Mirrors/rpi.carlosedp.cluster-monitoring
1
0
Fork 0
mirror of https://github.com/carlosedp/cluster-monitoring.git synced 2025-10-26 10:23:04 +01:00
Code Issues Projects Releases Wiki Activity

Add clusterRole generator function

Browse Source
This commit is contained in:
Carlos de Paula 2019-10-09 11:52:00 -03:00
parent 42ffee2d4c
commit 47711c5ed6
2 changed files with 34 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
arm_exporter.jsonnet
View File

@ -26,28 +26,16 @@ local utils = import 'utils.libsonnet';
clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'arm-exporter', namespace: $._config.namespace }]), clusterRoleBinding.withSubjects([{ kind: 'ServiceAccount', name: 'arm-exporter', namespace: $._config.namespace }]),
clusterRole: clusterRole:
local clusterRole = k.rbac.v1.clusterRole; utils.newClusterRole('arm-exporter', [
local policyRule = clusterRole.rulesType; {apis: ['authentication.k8s.io'],
res: ['tokenreviews'],
local authenticationRole = policyRule.new() + verbs: ['create']
policyRule.withApiGroups(['authentication.k8s.io']) + },
policyRule.withResources([ {apis: ['authorization.k8s.io'],
'tokenreviews', res: ['subjectaccessreviews'],
]) + verbs: ['create']
policyRule.withVerbs(['create']); }
]),
local authorizationRole = policyRule.new() +
policyRule.withApiGroups(['authorization.k8s.io']) +
policyRule.withResources([
'subjectaccessreviews',
]) +
policyRule.withVerbs(['create']);
local rules = [authenticationRole, authorizationRole];
clusterRole.new() +
clusterRole.mixin.metadata.withName('arm-exporter') +
clusterRole.withRules(rules),
serviceAccount: serviceAccount:
local serviceAccount = k.core.v1.serviceAccount; local serviceAccount = k.core.v1.serviceAccount;

24
utils.libsonnet
View File

@ -11,6 +11,30 @@ local vars = import 'vars.jsonnet';
aux(arr, i + 1, running + arr[i]) tailstrict; aux(arr, i + 1, running + arr[i]) tailstrict;
aux(objs, 0, {}), aux(objs, 0, {}),
// Creates ClusterRoles
// roles format example: {apis: ['authentication.k8s.io'],
// res: ['tokenreviews'],
// verbs: ['create']
// }
newClusterRole(name, roles):: (
local clusterRole = k.rbac.v1.clusterRole;
local policyRule = clusterRole.rulesType;
local p(apigroups, resources, verbs) = policyRule.new() +
policyRule.withApiGroups([a for a in apigroups]) +
policyRule.withResources([r for r in resources]) +
policyRule.withVerbs([v for v in verbs]);
local r = [ p(pol.apis, pol.res, pol.verbs) for pol in roles ];
local rules = r;
local c = clusterRole.new() +
clusterRole.mixin.metadata.withName(name) +
clusterRole.withRules(rules);
c
),
// Creates endpoint objects // Creates endpoint objects
newEndpoint(name, namespace, ips, portName, portNumber):: ( newEndpoint(name, namespace, ips, portName, portNumber):: (
local endpoints = k.core.v1.endpoints; local endpoints = k.core.v1.endpoints;