Bootstrap FreeKB - OpenShift - Create Project Template using the oc adm create-bootstrap-project-template command
OpenShift - Create Project Template using the oc adm create-bootstrap-project-template command
Updated:   |  OpenShift articles

If you are not familiar with the oc command, refer to OpenShift - Getting Started with the oc command.

The oc adm create-bootstrap-project-template command can be used to create a template that will be used to control default settings when new projects are created.

oc adm create-bootstrap-project-template --output yaml > my-project-template.yml

 

Be default, the YAML file should contain the following markup.

~]$ cat my-project-template.yml
apiVersion: template.openshift.io/v1
kind: Template
metadata:
  creationTimestamp: null
  name: project-request
objects:
- apiVersion: project.openshift.io/v1
  kind: Project
  metadata:
    annotations:
      openshift.io/description: ${PROJECT_DESCRIPTION}
      openshift.io/display-name: ${PROJECT_DISPLAYNAME}
      openshift.io/requester: ${PROJECT_REQUESTING_USER}
    creationTimestamp: null
    name: ${PROJECT_NAME}
  spec: {}
  status: {}
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    creationTimestamp: null
    name: admin
    namespace: ${PROJECT_NAME}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: admin
  subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: ${PROJECT_ADMIN_USER}
parameters:
- name: PROJECT_NAME
- name: PROJECT_DISPLAYNAME
- name: PROJECT_DESCRIPTION
- name: PROJECT_ADMIN_USER
- name: PROJECT_REQUESTING_USER

 

This YAML file can be modify to include additional things you would like set when new projects are created.

The options block can be used to have different kinds of resources created when a new project is created. Of course, the options block must contain kind: Project to create a project. In this example, the options block also contains knnd: LimitRange to set the minimum and maxiumum amount of CPU and memory for all of the containers in the project (see Create CPU Memory Limits using a YAML template file).

apiVersion: template.openshift.io/v1
kind: Template
metadata:
  creationTimestamp: null
  name: project-request
objects:
- apiVersion: v1
  kind: LimitRange
  metadata:
    name: "${PROJECT_NAME}-resource-limits"
  spec:
    limits:
      - type: Container
        default:
          cpu: 50m
          memory: 1Gi
- apiVersion: project.openshift.io/v1
  kind: Project
  metadata:
    annotations:
      openshift.io/description: ${PROJECT_DESCRIPTION}
      openshift.io/display-name: ${PROJECT_DISPLAYNAME}
      openshift.io/requester: ${PROJECT_REQUESTING_USER}
    creationTimestamp: null
    name: ${PROJECT_NAME}
  spec: {}
  status: {}
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    creationTimestamp: null
    name: admin
    namespace: ${PROJECT_NAME}
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: admin
  subjects:
  - apiGroup: rbac.authorization.k8s.io
    kind: User
    name: ${PROJECT_ADMIN_USER}
parameters:
- name: PROJECT_NAME
- name: PROJECT_DISPLAYNAME
- name: PROJECT_DESCRIPTION
- name: PROJECT_ADMIN_USER
- name: PROJECT_REQUESTING_USER

 

Then the oc apply or oc create command with the -f or --filename option can be used to create the template in the openshift-config namespace.

~]$ oc create --filename my-project-template.yml --namespace openshift-config
template.template.openshift.io/project-request created

 

The oc get templates command can be used to show that the template now exists in the openshift-config namespace.

~]$ oc get templates --namespace openshift-config
NAME              DESCRIPTION   PARAMETERS    OBJECTS
project-request                 5 (5 blank)   3

 

To make it so that the template is used when new projects are created edit the following resource.

oc edit project.config.openshift.io/cluster

 

And update the following, where name is an exact match of the name returned by the oc get templates --namespace openshift-config command

spec:
  projectRequestTemplate:
    name: project-request

 

The pods in the openshift-apiserver namespace should automatically restart. After each pod has restarted, the change should be live.

~]$ oc get pods --namespace openshift-apiserver
NAME                         READY   STATUS        RESTARTS   AGE
apiserver-59c8df77f6-qpzmx   0/2     Pending       0          41s
apiserver-846d775c67-kjjdx   2/2     Running       0          44d
apiserver-846d775c67-r8n5c   2/2     Terminating   0          44d
apiserver-846d775c67-wj665   2/2     Running       0          44d

 

Let us the oc new-project to create a new project.

oc new-project my-project

 

And then use the oc get limits command to see that now, by default, when a new project is created, limits will be set.

~]$ oc get limits --namespace my-project
NAME                         CREATED AT
my-project-resource-limits   2022-08-06T03:43:59Z

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee


Comments


Add a Comment


Please enter 8b2342 in the box below so that we can be sure you are a human.