Using Tanzu Build Service with Projects
Page last updated:
The following procedures describe how to manage projects and project members with build service.
project is a Build Service resource that simplifies kubernetes namespaces and RBAC to provide multi-tenancy for images, secrets, and builders.
Projects are optional.
To create a new project:
kubectl create -f PROJECT-YAML
PROJECT-YAML is a YAML file of the form:
apiVersion: projects.vmware.com/v1alpha1 kind: Project metadata: name: my-project spec: access: - kind: User name: email@example.com - kind: User name: firstname.lastname@example.org - kind: Group name: email@example.com - kind: User name: oidc:oidc-backed-user
name: The name of the project and the corresponding namespace.
access: A list of subjects to grant access to.
access.[kind]: The kind of the subject, either
name: The name the subject.
Note: If you are utilizing oidc for identity, names may need to be prefixed with the oidc prefix.
To grant the current user sole ownership of the project, create a project with an empty access list. For example:
apiVersion: projects.vmware.com/v1alpha1 kind: Project metadata: name: my-project spec: access: 
To view projects of which the user is a member:
kubectl create -f PROJECT-LIST-YAML
PROJECT-LIST-YAML is a YAML file of the form:
apiVersion: projects.vmware.com/v1alpha1 kind: ProjectAccess metadata: name: access-query
Get the status of the
ProjectAccess resource to determine your available projects.
kubectl get projectaccess access-query -o yaml
Be sure to delete the resource after checking the status.
kubectl delete projectaccess access-query
Projects will generate namespaces with an identical name and the appropriate RBAC policies. Therefore, you can use projects by targeting the corresponding namespace.
Note: because Projects map to Kubernetes namespaces, you should not create projects with the same name as pre-existing Kubernetes namespaces.
Any member of a project can add and remove other project members. Simply modify the project spec via
kubectl patch, or
To list members of a project, simply get the status of the project resource.
kubectl get project my-project -o yaml
To delete a project:
kubectl delete project my-project
Deleting a project will clean up and delete the corresponding namespace.