The rbac generator parses a kubernetes manifest and outputs the necessary rbac for an operator to apply and manage it. The tool is inspired by the work being done on operators for cluster addons.
The tool works in two modes based on a boolean flag - supervisory . When the flag is set to false, it parses a clusterrole in the manifest and adds the resources and verbs there to the generated cluster role. This is because an operator cannot create a clusterrole with permissions that it does not have. When the flag is set to true, it skips this and assumes that the clusterroles will be applied by something with higher permissions.
- Get the code
go get https://github.com/kubernetes-sigs/cluster-addons- Build
cd $GOPATH/kubernetes-sigs/cluster-addons/tools/rbac-gen
go install- Run the go program
rbac-gen --yaml <YOUR-MANIFEST-YAML>Example:
rbac-gen --yaml channels/packages/dashboard/manifest.yamlThere are optional flags like
nsfor namespace: defaults tokube-systemout- path to output file: output to stdout if not setname- name of the role to be generated
Have fun! 🎉