d-bis/Sankofa
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0a7b4f320bcceb7ed77e4021f185cb04cdce4de6
Sankofa/gitops/base/namespaces/tenants.yaml
defiQUG 9daf1fd378 Apply Composer changes: comprehensive API updates, migrations, middleware, and infrastructure improvements 
- Add comprehensive database migrations (001-024) for schema evolution
- Enhance API schema with expanded type definitions and resolvers
- Add new middleware: audit logging, rate limiting, MFA enforcement, security, tenant auth
- Implement new services: AI optimization, billing, blockchain, compliance, marketplace
- Add adapter layer for cloud integrations (Cloudflare, Kubernetes, Proxmox, storage)
- Update Crossplane provider with enhanced VM management capabilities
- Add comprehensive test suite for API endpoints and services
- Update frontend components with improved GraphQL subscriptions and real-time updates
- Enhance security configurations and headers (CSP, CORS, etc.)
- Update documentation and configuration files
- Add new CI/CD workflows and validation scripts
- Implement design system improvements and UI enhancements
2025-12-12 18:01:35 -08:00

96 lines
2.2 KiB
YAML
Raw Blame History

# Tenant Namespaces Template
# More granular than Azure with custom resource limits per tenant tier
# NOTE: This is a template file. Placeholders (TENANT_ID_PLACEHOLDER, TENANT_TIER_PLACEHOLDER)
# should be replaced by automation when creating actual tenant namespaces.
# Use the tenant namespace automation script or controller to process this template.
apiVersion: v1
kind: Namespace
metadata:
name: tenant-template
labels:
name: tenant-template
tenant-id: "TENANT_ID_PLACEHOLDER" # Replace with actual tenant ID
tenant-tier: "TENANT_TIER_PLACEHOLDER" # Replace with actual tier (FREE, STANDARD, ENTERPRISE, SOVEREIGN)
managed-by: sankofa-phoenix
---
# Resource Quota - More granular than Azure
apiVersion: v1
kind: ResourceQuota
metadata:
name: tenant-quota
namespace: tenant-template
spec:
hard:
requests.cpu: "100" # Adjust based on tenant tier
requests.memory: 512Gi
limits.cpu: "200"
limits.memory: 1Ti
persistentvolumeclaims: "50"
services.loadbalancers: "10"
services.nodeports: "20"
count/deployments.apps: "100"
count/statefulsets.apps: "50"
---
# Limit Range - Per-container limits
apiVersion: v1
kind: LimitRange
metadata:
name: tenant-limits
namespace: tenant-template
spec:
limits:
- default:
cpu: "2"
memory: 4Gi
defaultRequest:
cpu: "500m"
memory: 1Gi
type: Container
- max:
cpu: "8"
memory: 16Gi
min:
cpu: "100m"
memory: 128Mi
type: Container
---
# Network Policy - Tenant isolation
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: tenant-isolation
namespace: tenant-template
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
ingress:
- from:
- namespaceSelector:
matchLabels:
tenant-id: "TENANT_ID_PLACEHOLDER"
- namespaceSelector:
matchLabels:
name: system
egress:
- to:
- namespaceSelector:
matchLabels:
tenant-id: "TENANT_ID_PLACEHOLDER"
- namespaceSelector:
matchLabels:
name: system
- namespaceSelector:
matchLabels:
name: monitoring
egress:
- to: [] # Allow DNS and external
ports:
- protocol: UDP
port: 53
- protocol: TCP
port: 443
Reference in New Issue View Git Blame Copy Permalink