Projects
Projects are organizational units that group clusters and deployments together. They serve as a way to organize resources and manage permissions at a higher level.
Project Structure
A project consists of:
- Clusters: Kubernetes clusters where deployments run
- Deployments: Application deployments managed by the project
- Network Policies: Rules defining how deployments can communicate
- Members: Users with specific permissions for the project
Project Organization
Resource Hierarchy
Project
├── Clusters
│ ├── Cluster 1
│ └── Cluster 2
├── Deployments
│ ├── Deployment 1
│ ├── Deployment 2
│ └── Network Policies
└── Members
├── User 1 (Project Manager)
├── User 2 (Deployment Manager)
└── User 3 (Viewer)
Resource Management
- Templates are managed globally and can be used across projects
- Clusters are assigned to specific projects
- Deployments are always associated with a project
- Network policies are scoped to project deployments
Project Permissions
Projects use a granular permission system to control access to resources:
Permission Structure
projects.[project_id].[action]
Where:
project_id: The specific project UUIDaction: The allowed action (view, create, update, delete)
Common Permission Patterns
projects.* # All actions on all projects
projects.[id].* # All actions on specific project
projects.[id].view # View specific project
projects.[id].deployments.* # Manage deployments in project
Role Examples
-
Project Manager
[
'projects.[id].*', // Full project access
'projects.[id].deployments.*', // Manage all deployments
'projects.[id].clusters.*', // Manage all clusters
'projects.[id].network-policies.*' // Manage network policies
] -
Deployment Manager
[
'projects.[id].view', // View project details
'projects.[id].deployments.*', // Manage deployments
'projects.[id].network-policies.*' // Manage network policies
] -
Project Viewer
[
'projects.[id].view', // View project details
'projects.[id].deployments.view', // View deployments
'projects.[id].clusters.view' // View clusters
]
Project Management
Creating Projects
- Navigate to the projects page
- Click "Create Project"
- Provide:
- Project name
- Description
Managing Clusters
- Add clusters to the project
- Configure cluster access
- Set up cluster-specific settings
- Manage cluster resources
Managing Deployments
- Create deployments within the project
- Assign deployments to clusters
- Configure deployment settings
- Manage deployment lifecycle
Network Policies
- Define allowed communication paths
- Set up ingress/egress rules
- Configure network isolation
- Manage policy updates
Best Practices
-
Project Organization
- Use meaningful project names
- Group related deployments
- Document project purpose
- Maintain clear resource boundaries
-
Permission Management
- Follow principle of least privilege
- Regularly review permissions
- Document role responsibilities
- Use specific permissions over wildcards
-
Resource Management
- Monitor resource usage
- Plan cluster capacity
- Document deployment patterns
- Maintain network policy documentation
-
Security
- Regular security audits
- Access review cycles
- Network policy reviews
- Compliance documentation
Project Lifecycle
Creation
- Define project scope
- Set up initial permissions
- Configure clusters
- Document project structure
Maintenance
- Regular permission reviews
- Resource usage monitoring
- Network policy updates
- Documentation updates
Cleanup
- Archive unused deployments
- Remove unused clusters
- Update permissions
- Document changes
Troubleshooting
Common Issues
-
Permission Problems
- Verify user role assignments
- Check project-specific permissions
- Review permission inheritance
- Validate resource access
-
Resource Access
- Confirm cluster connectivity
- Verify deployment permissions
- Check network policy rules
- Validate resource quotas
-
Network Issues
- Review network policies
- Check cluster connectivity
- Verify service mesh configuration
- Validate DNS settings