-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathplaybook.yaml
88 lines (83 loc) · 2.29 KB
/
playbook.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
---
- name: Local testing
hosts: localhost
connection: local
roles:
- openshift-provision
vars:
project_name: provision-example-0
openshift_provision_manager_namespace: openshift-provision
openshift_provision:
projects:
- name: "{{ project_name }}"
resources:
- apiVersion: v1
kind: ResourceQuota
metadata:
name: compute
spec:
hard:
requests.cpu: "4"
requests.memory: 8Gi
limits.memory: 8Gi
- apiVersion: v1
kind: LimitRange
metadata:
name: compute
spec:
limits:
- type: Pod
max:
cpu: "4"
memory: "8Gi"
min:
cpu: "100m"
memory: "2Mi"
- type: Container
max:
cpu: "4"
memory: "8Gi"
min:
cpu: "100m"
memory: "2Mi"
default:
cpu: "1"
memory: "512Mi"
defaultRequest:
cpu: "500m"
memory: "512Mi"
maxLimitRequestRatio:
cpu: "10"
memory: "2"
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-same-namespace
spec:
podSelector: {}
ingress:
- from:
- podSelector: {}
- apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-global-namespaces
spec:
podSelector: {}
ingress:
- from:
- namespaceSelector:
matchLabels:
network-policy-global: "true"
role_bindings:
- role: admin
users:
- alice
# Note: The openshift_provision_manager_namespace variable is
# automatically set by the openshift-provision runner.
- system:serviceaccount:{{ openshift_provision_manager_namespace }}:{{ project_name }}
remove_unlisted: true
- role: edit
groups:
- example-one-dev
remove_unlisted: true