The idea is to dynamically generate roles and bindings in kuberenetes for each namespace for the given context. This tool can be used in companies, where teams create namespaces for their projects and need role based access to clusters. Here I use groups in {context}-{namespace} format , e.g. dev-namespaceA. There are 2 flavours of access, read-only and read-write. By default read-only cluster role is added. On namespace creation event read-write role will be added and bound to corresponding group.
//todo make this optional On top of that the very same group will be added to Okta, which is the chosen access managemen tool.
You need to have installed
- golang sdk
- install kubectl
- configure $HOME/.kube/config for access of desired cluster
- configure .okta/okta.yaml for okta api access
To run app run following command passing the context:
$ go run . --context=context