Create gatekeeper policy to validate pods for classes running in rhods-notebooks namespace #638
Comments
DanNiESh
added
ope
|
I have created the gatekeeper policy in order to enforce the pods, which works with my webhook to add class labels. We can create an individual constraint, based on the constrainttemplate, for each class in order to enforce users of a specific class to use certain images and resource sizes. This solution has been tested and now we just need to find a time to deploy it into production. @msdisme mentioned it might be best to do it at the start of next semester rather than now so we don't cause problems with anyone's environments as the semester is coming to a close. |
|
Are people still using the environment for classes after the last day of classes (which is today)? |
|
We decided we will be deploying this solution the second week of January before the classes start. |
We need to create a gatekeeper policy to validate pods (such as rejecting pods being created that don’t conform to what students should be running: class image, xsmall size, no gpu). We will need to create this policy per class, so that students are only running what they are supposed to for their class.
This issue depends on: #637 because gatekeeper needs a way to differentiate which users belong to which class in rhods-notebooks namespace.
The text was updated successfully, but these errors were encountered: