Now that we have the Project Initializer ready let's see how it works
We have two teams: blueteam and greenteam. For each team we'll use a separate namespaces to manage their projects:
kubectl create ns blueteam
kubectl create ns greenteamLet's grant project-admin privileges to bob and alice:
# Grant bob project-admin privileges to blueteam namespace
kubectl create rolebinding bob-project-admin --clusterrole=project-admin --user bob -n blueteam
kubectl get projects -n blueteam --as bob
# Grant alice project-admin privileges to greenteam namespace
kubectl create rolebinding alice-project-admin --clusterrole=project-admin --user alice -n greenteam
kubectl get projects -n greenteam --as alice# Bob creates Project blueteam-b1
kubectl create -f crd/blueteam-b1-project.yaml --as bob
kubectl get projects -n blueteam
# The following namespaces where created blueteam-g1-{dev,pre,pro}
kubectl get ns
# Blueteam can now operate at blueteam-b1-{dev,pre,pro}
kubectl get pod -n blueteam-b1-dev --as blueteam
kubectl get pod -n blueteam-b1-pre --as blueteam
kubectl get pod -n blueteam-b1-pro --as blueteam
# Greenteam cannot access blueteam-b1-{dev,pre,pro}
kubectl get pod -n blueteam-b1-pro --as greenteam# Alice creates Project greenteam-g1
kubectl create -f crd/greenteam-g1-project.yaml --as alice
kubectl get projects -n greenteam
# The following namespaces where created greenteam-g1-{dev,pre,pro}
kubectl get ns
# Greenteam can now operate at greenteam-g1-{dev,pre,pro}
kubectl get pod -n greenteam-g1-dev --as greenteam
kubectl get pod -n greenteam-g1-pre --as greenteam
kubectl get pod -n greenteam-g1-pro --as greenteam
# Blueteam cannot access blueteam-g1-{dev,pre,pro}
kubectl get pod -n greenteam-g1-pro --as blueteamkubectl get projects,namespaces --all-namespaceskubectl delete ns {blueteam-b1,greenteam-g1}-{dev,pre,pro}
kubectl delete project b1 -n blueteam
kubectl delete project g1 -n greenteam
kubectl delete ns blueteam greenteam