Organization Domain
The Organization domain manages teams and groups within the Control Plane. It is responsible for onboarding teams and automatically provisioning the resources they need to start working with the platform.
Custom Resources
Group
Group is the Schema for the groups API.
Group: organization.cp.ei.telekom.de · Version: v1 · Scope: Namespaced
GroupSpec
Appears in: Group
GroupSpec defines the desired state of Group.
| Field | Type | Default | Validation |
|---|---|---|---|
description | string | — | Required, minLength: 1 |
displayName | string | — | Required, minLength: 1 |
GroupStatus
Appears in: Group
GroupStatus defines the observed state of Group.
| Field | Type | Default | Validation |
|---|---|---|---|
conditions | Condition[] | — | Optional |
Condition
Appears in: GroupStatus, TeamStatus
| Field | Type | Default | Validation |
|---|---|---|---|
lastTransitionTime | string | — | Required, Format: date-time |
message | string | — | Required, maxLength: 32768 |
observedGeneration | integer | — | Optional, Format: int64, minimum: 0 |
reason | string | — | Required, minLength: 1, maxLength: 1024, pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ |
status | string | — | Required, Enum: True \| False \| Unknown |
type | string | — | Required, maxLength: 316, pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ |
Team
Team is the Schema for the teams API.
Group: organization.cp.ei.telekom.de · Version: v1 · Scope: Namespaced
TeamSpec
Appears in: Team
TeamSpec defines the desired state of Team.
| Field | Type | Default | Validation |
|---|---|---|---|
category | string | Customer | Required, Enum: Customer \| Infrastructure |
email | string | — | Required, Format: email, minLength: 1 |
group | string | — | Required, minLength: 1, pattern: ^[a-z0-9]+(-?[a-z0-9]+)*$ |
members | Members[] | — | Required, minItems: 1 |
name | string | — | Required, minLength: 1, pattern: ^[a-z0-9]+(-?[a-z0-9]+)*$ |
secret | string | — | Optional |
teamToken | string | — | Optional |
Members
Appears in: TeamSpec
Members is the members of the team
| Field | Type | Default | Validation |
|---|---|---|---|
email | string | — | Required, Format: email, minLength: 1 |
name | string | — | Required, minLength: 1 |
TeamStatus
Appears in: Team
TeamStatus defines the observed state of Team.
| Field | Type | Default | Validation |
|---|---|---|---|
conditions | Condition[] | — | Optional |
gatewayConsumerRef | ObjectRef | — | Optional |
identityClientRef | ObjectRef | — | Optional |
namespace | string | — | Required |
notificationChannelRef | ObjectRef | — | Optional |
notificationsRef | map<string, object> | — | Optional |
teamToken | string | — | Optional |
ObjectRef
Appears in: TeamStatus
ObjectRef is a reference to a Kubernetes object It is similar to types.NamespacedName but has the required json tags for serialization
| Field | Type | Default | Validation |
|---|---|---|---|
name | string | — | Required |
namespace | string | — | Required |
uid | string | — | Optional |
Auto-Provisioning
When a Team is created, the Organization operator automatically provisions:
- A dedicated namespace —
{environment}--{group}--{team} - An Identity Client — for authenticating with the platform
- A Gateway Consumer — for accessing APIs through the gateway
- A Notification Channel — for receiving platform notifications
- A Team Token — for CLI authentication with Rover-CTL
Domain Interactions
- Identity domain — Creates identity clients for each team.
- Gateway domain — Creates gateway consumers for each team.
- Notification domain — Creates notification channels and sends lifecycle notifications (onboarding, token rotation, member changes).
- Secret Manager — Handles credential storage and rotation for team tokens.