Onboard a new organization on an existing cluster
This guide describes how you can onboard a new organization (such as a VSETH committee or student organization) on an existing SIP enabled cluster.
For onboard a new organization on the SIP you need to setup settings in different application. Here the checklist:
- configuration in Gitlab Repos:
- create kubernetes namespaces: https://gitlab.ethz.ch/vseth/0403-isg/charts
- SIP-Manger Permission: https://gitlab.ethz.ch/vseth/0403-isg/rundeck/keycloak (if the resource manger manged keycloak role mappings, you need to edit the vseth-sip-manger configuration)
- kubectl Permissions: https://gitlab.ethz.ch/vseth/0403-isg/rundeck/kubernetes-operations (if the resource manger manged kubernetes permissions, you need to edit the permission with the resource manger)
- If you are adding a new group you need to also add it to the gke-security-groups@gsuite.vseth.ch security group.
- dns-api: add the domain of the organization in the sip file (https://gitlab.ethz.ch/vseth/0403-isg/sip-api-apps/dns-api/-/blob/master/sip.yml) and make sure that the domain also ist register in netcenter as domain or subdomain.
- configuration in Keycloak:
- add new roles to the vseth-sip-manger ([org]-apps-edit, [org]-apps-view, [org]-prod-edit, [org]-prod-view, [org]-staging-edit, [org]-staging-view, [org]-test-edit, [org]-test-view)
- enable also those roles on the sipctl client
- add new roles to the vseth-sip-manger ([org]-apps-edit, [org]-apps-view, [org]-prod-edit, [org]-prod-view, [org]-staging-edit, [org]-staging-view, [org]-test-edit, [org]-test-view)
- if the organization like to develop own project:
- setup Gitlab group
- give a group permission on the Gitlab group: https://gitlab.ethz.ch/vseth/0403-isg/rundeck/rundeck-gitlab (if the resource manger manged gitlab permissions, you need to edit the permission with the resource manger)
- create in Keycloak a service account with permission for the vseth-sip-manger to edit sip application on the organization namespace
- look that teamcity has all organization group like in the giltlab and setup the sip-manger service account for this organization
- setup Gitlab group
The detailed guide for creating a new organizational namespace can be found in the README of the charts Repo here: https://gitlab.ethz.ch/vseth/0403-isg/charts/-/tree/master/namespace