Give more infrastructure control to startup teams
We have distinct projects for each team under the /projects group. This is to make it easier to work concurrently on infrastructure code on different projects and to avoid have very long terraform executions.
Currently, those terraform projects are configured with secrets that allow very broad access to the kubernetes clusters or scaleway projects. We could restrain these accesses to allow startup teams to directly contribute to their own infrastructure. To do so, the following actions are required:
- Remove accesses to scaleway default, kubernetes production and kubernetes development projects
- Configure variables to set up kubernetes and helm providers with namespace-restricted service accounts
- Create a distinct scaleway project for each team's resources (for example S3 buckets) and configure terraform projects with these new credentials