feat(resourcemanager): Remove auto-provision and unify org quota#254
Open
mattdjenkinson wants to merge 10 commits into
Open
feat(resourcemanager): Remove auto-provision and unify org quota#254mattdjenkinson wants to merge 10 commits into
mattdjenkinson wants to merge 10 commits into
Conversation
Stop creating personal orgs and projects at signup. Replace type-split project grant policies with a single 10-project policy for all orgs.
3 tasks
ecv
previously approved these changes
Jun 28, 2026
Collaborator
|
@mattdjenkinson we should put this behind a service level feature flag so it's easy to enable / disable in an environment. We only want to remove it once the feature is fully removed from all environments. This will make it easier to release an updated version that lets us keep it enabled in production but disable it in staging. |
Contributor
Author
|
@scotwells yep good shout, i was going to ask you about the best way to release all this. |
1a71e22 to
658885a
Compare
…feature flag Restore personal org controller and legacy quota policies for gate-off environments, with a legacy-organizations overlay that drops the unified grant policy when both would conflict.
Keep legacy grant and validation policy manifests inside the overlay tree so the component builds when composed with ./services, and drop the unified quota policy via patch.
Copy pkg/features into the container build context and replace the ginkgo envtest scaffold with a unit test so go test works without kubebuilder.
scotwells
reviewed
Jun 30, 2026
Collaborator
There was a problem hiding this comment.
We should default to the existing behavior to prevent breaking changes on release. This lets us only modify the staging environment to enable the new functionality instead of having to coordinate between all environments.
Restore personal/standard grant policies and validation resources in the default resourcemanager kustomization. Move unified quota policy into config/overlays/unified-organizations so only environments that opt in with the feature gate need the overlay, per release safety review.
Refresh manager-role rules after make manifests.
JoseSzycho
approved these changes
Jul 1, 2026
scotwells
approved these changes
Jul 1, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
New users should not get a personal org and default project from a controller before they have chosen how to work. This removes
PersonalOrganizationControllerand the validation policy that blocked renaming personal org display names.Project quota no longer branches on org type. A single grant creation policy gives every organization a 10-project allowance. The old personal (2) and standard (10) policies are removed.
Ship this with the milo unified-org schema PR. Apply the new grant policy before deleting the legacy ones so orgs created during rollout still receive grants.
Test plan
go build ./...PersonalOrganizationControllerconfigorganization-project-quota-policyBreaking changes
personal-org-*orpersonal-project-*resources.disallow-personal-org-name-changeValidatingAdmissionPolicy removed.Notes for reviewers
Related to milo-os/milo#636