I would like to perform a system test using multiple services. During test I would like to prevent deployments from happening for a given namespace in order to have stable environment. Is it possible to have such lock?
My use case is CI/CD flow:
I will have bitbucket / gitlab pipeline, deploy a service. Then I want to perform system tests among multiple services inside a namespace. During this system test I want to prevent deployments in order to make tests more stable.
You can use RBAC with a Role limited to a single namespace.
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: user
namespace: mynamespace
---
kind: Role
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: user-full-access
namespace: mynamespace
rules:
- apiGroups: ["", "extensions", "apps"]
resources: ["*"]
verbs: ["*"]
- apiGroups: ["batch"]
resources:
- jobs
- cronjobs
verbs: ["*"]
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: mynamespace-user-view
namespace: mynamespace
subjects:
- kind: ServiceAccount
name: user
namespace: mynamespace
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: user-full-access