Describe the feature

Having control over, if changes can be made in a tenant, is crucial in production environments. While we have the functionality to frezze/cordon tenants, we don't have a generic resource. This proposal suggests two new custom resources, GlobalFreezeWindow (global) or FreezeWindow (namespaced). A FreezeWindow can define intervals of times, within these windows the selected tenants are cordoned.

What would the new user story look like?

How would the new interaction with Capsule look like? E.g.

1. As cluster administrator i want to be able to create freeze windows, which select tenants based on labels or all
2. As tenant owner i want to be able to create freeze windows for my tenants

Expected behavior

A clear and concise description of what you expect to happen.

This is definitely interesting, I'd like to know more if you had some input from the community or just an idea you had.

It's an idea i had. I am trying to propose features which enable the shift-left, essentially granting tenants owners more responsability over their tenants and not needing infrastructure teams anymore. And the Cordon function came to my mind is a pretty important apsec of being a tenant owner. If i am responsible i probably want to have the options to freeze a tenant (maybe during special events or If I want to enforce freeze windows).

However that aspect might reflect to other actions, which currently can only be done cluster administrators. Although the cordening is currently the only case i can think of.