CoCalc -- rolebinding.go

GitHub Repository: gitpod-io/gitpod
Path: blob/main/install/installer/pkg/components/redis/rolebinding.go
²⁵⁰¹ views
1
// Copyright (c) 2023 Gitpod GmbH. All rights reserved.
2
// Licensed under the GNU Affero General Public License (AGPL).
3
// See License.AGPL.txt in the project root for license information.
4

5
package redis
6

7
import (
8
	"fmt"
9
	"github.com/gitpod-io/gitpod/installer/pkg/common"
10
	rbacv1 "k8s.io/api/rbac/v1"
11
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
12
	"k8s.io/apimachinery/pkg/runtime"
13
)
14

15
func rolebinding(ctx *common.RenderContext) ([]runtime.Object, error) {
16
	labels := common.DefaultLabels(Component)
17

18
	return []runtime.Object{
19
		&rbacv1.ClusterRoleBinding{
20
			TypeMeta: common.TypeMetaClusterRoleBinding,
21
			ObjectMeta: metav1.ObjectMeta{
22
				Name:   fmt.Sprintf("%s-%s-rb-kube-rbac-proxy", ctx.Namespace, Component),
23
				Labels: labels,
24
			},
25
			RoleRef: rbacv1.RoleRef{
26
				Kind:     "ClusterRole",
27
				Name:     fmt.Sprintf("%s-kube-rbac-proxy", ctx.Namespace),
28
				APIGroup: "rbac.authorization.k8s.io",
29
			},
30
			Subjects: []rbacv1.Subject{{
31
				Kind:      "ServiceAccount",
32
				Name:      Component,
33
				Namespace: ctx.Namespace,
34
			}},
35
		},
36
		&rbacv1.RoleBinding{
37
			TypeMeta: common.TypeMetaRoleBinding,
38
			ObjectMeta: metav1.ObjectMeta{
39
				Name:      Component,
40
				Namespace: ctx.Namespace,
41
				Labels:    common.DefaultLabels(Component),
42
			},
43
			RoleRef: rbacv1.RoleRef{
44
				Kind:     "ClusterRole",
45
				Name:     fmt.Sprintf("%s-ns-psp:restricted-root-user", ctx.Namespace),
46
				APIGroup: "rbac.authorization.k8s.io",
47
			},
48
			Subjects: []rbacv1.Subject{{
49
				Kind: "ServiceAccount",
50
				Name: Component,
51
			}},
52
		},
53
	}, nil
54
}
55

56
Product

Resources

Company
