capsule/config/samples/capsule_v1beta1_tenant.yaml

---
apiVersion: capsule.clastix.io/v1beta1
kind: Tenant
metadata:
  name: gas
spec:
  additionalRoleBindings:
    -
      clusterRoleName: tenant-sample-viewer
      subjects:
        -
          kind: User
          name: bob
  containerRegistries:
    allowed:
      - docker.io
      - quay.io
    allowedRegex: ^\w+.gcr.io$
  serviceOptions:
    additionalMetadata:
      annotations:
        capsule.clastix.io/bgp: "true"
      labels:
        capsule.clastix.io/pool: gas
    allowedServices:
      nodePort: false
      externalName: false
    externalIPs:
      allowed:
        - 10.20.0.0/16
        - "10.96.42.42"
  imagePullPolicies:
    - Always
  ingressOptions:
    hostnameCollisionScope: Cluster
    allowedClasses:
      allowed:
        - default
      allowedRegex: ^\w+-lb$
    allowedHostnames:
      allowed:
        - gas.acmecorp.com
      allowedRegex: ^.*acmecorp.com$
  limitRanges:
    items:
      -
        limits:
          -
            max:
              cpu: "1"
              memory: 1Gi
            min:
              cpu: 50m
              memory: 5Mi
            type: Pod
          -
            default:
              cpu: 200m
              memory: 100Mi
            defaultRequest:
              cpu: 100m
              memory: 10Mi
            max:
              cpu: "1"
              memory: 1Gi
            min:
              cpu: 50m
              memory: 5Mi
            type: Container
          -
            max:
              storage: 10Gi
            min:
              storage: 1Gi
            type: PersistentVolumeClaim
  namespaceOptions:
    quota: 3
    additionalMetadata:
      annotations:
        capsule.clastix.io/backup: "false"
      labels:
        capsule.clastix.io/tenant: gas
  networkPolicies:
    items:
      -
        egress:
          -
            to:
              -
                ipBlock:
                  cidr: 0.0.0.0/0
                  except:
                    - 192.168.0.0/12
        ingress:
          -
            from:
              -
                namespaceSelector:
                  matchLabels:
                    capsule.clastix.io/tenant: gas
              -
                podSelector: {}
              -
                ipBlock:
                  cidr: 192.168.0.0/12
        podSelector: {}
        policyTypes:
          - Ingress
          - Egress
  nodeSelector:
    kubernetes.io/os: linux
  owners:
    -
      kind: User
      name: bob
  priorityClasses:
    allowed:
      - shared-nodes
    allowedRegex: ^\w-gas$
  resourceQuotas:
    items:
      -
        hard:
          limits.cpu: "8"
          limits.memory: 16Gi
          requests.cpu: "8"
          requests.memory: 16Gi
        scopes:
          - NotTerminating
      -
        hard:
          pods: "10"
      -
        hard:
          requests.storage: 100Gi
  storageClasses:
    allowed:
      - default
    allowedRegex: ^\w+fs$