Proposal: Central Namespace to hold user/team info for Cluster

[gileshinchcliff]

Hi Guys,

Really like what you've done with this, however in it's current form we'd end up replicating the same team across 4 or 5 namespaces each. I wanted to propose the adding of a MASTER_NAMESPACE variable into the script which would allow us to store global team info within annotations in that same namespace.

The rough layout would be something like this:

  annotations:
    sysdigTeamName/Team1: | 
         [ 
             {
              "sysdigTeamScope" : "kubernetes.namespace.name=Team1+*"
              "sysdigTeamMembers" : "[email protected], [email protected]",
               "sysdigDashboards" : "Service Overview, MySQL/PostgreSQL",
               "sysdigAlertEmails" : "[email protected]"
             }
          ]
    sysdigTeamName/Team2: | 
         [ 
             {
              "sysdigTeamScope" : "kubernetes.namespace.name=Team2+*"
               "sysdigTeamMembers" : "[email protected], [email protected]",
               "sysdigDashboards" : "Service Overview, MySQL/PostgreSQL",
               "sysdigAlertEmails" : "[email protected]"
             }
          ]

Let me know if this is something you could support and I can get to work writing the additions.

[philrz]

@gileshinchcliff, thanks for your interest in Kubewatcher. For some reason I'm having difficulty imagining how it all looks and fits together in the end. Could I trouble you to write out a more detailed example? I very much appreciate your willingness to write the enhancement and submit a PR, but I'd really like to fully understand before you go spend your time writing code.

[gileshinchcliff]

Sure thing:
The Problem:

We have maybe 15-25 teams in sysdig and each team has 3-5 namespaces (dev, preprod, prod, perf etc). We want to be able to define these teams as code somewhere however automatically creating one team per namespace wouldn't work for because it would create more overhead rather than less. We would end up repeating user lists 5 times for every team and in fact this would mean it would make it harder rather than easier.

The solution:

We store this kind of config inside of kubernetes. As a result of discussion within our team the concept of a master namespace came about, this would be somewhere where we would keep all sysdig team info for that whole cluster.
So you'd have a namespace which would serve the purpose of storing all team data for that cluster, this would give us the capability begin the 'metrics as code' piece. Long term it could also be a space where we can define the dashboards which are being referred to by the sysdigDashboard metric.

The full definition for the namespace would look something like this:

apiVersion: v1
metadata:
  name: sysdig
  labels:
    name: sysdig
  annotations:
    sysdigTeamName/Team2: | 
         [ 
             {
               "sysdigTeamScope" : "kubernetes.namespace.name=Team1+*"
               "sysdigTeamMembers" : "[email protected], [email protected]",
               "sysdigDashboards" : "Service Overview, MySQL/PostgreSQL",
               "sysdigAlertEmails" : "[email protected]"
             }
          ]
    sysdigTeamName/Team1: | 
         [ 
             {
               "sysdigTeamScope" : "kubernetes.namespace.name=Team1+*"
               "sysdigTeamMembers" : "[email protected], [email protected]",
               "sysdigDashboards" : "Service Overview, MySQL/PostgreSQL",
               "sysdigAlertEmails" : "[email protected]"
             }
          ]

Notice there would have to be the addition of the sysdigTeamScope var and all the values are inside a JSON based array to enable this info to be added to kube.

These changes would make this tool incredibly useful for us to use long term.

If you'd like to discuss this over hangouts or require more detail then feel free to give me a shout.