We need a way to create the harbor projects for the users to be able to push their images to them.
This can be done beforehand or on-demand. Some ideas:
- On-demand
- Creating it when the first run is triggered, from the webservice cli
Advantages:
- Only created when it's actually needed
Disadvantages:
- Needs credentials to create the project, as it currently is, the cli will need access to those.
- Creating it from the validation hook
Advantages:
- Only created when it's actually needed
- Secrets remain in the validation hook
Disadvantages:
- Hand to debug/troubleshoot
- Delay-sesitive part of the process
- Creating it from another (new) service
Advantages:
- Only created when it's actually needed
- Secrets remain in the admin side of things
- This might be the way things should go (thinning the cli and moving to a service)
Disadvantages:
- New service to maintain (even if it's small)
- Beforehand
- maintain-kubeusers script [1]:
Advantages:
- It does not slow down any of the user processes
Disadvantages:
- It might not have run yet when the user tries to run a build
- It will create all the projects at once, when most of them might not be needed
- Might be long and heavy (listing and checking all projects, creating all projects, ~3k tools)
This task is to investigate and develop this ideas and make a decision. Input is welcome.
[1] https://gerrit.wikimedia.org/r/plugins/gitiles/labs/tools/maintain-kubeusers/