GAP Documentation
GitHub Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Let's get started!
  2. /
  3. Getting started
  4. /
  5. Setup a team and namespace
Edit page

Setup a team and namespace

In order to use GAP a developer team needs the following:

  • AD group as G_GSUITE_YourTeamName containing the team members
    • AD group having SSO login enabled
    • AD group belongs in the right groups in GSuite Admin
  • kubernetes namespace based on the AD group
  • ArgoCD permissions on the namespace
  • write access on the alerts repository

The following sections should cover how to request these.

GSuite AD Group & Secret server access

The team leader should create an OfficeIT ticket like the one below

Dear OfficeIT,
please create a mail enabled security AD group with the name of 'G_GSUITE_YouTeamName' and put the following people in it:

{list of your team members}

Please create the group with an e-mail address using dashes and NOT underscores.

Enable SSO login (put the users in the SSO-GSUITERD group) and provision for GSuite for these users.

Also, please put the `G_GSUITE_YouTeamName` in the `SecretServer_AreaName_Area` group.
If the `SecretServer_AreaName_Area` does not exists, please create it.

Thanks,
{TeamLead}

Important: After the Office IT implements the ticket each member should log in to Google Cloud via SSO (firstname.lastname@emarsys.com)

Setup namespace wide alerts

Add namespace wide Prometheus alerts. Please see this guide

Namespace & Permissions

If your team does not have a namespace or ArgoCD access or alerts repo access on the platform, open a ticket to the GAP team with the following info:

Dear GAP team,

Please
- create a namespace for `<yourteamname-case-sensitive>`
- put 'G_GSUITE_YouTeamName' to the `gap-developers` group in GSuite admin
- put 'G_GSUITE_YouTeamName' into the `gke-security-groups@emarsys.com` group in GSuite admin.
- set up the team in ArgoCD
- connect the team's gap config repository
- write access on the alerts repository: YourGithubTeam
- write access on the gap-registry repository: YourGithubTeam

Please check if a case conversion is needed for the above group.

Thanks,
{TeamLead}

Important: The namespace is created from the AD group by a heuristic, please make sure that you send us the case correctly. If the namespace cannot be mapped from the group to the namespace by simply replacing the capital letters with -<lowercase(letter)> because it is an acronym or the group has been created with ALL CAPS the cloud platform team needs to add the mapping manually. Example:

group: G_GSUITE_CloudPlatform
namespace: cloud-platform
conversion: not needed

group: G_GSUITE_CAST
namespace: cast
conversion: c-a-s-t, manual exception needed

Setup squad namespace

Collaboration between teams currently is possible with creating a common namespace for the teams working together, this way all the related developers will have read and write access to the application.

If the production application will be maintained by all related teams in the future, the application should remain in the newly created namespace. If only the development phase is involved, it must be moved to the owner team’s namespace eventually and the common namespace can be destroyed.

  1. Create a GSuite group with an Office IT ticket as above

  2. Have the Cloud Platform team create the namespace and allow access as above