CoCalc -- rolebinding.go

GitHub Repository: gitpod-io/gitpod
Path: blob/main/install/installer/pkg/components/openvsx-proxy/rolebinding.go
²⁵⁰¹ views
1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
package openvsx_proxy
6

7
import (
8
	"fmt"
9
	"github.com/gitpod-io/gitpod/installer/pkg/common"
10
	rbacv1 "k8s.io/api/rbac/v1"
11
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
12
	"k8s.io/apimachinery/pkg/runtime"
13
)
14

15
func rolebinding(ctx *common.RenderContext) ([]runtime.Object, error) {
16
	labels := common.DefaultLabels(Component)
17
	return []runtime.Object{
18
		&rbacv1.RoleBinding{
19
			TypeMeta: common.TypeMetaRoleBinding,
20
			ObjectMeta: metav1.ObjectMeta{
21
				Name:      Component,
22
				Namespace: ctx.Namespace,
23
				Labels:    labels,
24
			},
25
			RoleRef: rbacv1.RoleRef{
26
				Kind:     "ClusterRole",
27
				Name:     fmt.Sprintf("%s-ns-psp:restricted-root-user", ctx.Namespace),
28
				APIGroup: "rbac.authorization.k8s.io",
29
			},
30
			Subjects: []rbacv1.Subject{{
31
				Kind: "ServiceAccount",
32
				Name: Component,
33
			}},
34
		},
35
		&rbacv1.ClusterRoleBinding{
36
			TypeMeta: common.TypeMetaClusterRoleBinding,
37
			ObjectMeta: metav1.ObjectMeta{
38
				Name:   fmt.Sprintf("%s-%s-kube-rbac-proxy", ctx.Namespace, Component),
39
				Labels: labels,
40
			},
41
			RoleRef: rbacv1.RoleRef{
42
				Kind:     "ClusterRole",
43
				Name:     fmt.Sprintf("%s-kube-rbac-proxy", ctx.Namespace),
44
				APIGroup: "rbac.authorization.k8s.io",
45
			},
46
			Subjects: []rbacv1.Subject{{
47
				Kind:      "ServiceAccount",
48
				Name:      Component,
49
				Namespace: ctx.Namespace,
50
			}},
51
		},
52
	}, nil
53
}
54

55
Product

Resources

Company
