Provides an API for ACL filtering and requesting of Kubernetes namespaces
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
artifacts/kube-install
cmd/project-server
docker
hack
pkg
test/artifacts
vendor
.gitignore
.travis.yml
LICENSE
Makefile
README.md
glide.lock
glide.yaml

README.md

OpenShift Project API for Kubernetes

A server to provide projects (ACL filtered view of namespaces) and projectrequests (controlled escalation to create a particular namespace and grant you rights to see/use it).

  1. Start Kubernetes using the RBAC authorizer. For testing, you can do something like:
ALLOW_ANY_TOKEN=true ENABLE_RBAC=true hack/local-up-cluster.sh
# create the required namespace
kubectl create ns project-openshift-io

# run the project.openshift.io apiserver
kubectl create -f https://raw.githubusercontent.com/openshift/kube-projects/master/bootstrap-resources/apiregistration.k8s.io.yaml
kubectl create -f https://raw.githubusercontent.com/openshift/kube-projects/master/bootstrap-resources/rbac.authorization.k8s.io.yaml
kubectl create -f https://raw.githubusercontent.com/openshift/kube-projects/master/bootstrap-resources/core.k8s.io.yaml

# try as the cluster-admin and see them all
kubectl get projects

# try as david and see none
kubectl get projects --as david

# create a new project request as david
# TODO make this curl a URL or something first
sed 's/PROJECT_NAME/my-project/g' test/artifacts/project-request.yaml | kubectl create --as david -f -

# see the new project as david and see your project
kubectl get projects --as david