feat: add grant policies for notes and core resource quotas

zachsmith1 · claude · zachsmith1 · commit 8b01de85db01 · 2026-03-19T15:02:02.000-07:00
Add GrantCreationPolicies for milo-native resources, triggered on Project creation: - Notes: 100 per project, ClusterNotes: 100 per project - Secrets: 50 per project, ConfigMaps: 50 per project Companion to datum-cloud/milo#523 which defines the registrations and claim policies in the milo repo. Ref: datum-cloud/enhancements#664 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
diff --git a/config/services/core.miloapis.com/kustomization.yaml b/config/services/core.miloapis.com/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+sortOptions:
+  order: fifo
+
+components:
+  - quota/
diff --git a/config/services/core.miloapis.com/quota/grant-policies/default-project-grant-policy.yaml b/config/services/core.miloapis.com/quota/grant-policies/default-project-grant-policy.yaml
@@ -0,0 +1,35 @@
+apiVersion: quota.miloapis.com/v1alpha1
+kind: GrantCreationPolicy
+metadata:
+  name: default-core-quota-policy
+  labels:
+    app.kubernetes.io/name: datum
+    app.kubernetes.io/component: quota-system
+spec:
+  trigger:
+    resource:
+      apiVersion: resourcemanager.miloapis.com/v1alpha1
+      kind: Project
+  target:
+    parentContext:
+      apiGroup: "resourcemanager.miloapis.com"
+      kind: "Project"
+      nameExpression: "trigger.metadata.name"
+    resourceGrantTemplate:
+      metadata:
+        name: "default-core-quota-{{ trigger.metadata.name }}"
+        namespace: milo-system
+        annotations:
+          kubernetes.io/description: "Core resource quota allocation for project"
+      spec:
+        consumerRef:
+          apiGroup: resourcemanager.miloapis.com
+          kind: Project
+          name: "{{ trigger.metadata.name }}"
+        allowances:
+          - resourceType: core.miloapis.com/secrets
+            buckets:
+              - amount: 50
+          - resourceType: core.miloapis.com/configmaps
+            buckets:
+              - amount: 50
diff --git a/config/services/core.miloapis.com/quota/grant-policies/kustomization.yaml b/config/services/core.miloapis.com/quota/grant-policies/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+sortOptions:
+  order: fifo
+
+resources:
+  - default-project-grant-policy.yaml
diff --git a/config/services/core.miloapis.com/quota/kustomization.yaml b/config/services/core.miloapis.com/quota/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+sortOptions:
+  order: fifo
+
+components:
+  - grant-policies/
diff --git a/config/services/kustomization.yaml b/config/services/kustomization.yaml
@@ -13,4 +13,6 @@ components:
   - iam.miloapis.com/
   - dns.networking.miloapis.com/
   - networking.datumapis.com/
+  - notes.miloapis.com/
+  - core.miloapis.com/
   - search.miloapis.com/
diff --git a/config/services/notes.miloapis.com/kustomization.yaml b/config/services/notes.miloapis.com/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+sortOptions:
+  order: fifo
+
+components:
+  - quota/
diff --git a/config/services/notes.miloapis.com/quota/grant-policies/default-project-grant-policy.yaml b/config/services/notes.miloapis.com/quota/grant-policies/default-project-grant-policy.yaml
@@ -0,0 +1,35 @@
+apiVersion: quota.miloapis.com/v1alpha1
+kind: GrantCreationPolicy
+metadata:
+  name: default-notes-quota-policy
+  labels:
+    app.kubernetes.io/name: datum
+    app.kubernetes.io/component: quota-system
+spec:
+  trigger:
+    resource:
+      apiVersion: resourcemanager.miloapis.com/v1alpha1
+      kind: Project
+  target:
+    parentContext:
+      apiGroup: "resourcemanager.miloapis.com"
+      kind: "Project"
+      nameExpression: "trigger.metadata.name"
+    resourceGrantTemplate:
+      metadata:
+        name: "default-notes-quota-{{ trigger.metadata.name }}"
+        namespace: milo-system
+        annotations:
+          kubernetes.io/description: "Notes quota allocation for project"
+      spec:
+        consumerRef:
+          apiGroup: resourcemanager.miloapis.com
+          kind: Project
+          name: "{{ trigger.metadata.name }}"
+        allowances:
+          - resourceType: notes.miloapis.com/notes
+            buckets:
+              - amount: 100
+          - resourceType: notes.miloapis.com/clusternotes
+            buckets:
+              - amount: 100
diff --git a/config/services/notes.miloapis.com/quota/grant-policies/kustomization.yaml b/config/services/notes.miloapis.com/quota/grant-policies/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+sortOptions:
+  order: fifo
+
+resources:
+  - default-project-grant-policy.yaml
diff --git a/config/services/notes.miloapis.com/quota/kustomization.yaml b/config/services/notes.miloapis.com/quota/kustomization.yaml
@@ -0,0 +1,8 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+
+sortOptions:
+  order: fifo
+
+components:
+  - grant-policies/
