/
rbac.go
45 lines (41 loc) · 1014 Bytes
/
rbac.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
package operatorrules
import (
rbacv1 "k8s.io/api/rbac/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func BuildRoleAndRoleBinding(namePrefix, namespace, promSAName, promSANamespace string, labels map[string]string) (*rbacv1.Role, *rbacv1.RoleBinding) {
r := &rbacv1.Role{
ObjectMeta: metav1.ObjectMeta{
Name: namePrefix + "-role",
Namespace: namespace,
Labels: labels,
},
Rules: []rbacv1.PolicyRule{
{
APIGroups: []string{""},
Resources: []string{"services", "endpoints", "pods"},
Verbs: []string{"get", "list"},
},
},
}
rb := &rbacv1.RoleBinding{
ObjectMeta: metav1.ObjectMeta{
Name: namePrefix + "-rolebinding",
Namespace: namespace,
Labels: labels,
},
RoleRef: rbacv1.RoleRef{
Kind: "Role",
Name: namePrefix + "-role",
APIGroup: rbacv1.GroupName,
},
Subjects: []rbacv1.Subject{
{
Kind: "ServiceAccount",
Name: promSAName,
Namespace: promSANamespace,
},
},
}
return r, rb
}