Using Tanzu Build Service with Projects

Page last updated:

The following procedures describe how to manage projects and project members with build service.

A project is a Build Service resource that simplifies kubernetes namespaces and RBAC to provide multi-tenancy for images, secrets, and builders.

Projects are optional.

Creating a Project

To create a new project:

kubectl create -f PROJECT-YAML

Where PROJECT-YAML is a YAML file of the form:

apiVersion: projects.vmware.com/v1alpha1
kind: Project
metadata:
    name: my-project
spec:
   access:
    - kind: User
      name: user-1@company.org
    - kind: User
      name: user-2@company.org
    - kind: Group
      name: group-1@company.org
    - kind: User
      name: oidc:oidc-backed-user
  • name: The name of the project and the corresponding namespace.
  • access: A list of subjects to grant access to.
  • access.[kind]: The kind of the subject, either User or Group.
  • name: The name the subject.

Note: If you are utilizing oidc for identity, names may need to be prefixed with the oidc prefix.

To grant the current user sole ownership of the project, create a project with an empty access list. For example:

apiVersion: projects.vmware.com/v1alpha1
kind: Project
metadata:
    name: my-project
spec:
   access: []

Listing Projects

To view projects of which the user is a member:

kubectl create -f PROJECT-LIST-YAML

Where PROJECT-LIST-YAML is a YAML file of the form:

apiVersion: projects.vmware.com/v1alpha1
kind: ProjectAccess
metadata:
    name: access-query

Get the status of the ProjectAccess resource to determine your available projects.

kubectl get projectaccess access-query -o yaml

Be sure to delete the resource after checking the status.

kubectl delete projectaccess access-query

Using Projects

Projects will generate namespaces with an identical name and the appropriate RBAC policies. Therefore, you can use projects by targeting the corresponding namespace.

Note: because Projects map to Kubernetes namespaces, you should not create projects with the same name as pre-existing Kubernetes namespaces.

Adding and Removing Project Members

Any member of a project can add and remove other project members. Simply modify the project spec via kubectl edit, kubectl update, kubectl patch, or kubectl apply.

Listing Members of a Project

To list members of a project, simply get the status of the project resource.

kubectl get project my-project -o yaml

Deleting a Project

To delete a project:

kubectl delete project my-project

Deleting a project will clean up and delete the corresponding namespace.