-
-
Save artberger/d5b8579a809e81052cc3ace6936c2102 to your computer and use it in GitHub Desktop.
Gloo Platform multi-workspace setup example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | --------------------------------------------------------------------------- | | |
| # | For more information, see the Gloo Platform workspace documentation: | | |
| # | https://docs.solo.io/gloo-mesh-enterprise/latest/concepts/multi-tenancy/ | | |
| # | --------------------------------------------------------------------------- | | |
| # Namespaces in the management cluster | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: ops-team-config | |
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: backend-apis-team-config | |
| --- | |
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: web-team-config | |
| --- | |
| # Workspaces in the namespaces in the management cluster | |
| apiVersion: admin.gloo.solo.io/v2 | |
| kind: Workspace | |
| metadata: | |
| name: ops-team | |
| namespace: gloo-mesh | |
| labels: | |
| gloo.solo.io/team: 'ops' | |
| spec: | |
| workloadClusters: | |
| - name: 'mgmt' | |
| namespaces: | |
| - name: ops-team-config | |
| - name: '*' | |
| namespaces: | |
| - name: istio-gateways | |
| - name: gloo-mesh-addons | |
| --- | |
| apiVersion: admin.gloo.solo.io/v2 | |
| kind: Workspace | |
| metadata: | |
| name: web-team | |
| namespace: gloo-mesh | |
| labels: | |
| gloo.solo.io/team: 'web' | |
| spec: | |
| workloadClusters: | |
| - name: 'mgmt' | |
| namespaces: | |
| - name: web-team-config | |
| - name: '*' | |
| namespaces: | |
| - name: web-ui | |
| --- | |
| apiVersion: admin.gloo.solo.io/v2 | |
| kind: Workspace | |
| metadata: | |
| name: backend-apis-team | |
| namespace: gloo-mesh | |
| labels: | |
| gloo.solo.io/team: 'backend-apis' | |
| spec: | |
| workloadClusters: | |
| - name: 'mgmt' | |
| namespaces: | |
| - name: backend-apis-team-config | |
| - name: '*' | |
| namespaces: | |
| - name: backend-apis | |
| --- | |
| # Workspace settings for each workspace | |
| apiVersion: admin.gloo.solo.io/v2 | |
| kind: WorkspaceSettings | |
| metadata: | |
| name: ops-team | |
| namespace: ops-team-config | |
| spec: | |
| importFrom: # import from the Web team so the gateway can route to these imported resources | |
| - workspaces: | |
| - name: web-team | |
| exportTo: # export to any workspace that wants to use Gloo Platform add-ons such as rate limiting and external auth | |
| - workspaces: | |
| - name: "*" | |
| resources: | |
| - kind: SERVICE | |
| namespace: gloo-mesh-addons | |
| - kind: VIRTUAL_DESTINATION | |
| namespace: gloo-mesh-addons | |
| options: | |
| federation: # disabled because VirtualDestinations are the preferred way to set up multi-cluster routing | |
| enabled: false | |
| eastWestGateways: # default east-west gateway routing | |
| - selector: | |
| labels: | |
| istio: eastwestgateway | |
| serviceIsolation: # enable service isolation and Istio Sidecar resource | |
| enabled: true | |
| trimProxyConfig: true | |
| --- | |
| apiVersion: admin.gloo.solo.io/v2 | |
| kind: WorkspaceSettings | |
| metadata: | |
| name: web-team | |
| namespace: web-team-config | |
| spec: | |
| importFrom: | |
| - workspaces: | |
| - name: backend-apis-team # import from the Backend APIs team so the web frontend can use these imported resources | |
| - workspaces: | |
| - name: ops-team # import Gloo Platform add-ons such as rate limiting and external auth and the gateway | |
| exportTo: | |
| - workspaces: | |
| - name: ops-team # export frontend web services to the Ops team to enable routing to the frontend web services from the gateway | |
| options: | |
| eastWestGateways: # default east-west gateway routing | |
| - selector: | |
| labels: | |
| istio: eastwestgateway | |
| federation: # disabled because VirtualDestinations are the preferred way to set up multi-cluster routing | |
| enabled: false | |
| serviceIsolation: # enable service isolation and Istio Sidecar resource | |
| enabled: true | |
| trimProxyConfig: true | |
| --- | |
| apiVersion: admin.gloo.solo.io/v2 | |
| kind: WorkspaceSettings | |
| metadata: | |
| name: backend-apis-team | |
| namespace: backend-apis-team-config | |
| spec: | |
| exportTo: | |
| - workspaces: | |
| - name: web-team # export services to the Web team so the frontend web services can use the backend API services | |
| importFrom: | |
| - workspaces: | |
| - name: ops-team # import Gloo Platform add-ons such as rate limiting and external auth | |
| options: | |
| eastWestGateways: # default east-west gateway routing | |
| - selector: | |
| labels: | |
| istio: eastwestgateway | |
| federation: # disabled because VirtualDestinations are the preferred way to set up multi-cluster routing | |
| enabled: false | |
| serviceIsolation: # disabled service isolation to use AccessPolicies instead to control fine-grained access | |
| enabled: false | |
| trimProxyConfig: false |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment