Setting up your first project
Why are projects needed?
You are in a bootstrapped project titled as default
Projects help you isolate Cloud Native entities such as Git Repositories, Image Registries and Applications.
Let us run through a thought experiment. An agile team has access (ideally at varying levels) to certain sections of cloud infrastructure, repositories and registries. They would like to manage it independently and provide read access to other agile teams if needed
Projects are a view into the CI/CD world. You can bring in human, K8s Infrastructure and CI/CD resources and abstract access levels.
You will only be able to access this if you are an Account Admin.
- On the top right corner, you should see a project context
- If you are an account admin, you should be able to create a new project by clicking on "Create new project
- Give a name to a project
- Add project administrators to this project
- The initiator of the request is considered to be a project admin for the project being created
- You can optionally invite other members to this project, or you can do so later
- You can optionally import resources from other projects into the current project.
Flow Summary:
Creating your first Project
To add Members:
- Navigate to Settings
- Click on team management
- Click on "Add Members" within the project members tab
- Select members that you would like to import into the current project
- Assign the member any one of the default roles that ozone provides, or create your own!
Flow Summary
Note: A Project Admin is a special role, much like the default Account Admin. The role has management privileges on that project. A brief summary of the permission levels is as shown below:
Resource | Project Scoped ? | Can be moved out to another Project ? | Who can create it | Who can edit it | Who can list it | Who can get it | Who can move it to another project | Who can delete it |
Application | YES | NO | RBAC_PERMISSION | RBAC_PERMISSION | RBAC_PERMISSION | RBAC_PERMISSION | NA | RBAC_PERMISSION |
Pipeline | YES | NO | RBAC_PERMISSION | RBAC_PERMISSION | RBAC_PERMISSION | RBAC_PERMISSION | NA | RBAC_PERMISSION |
Tasks | YES | NO | RBAC_PERMISSION | RBAC_PERMISSION | RBAC_PERMISSION | RBAC_PERMISSION | NA | RBAC_PERMISSION |
Environments | YES | NO | RBAC_PERMISSION | RBAC_PERMISSION | RBAC_PERMISSION | RBAC_PERMISSION | NA | RBAC_PERMISSION |
Variables | YES | NO | RBAC_PERMISSION | RBAC_PERMISSION | RBAC_PERMISSION | RBAC_PERMISSION | NA | RBAC_PERMISSION |
Helm Catalog | NO | NO | Admin | Admin | RBAC_PERMISSION | RBAC_PERMISSION | GLOBAL | Admin |
Webhooks | YES | NO | RBAC_PERMISSION | RBAC_PERMISSION | RBAC_PERMISSION | RBAC_PERMISSION | NA | RBAC_PERMISSION |
Cluster | YES | YES | Admin / Project Admin | Admin / Project Admin-- (Need more k8 resource scoped permissions) | RBAC_PERMISSION | RBAC_PERMISSION | Admin | Admin |
Repositories | YES | YES | Needs discussion | NA | RBAC_PERMISSION | RBAC_PERMISSION | Admin | Admin |
Registries | YES | YES | Admin / Project Admin | NA | RBAC_PERMISSION | RBAC_PERMISSION | Admin | Admin |
Providers | YES | YES | Admin / Project Admin | Admin / Project Admin | RBAC_PERMISSION | RBAC_PERMISSION | Admin | Admin |
Members | YES | YES | Admin | Admin | RBAC_PERMISSION | RBAC_PERMISSION | Admin | Admin |
Roles | YES | NO | Admin / Project Admin | Admin / Project Admin | RBAC_PERMISSION | RBAC_PERMISSION | NA | Admin / Project Admin |
Projects | NO | NO | Admin | Admin | Admin | Admin | NA | Admin |
LDAP Groups | YES | NO | Admin / Project Admin | Admin / Project Admin | Admin / Project Admin | Admin / Project Admin | NA | Admin / Project Admin |
Audit Trails | NO | NO | NO | NO | Admin | Admin | NA | NO |
Event Preferences | NO | NO | NO | Admin | Admin | Admin | NA | NO |
Metric Alert Config | NO | NO | NO | Admin | Admin | Admin | NA | NO |
Advance Settings | NO | NO | NO | Admin | Admin | Admin | NA | NO |
Now that you have added a few members to a project, you can now go ahead creating resources that these members can access within this project. Resources that are project scoped are as follows:
- Clusters
- Registries
- Repositories
- Providers
- Applications
- Pipelines & Tasks
- Environments
- Variables
- Webhooks
- Members
- Roles
For more information on which resources can be moved in and out and by whome, check the table in the previous section. If the resource can be scoped in from the global pool, there is an add to project button for each of these resources, given that you are the Account Admin.
For example, to scope a pre-linked cluster to a project, go to Resources -> Clusters and click on "Add Cluster to Project".
Last modified 4mo ago