forked from jenkins-x/jx
-
Notifications
You must be signed in to change notification settings - Fork 0
/
common_kube_rbac.go
71 lines (64 loc) · 2.12 KB
/
common_kube_rbac.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package cmd
import (
"fmt"
"github.com/jenkins-x/jx/pkg/util"
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
meta_v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func (o *CommonOptions) ensureServiceAccount(ns string, serviceAccountName string) error {
client, _, err := o.Factory.CreateClient()
if err != nil {
return err
}
_, err = client.CoreV1().ServiceAccounts(ns).Get(serviceAccountName, meta_v1.GetOptions{})
if err != nil {
// lets create a ServiceAccount for tiller
sa := &corev1.ServiceAccount{
ObjectMeta: meta_v1.ObjectMeta{
Name: serviceAccountName,
Namespace: ns,
},
}
_, err = client.CoreV1().ServiceAccounts(ns).Create(sa)
if err != nil {
return fmt.Errorf("Failed to create ServiceAccount %s in namespace %s: %s", serviceAccountName, ns, err)
}
o.Printf("Created ServiceAccount %s in namespace %s\n", util.ColorInfo(serviceAccountName), util.ColorInfo(ns))
}
return err
}
func (o *CommonOptions) ensureClusterRoleBinding(clusterRoleBindingName string, role string, serviceAccountNamespace string, serviceAccountName string) error {
client, _, err := o.Factory.CreateClient()
if err != nil {
return err
}
_, err = client.RbacV1().ClusterRoleBindings().Get(clusterRoleBindingName, meta_v1.GetOptions{})
if err != nil {
o.Printf("Trying to create ClusterRoleBinding %s for role: %s and ServiceAccount: %s/%s\n",
clusterRoleBindingName, role, serviceAccountNamespace, serviceAccountName)
clusterRoleBinding := &rbacv1.ClusterRoleBinding{
ObjectMeta: meta_v1.ObjectMeta{
Name: clusterRoleBindingName,
},
Subjects: []rbacv1.Subject{
{
Kind: "ServiceAccount",
Name: serviceAccountName,
Namespace: serviceAccountNamespace,
},
},
RoleRef: rbacv1.RoleRef{
Kind: "ClusterRole",
Name: role,
APIGroup: "rbac.authorization.k8s.io",
},
}
_, err = client.RbacV1().ClusterRoleBindings().Create(clusterRoleBinding)
if err != nil {
return fmt.Errorf("Failed to create ClusterRoleBindings %s: %s", clusterRoleBindingName, err)
}
o.Printf("Created ClusterRoleBinding %s\n", clusterRoleBindingName)
}
return nil
}