Teams
Teams are isolated tenants on the App Platform instance intended to support a development team or a project. Since the App Platform is multi-tenancy, multiple teams can be created and each team can have their own set of users. Users that belong to a particular team will be able to manage all team-level self-service features for that team, including creating images and deploying workloads that belong to the team. Users can also access any apps that are enabled for the team.
Admin team
By default, a team called admin is created. Platform administrators can use this team to deploy workloads in any namespace and expose services from any namespace namespace. In addition, there are a few templates in the catalog that are only available to platform administrators. Unlike other teams, the Admin team does not have apps and it is not possible to configure any team settings.
Create a team
-
Log in to a user account with the
platform-adminrole (like theplatform-adminuser). -
Provide a name for the team (lowercase). The name of a team can not be changed afterwards. Creating a team will result in the creation of namespace
team-$NAME. The name of a team can be max12characters. -
Optional: Provide a OIDC group name/id for granting access to the team when using an external IdP. Only members of this group will get access to the team in the App Platform Console.
-
Optional: Configure advanced settings, explained below under Configuration options.
-
Click the Create Team button to finish and create your new team.
Configuration options
-
Enable Dashboards. This installs a dedicated Grafana instance in the team namespace with pre-configured dashboards. Dashboards are added based on enabled capabilities (Apps) on the platform level.
-
Enable Alerts. This installs a dedicated Alertmanager instance in the team namespace to receive team-specific alerts from the platform Prometheus. Select one of the following Notification Receivers:
| Option | Description |
|---|---|
| Slack | Needs a slack webhook url that will give alerts for warnings and criticals |
| Microsoft Teams | Needs two alerting endpoints, for both warnings as well as criticals |
It is not required to select a Notification Receiver. Team members can always use the Alertmanager UI (available in the Apps section) to see alerts.
- Configure Resource Quotas. Adjust the default Count and Resource quota if required and/or add custom resource quota. The resource quota should adhere to the "spec.hard" format as described here.
There is no validation as there is no schema published. Add/change resource quota at your own risk.
- Enable/disable Network Policies:
| Option | Description |
|---|---|
| Network policies | When enabled team services will be bound by (ingress) network policies |
| Egress control | When enabled team service egress traffic will be limited to pre-defined external endpoints only |
- Set Permissions for members of the Team:
| Action | Description |
|---|---|
| Create Services | Select to grant team members permission to create Services |
| Edit Security Policies | Select to grant team members permission to edit Security Policies |
| Use Cloud Shell | Select to grant team members permission to use the cloud shell |
| Download kubeconfig file | Select to grant team members permission to download the KubeConfig to get Kube API access to the namespace |
| Download docker login credentials | Select to grant team members permission to download the Dockerconfig for the teams project in Harbor |
Updated about 3 hours ago