Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
gitpod-io
GitHub Repository: gitpod-io/gitpod
 Path: blob/main/install/installer/pkg/components/ws-manager-mk2/rolebinding.go
2501 views
1
// Copyright (c) 2021 Gitpod GmbH. All rights reserved.

2
// Licensed under the GNU Affero General Public License (AGPL).

3
// See License-AGPL.txt in the project root for license information.

4


5
package wsmanagermk2

6


7
import (

8
	"fmt"

9


10
	"github.com/gitpod-io/gitpod/installer/pkg/common"

11


12
	rbacv1 "k8s.io/api/rbac/v1"

13
	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

14
	"k8s.io/apimachinery/pkg/runtime"

15
)

16


17
func rolebinding(ctx *common.RenderContext) ([]runtime.Object, error) {

18
	labels := common.DefaultLabels(Component)

19


20
	return []runtime.Object{

21
		&rbacv1.ClusterRoleBinding{

22
			TypeMeta: common.TypeMetaClusterRoleBinding,

23
			ObjectMeta: metav1.ObjectMeta{

24
				Name:   fmt.Sprintf("%s-%s-kube-rbac-proxy", ctx.Namespace, Component),

25
				Labels: labels,

26
			},

27
			RoleRef: rbacv1.RoleRef{

28
				Kind:     "ClusterRole",

29
				Name:     fmt.Sprintf("%s-kube-rbac-proxy", ctx.Namespace),

30
				APIGroup: "rbac.authorization.k8s.io",

31
			},

32
			Subjects: []rbacv1.Subject{

33
				{

34
					Kind:      "ServiceAccount",

35
					Name:      Component,

36
					Namespace: ctx.Namespace,

37
				},

38
			},

39
		},

40
		&rbacv1.RoleBinding{

41
			TypeMeta: common.TypeMetaRoleBinding,

42
			ObjectMeta: metav1.ObjectMeta{

43
				Name:      Component,

44
				Namespace: ctx.Namespace,

45
				Labels:    labels,

46
			},

47
			RoleRef: rbacv1.RoleRef{

48
				APIGroup: "rbac.authorization.k8s.io",

49
				Kind:     "Role",

50
				Name:     Component,

51
			},

52
			Subjects: []rbacv1.Subject{

53
				{

54
					Kind:      "ServiceAccount",

55
					Name:      Component,

56
					Namespace: ctx.Namespace,

57
				},

58
			},

59
		},

60


61
		&rbacv1.RoleBinding{

62
			TypeMeta: common.TypeMetaRoleBinding,

63
			ObjectMeta: metav1.ObjectMeta{

64
				Name:      Component,

65
				Namespace: common.WorkspaceSecretsNamespace,

66
				Labels:    labels,

67
			},

68
			RoleRef: rbacv1.RoleRef{

69
				APIGroup: "rbac.authorization.k8s.io",

70
				Kind:     "Role",

71
				Name:     Component,

72
			},

73
			Subjects: []rbacv1.Subject{

74
				{

75
					Kind:      "ServiceAccount",

76
					Name:      Component,

77
					Namespace: ctx.Namespace,

78
				},

79
			},

80
		},

81


82
		&rbacv1.ClusterRoleBinding{

83
			TypeMeta: common.TypeMetaClusterRoleBinding,

84
			ObjectMeta: metav1.ObjectMeta{

85
				Name:   Component,

86
				Labels: labels,

87
			},

88
			RoleRef: rbacv1.RoleRef{

89
				Kind:     "ClusterRole",

90
				Name:     Component,

91
				APIGroup: "rbac.authorization.k8s.io",

92
			},

93
			Subjects: []rbacv1.Subject{

94
				{

95
					Kind:      "ServiceAccount",

96
					Name:      Component,

97
					Namespace: ctx.Namespace,

98
				},

99
			},

100
		},

101
	}, nil

102
}

103


104