito added ops/dayN and removed area: operability labels Oct 18, 2017

@vito vito moved this from Day N to Icebox in Operations Oct 18, 2017

@jama22 jama22 removed this from the v3.6.0 milestone Oct 25, 2017

@vito vito removed the enhancement label Nov 28, 2017

@vito vito removed this from Icebox in Operations Aug 1, 2018

@vito vito added this to Icebox in API Aug 1, 2018

@evanchaoli

This comment has been minimized.

Copy link
Contributor

evanchaoli commented Feb 11, 2019

Any update on this issue?

@concourse concourse deleted a comment from concourse-bot Feb 13, 2019

@vito

This comment has been minimized.

Copy link
Member

vito commented Feb 13, 2019

@evanchaoli Nope - we haven't planned out operator-specific roles yet.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment