mirror of
https://github.com/carlosedp/cluster-monitoring.git
synced 2024-12-22 19:09:30 +01:00
Add clusterRole generator function
This commit is contained in:
parent
42ffee2d4c
commit
47711c5ed6
@ -26,28 +26,16 @@ local utils = import 'utils.libsonnet';
|
||||
clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'arm-exporter', namespace: $._config.namespace }]),
|
||||
|
||||
clusterRole:
|
||||
local clusterRole = k.rbac.v1.clusterRole;
|
||||
local policyRule = clusterRole.rulesType;
|
||||
|
||||
local authenticationRole = policyRule.new() +
|
||||
policyRule.withApiGroups(['authentication.k8s.io']) +
|
||||
policyRule.withResources([
|
||||
'tokenreviews',
|
||||
]) +
|
||||
policyRule.withVerbs(['create']);
|
||||
|
||||
local authorizationRole = policyRule.new() +
|
||||
policyRule.withApiGroups(['authorization.k8s.io']) +
|
||||
policyRule.withResources([
|
||||
'subjectaccessreviews',
|
||||
]) +
|
||||
policyRule.withVerbs(['create']);
|
||||
|
||||
local rules = [authenticationRole, authorizationRole];
|
||||
|
||||
clusterRole.new() +
|
||||
clusterRole.mixin.metadata.withName('arm-exporter') +
|
||||
clusterRole.withRules(rules),
|
||||
utils.newClusterRole('arm-exporter', [
|
||||
{apis: ['authentication.k8s.io'],
|
||||
res: ['tokenreviews'],
|
||||
verbs: ['create']
|
||||
},
|
||||
{apis: ['authorization.k8s.io'],
|
||||
res: ['subjectaccessreviews'],
|
||||
verbs: ['create']
|
||||
}
|
||||
]),
|
||||
|
||||
serviceAccount:
|
||||
local serviceAccount = k.core.v1.serviceAccount;
|
||||
|
@ -11,6 +11,30 @@ local vars = import 'vars.jsonnet';
|
||||
aux(arr, i + 1, running + arr[i]) tailstrict;
|
||||
aux(objs, 0, {}),
|
||||
|
||||
// Creates ClusterRoles
|
||||
// roles format example: {apis: ['authentication.k8s.io'],
|
||||
// res: ['tokenreviews'],
|
||||
// verbs: ['create']
|
||||
// }
|
||||
newClusterRole(name, roles):: (
|
||||
local clusterRole = k.rbac.v1.clusterRole;
|
||||
local policyRule = clusterRole.rulesType;
|
||||
|
||||
local p(apigroups, resources, verbs) = policyRule.new() +
|
||||
policyRule.withApiGroups([a for a in apigroups]) +
|
||||
policyRule.withResources([r for r in resources]) +
|
||||
policyRule.withVerbs([v for v in verbs]);
|
||||
|
||||
local r = [ p(pol.apis, pol.res, pol.verbs) for pol in roles ];
|
||||
|
||||
local rules = r;
|
||||
|
||||
local c = clusterRole.new() +
|
||||
clusterRole.mixin.metadata.withName(name) +
|
||||
clusterRole.withRules(rules);
|
||||
c
|
||||
),
|
||||
|
||||
// Creates endpoint objects
|
||||
newEndpoint(name, namespace, ips, portName, portNumber):: (
|
||||
local endpoints = k.core.v1.endpoints;
|
||||
|
Loading…
Reference in New Issue
Block a user