public async Task BindNamespaceRoleToGroup(string namespaceName, string role, string group)
{
var roleBinding = new V1RoleBinding
{
Metadata = new V1ObjectMeta
{
Name = $"{role}-to-{group}",
NamespaceProperty = namespaceName
},
Subjects = new List <V1Subject> {
new V1Subject
{
Kind = "Group",
Name = group,
ApiGroup = "rbac.authorization.k8s.io",
}
},
RoleRef = new V1RoleRef
{
Kind = "Role",
Name = role,
ApiGroup = "rbac.authorization.k8s.io"
}
};
await _client.CreateNamespacedRoleBindingAsync(roleBinding, namespaceName);
}
public Task <V1RoleBinding> CreateNamespacedRoleBindingAsync(
V1RoleBinding body,
string namespaceParameter,
string pretty = null,
CancellationToken cancellationToken = default(CancellationToken)
)
{
return(_kubernetes.CreateNamespacedRoleBindingAsync(
body,
namespaceParameter,
pretty,
cancellationToken
));
}
public async Task BindNamespaceRoleToGroup(string namespaceName, string role, string group)
{
var roleBindingName = $"{role}-to-{@group}";
var roleBinding = new V1RoleBinding
{
Metadata = new V1ObjectMeta
{
Name = roleBindingName,
NamespaceProperty = namespaceName
},
Subjects = new List <V1Subject> {
new V1Subject
{
Kind = "Group",
Name = group,
ApiGroup = "rbac.authorization.k8s.io",
}
},
RoleRef = new V1RoleRef
{
Kind = "Role",
Name = role,
ApiGroup = "rbac.authorization.k8s.io"
}
};
try
{
await _client.CreateNamespacedRoleBindingAsync(roleBinding, namespaceName);
}
catch (HttpOperationException ex) when(ex.Response.StatusCode == HttpStatusCode.Conflict)
{
Log.Warning($"RoleBinding {roleBindingName} already exist for namespace {namespaceName}");
throw new RoleBindingAlreadyExistInNamespaceException($"RoleBinding {roleBindingName} already exist for namespace {namespaceName}", roleBindingName, namespaceName);
}
}
public Task <V1RoleBinding> CreateNamespacedRoleBindingAsync(V1RoleBinding body, string namespaceParameter, bool?pretty = null,
CancellationToken cancellationToken = default(CancellationToken))
{
return(Task.FromResult(new V1RoleBinding()));
}
protected override Task <Component> CreateComponentAsync(Component component, Organization organization, DeploymentScope deploymentScope, Project project, User contextUser, IAsyncCollector <ICommand> commandQueue)
=> WithKubernetesContext(component, deploymentScope, async(client, data, roleDefinition, serviceAccount) =>
{
var componentNamespace = new V1Namespace()
{
Metadata = new V1ObjectMeta()
{
Name = $"{data.Namespace}-{component.Id}"
}
};
try
{
componentNamespace = await client
.CreateNamespaceAsync(componentNamespace)
.ConfigureAwait(false);
}
catch (HttpOperationException exc) when(exc.Response.StatusCode == System.Net.HttpStatusCode.Conflict)
{
componentNamespace = await client
.ReadNamespaceAsync(componentNamespace.Metadata.Name)
.ConfigureAwait(false);
}
var roleBinding = new V1RoleBinding()
{
Metadata = new V1ObjectMeta()
{
Name = "runner"
},
RoleRef = new V1RoleRef()
{
ApiGroup = roleDefinition.ApiGroup(),
Kind = roleDefinition.Kind,
Name = roleDefinition.Name()
},
Subjects = new List <V1Subject>()
{
new V1Subject()
{
ApiGroup = serviceAccount.ApiGroup(),
Kind = serviceAccount.Kind,
Name = serviceAccount.Name(),
NamespaceProperty = serviceAccount.Namespace()
}
}
};
try
{
await client
.CreateNamespacedRoleBindingAsync(roleBinding, componentNamespace.Metadata.Name)
.ConfigureAwait(false);
}
catch (HttpOperationException exc) when(exc.Response.StatusCode == System.Net.HttpStatusCode.Conflict)
{
await client
.ReplaceNamespacedRoleBindingAsync(roleBinding, roleBinding.Metadata.Name, componentNamespace.Metadata.Name)
.ConfigureAwait(false);
}
return(component);
});
private async Task <string> DescribeObject(Kubernetes client, V1Namespace ns, V1RoleBinding o, StringBuilder buffer)
{
var fetched = await client.ReadNamespacedRoleBindingAsync(o.Metadata.Name, ns.Metadata.Name).ConfigureAwait(false);
buffer.AppendLine($"API Veresion: {fetched.ApiVersion}");
buffer.AppendLine($"Kind: {fetched.Kind}");
buffer.AppendLine(DescribeMetadata(fetched.Metadata));
return($"Role Binding - {fetched.Metadata.Name}");
}
