You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
In #756, we need to create a custom ClusterRoleBinding to grant Jason Schlessman read access to Node resources. The way things work now, this custom resource will hang around even after Jason's access to the production cluster has expired.
While most custom rbac we add to the cluster is confined within the project namespace (which means it will be cleaned up if/when the project is deleted), we ought to have a way of attaching cluster-scoped resources to coldfront allocations so that when a project expires, all the associated resources get cleaned up.
The text was updated successfully, but these errors were encountered:
@jtriley suggests that simply labelling this resources would be a reasonable starting point. How are coldfront projects identified? I see that our project namespaces have a cf_project_id attribute; should we use that? Or should we use the namespace name (like nextgen-justice-4d21a9).
In #756, we need to create a custom ClusterRoleBinding to grant Jason Schlessman read access to Node resources. The way things work now, this custom resource will hang around even after Jason's access to the production cluster has expired.
While most custom rbac we add to the cluster is confined within the project namespace (which means it will be cleaned up if/when the project is deleted), we ought to have a way of attaching cluster-scoped resources to coldfront allocations so that when a project expires, all the associated resources get cleaned up.
The text was updated successfully, but these errors were encountered: