chilly-waitress-62592
01/10/2023, 4:33 PMgarden deploy --env=devGlobal
, but it would mean when a dev does garden delete environment dev
it wouldn't try to remove them.quaint-dress-831
01/16/2023, 6:47 PMchilly-waitress-62592
01/22/2023, 6:34 PMgarden deploy --env=dev
. Secondly, when a dev tears down their environment it will attempt to delete them as well garden delete environment --env=dev
. RBAC will prevent them from altering the installs, but garden will throw a bunch of error messages due to insufficient permissions. Hence declaring them as separate garden environments and adding a conditional to the disable
flag.quaint-dress-831
01/23/2023, 1:27 PMchilly-waitress-62592
02/09/2023, 3:33 PMingressClass
and tlsCertificates
settings and setting ingress
on container modules?
Currently the extra environment approach is working, for what it's worth.bright-policeman-43626
02/09/2023, 4:13 PMcert-manager/ingress
) and maybe protect those namespaces with RBAC as well.
Then on the Developer side they only would have access to the application part which might be in a different namespace (${user.name}) or something like that and they would have permissions to be able to deploy/tear down the environment as they want.
-------
Notes:
- In this case probably is more worthy to have a wildcard certificate, if you tear-down/create those certificates too often you will likely get hit by the restrictions of letsencrypt (Rates).
- I would setup the wildcard cert as part of your management layer Garden configuration and make that your developers only use the secret.
- As far of the ingressClass I don't see it having a problem as you will have your ingress setup always so then a developer deploys a new env everything should be already there and they are just basically consuming those resources.
----
Recommendations:
1. Do a little PoC of this setup, don't go directly and change everything.
2. Try to start with a tiny configuration in a different cluster to make sure you don't affect nothing, try to use the dual-garden-project approach and see how it works for you.
Good luck!🌸chilly-waitress-62592
02/09/2023, 4:23 PM