Reference: ProjectBootstrap CRD¶
The ProjectBootstrap is a Custom Resource Definition (CRD) used to request the
creation and configuration of a new Kubernetes namespace. It acts as the primary
user-facing API for the Namespace Provisioning service.
When a ProjectBootstrap resource is created, the Namespace Operator uses it
along with a referenced BootstrapConfig template to provision a complete,
secure, and GitOps-ready environment.
Specification (spec)¶
The spec block of a ProjectBootstrap resource contains the following fields:
| Field | Type | Description |
|---|---|---|
namespace |
string |
Required. The name of the new Kubernetes namespace to be created. |
config |
object |
Required. Specifies the template to use for provisioning. Contains ref (the name of the BootstrapConfig) and size (e.g., default). |
git |
object |
Required. Configures the new Flux Kustomization for the namespace, including the branch and path for the application's manifests. |
metadata |
map[string]string |
Optional. A key-value map of data to be used as variables when generating resources from templates. |
databases |
map[string]object |
Optional. A map defining databases to be automatically provisioned for the namespace. See details below. |
gateways |
map[string]object |
Optional. A map defining Istio Gateways to be created for the namespace. |
overrides |
object |
Optional. Allows for overriding specific configurations from the base BootstrapConfig template. See details below. |
roleBindings |
[]object |
Optional. Defines extra RoleBindings to be created in the namespace, based on roles defined in the BootstrapConfig. |
Example Configuration¶
The following example shows a ProjectBootstrap resource that provisions a
namespace named my-app, creates a database, and adds a custom network policy.
apiVersion: project.tcs.trifork.com/v1alpha1
kind: ProjectBootstrap
metadata:
name: my-app
namespace: netic-gitops-system
spec:
namespace: my-app
config:
ref: default
size: default
git:
branch: main
path: ./apps/my-app
databases:
my-app-db:
instance: prod1-dc4-dbaas01.netic-platform.shared.k8s.netic.dk
deletionProtected: true
overrides:
networkPolicies:
allow-backend-access:
podSelector:
matchLabels:
app.kubernetes.io/name: my-app-frontend
policyTypes:
- Egress
egress:
- to:
- podSelector:
matchLabels:
app.kubernetes.io/name: my-app-backend
ports:
- port: http
protocol: TCP
Configuration Details¶
Overrides¶
The spec.overrides field allows you to customize or add to the configurations
defined in the referenced BootstrapConfig template.
networkPolicies¶
You can add new NetworkPolicy resources or override existing ones by name. The
value of the networkPolicies key is a map where each key is the name of the
network policy, and the value is a standard Kubernetes NetworkPolicySpec.
- If a network policy with the same name exists in the
BootstrapConfig, its entirespecwill be replaced with the one you provide. - If the name does not exist in the
BootstrapConfig, a newNetworkPolicywill be created.
Databases¶
The spec.databases field allows you to automatically provision one or more
databases for your namespace. The platform's db-operator will create Database
resources based on your definitions.
The key of each item in the databases map becomes the name of the Database
resource. The value object contains the following fields:
| Field | Type | Description |
|---|---|---|
instance |
string |
Required. The full name of the shared DbInstance to create the database on. |
deletionProtected |
boolean |
Optional. Defaults to false. It is highly recommended to set this to true to prevent accidental data loss. |
connectionStringTemplate |
string |
Optional. A custom Go template to generate a specific connection string format in the credentials Secret. |
When a database is created, two resources are made in the namespace:
- A
Secretnamed<database-key>-dbcontaining the credentials. - A
ConfigMapnamed<database-key>-dbcontaining non-sensitive connection information.