public async Task BindNamespaceRoleToGroup(string namespaceName, string role, string group) { var roleBinding = new V1RoleBinding { Metadata = new V1ObjectMeta { Name = $"{role}-to-{group}", NamespaceProperty = namespaceName }, Subjects = new List <V1Subject> { new V1Subject { Kind = "Group", Name = group, ApiGroup = "rbac.authorization.k8s.io", } }, RoleRef = new V1RoleRef { Kind = "Role", Name = role, ApiGroup = "rbac.authorization.k8s.io" } }; await _client.CreateNamespacedRoleBindingAsync(roleBinding, namespaceName); }
public Task <V1RoleBinding> CreateNamespacedRoleBindingAsync( V1RoleBinding body, string namespaceParameter, string pretty = null, CancellationToken cancellationToken = default(CancellationToken) ) { return(_kubernetes.CreateNamespacedRoleBindingAsync( body, namespaceParameter, pretty, cancellationToken )); }
public async Task BindNamespaceRoleToGroup(string namespaceName, string role, string group) { var roleBindingName = $"{role}-to-{@group}"; var roleBinding = new V1RoleBinding { Metadata = new V1ObjectMeta { Name = roleBindingName, NamespaceProperty = namespaceName }, Subjects = new List <V1Subject> { new V1Subject { Kind = "Group", Name = group, ApiGroup = "rbac.authorization.k8s.io", } }, RoleRef = new V1RoleRef { Kind = "Role", Name = role, ApiGroup = "rbac.authorization.k8s.io" } }; try { await _client.CreateNamespacedRoleBindingAsync(roleBinding, namespaceName); } catch (HttpOperationException ex) when(ex.Response.StatusCode == HttpStatusCode.Conflict) { Log.Warning($"RoleBinding {roleBindingName} already exist for namespace {namespaceName}"); throw new RoleBindingAlreadyExistInNamespaceException($"RoleBinding {roleBindingName} already exist for namespace {namespaceName}", roleBindingName, namespaceName); } }
public Task <V1RoleBinding> CreateNamespacedRoleBindingAsync(V1RoleBinding body, string namespaceParameter, bool?pretty = null, CancellationToken cancellationToken = default(CancellationToken)) { return(Task.FromResult(new V1RoleBinding())); }
protected override Task <Component> CreateComponentAsync(Component component, Organization organization, DeploymentScope deploymentScope, Project project, User contextUser, IAsyncCollector <ICommand> commandQueue) => WithKubernetesContext(component, deploymentScope, async(client, data, roleDefinition, serviceAccount) => { var componentNamespace = new V1Namespace() { Metadata = new V1ObjectMeta() { Name = $"{data.Namespace}-{component.Id}" } }; try { componentNamespace = await client .CreateNamespaceAsync(componentNamespace) .ConfigureAwait(false); } catch (HttpOperationException exc) when(exc.Response.StatusCode == System.Net.HttpStatusCode.Conflict) { componentNamespace = await client .ReadNamespaceAsync(componentNamespace.Metadata.Name) .ConfigureAwait(false); } var roleBinding = new V1RoleBinding() { Metadata = new V1ObjectMeta() { Name = "runner" }, RoleRef = new V1RoleRef() { ApiGroup = roleDefinition.ApiGroup(), Kind = roleDefinition.Kind, Name = roleDefinition.Name() }, Subjects = new List <V1Subject>() { new V1Subject() { ApiGroup = serviceAccount.ApiGroup(), Kind = serviceAccount.Kind, Name = serviceAccount.Name(), NamespaceProperty = serviceAccount.Namespace() } } }; try { await client .CreateNamespacedRoleBindingAsync(roleBinding, componentNamespace.Metadata.Name) .ConfigureAwait(false); } catch (HttpOperationException exc) when(exc.Response.StatusCode == System.Net.HttpStatusCode.Conflict) { await client .ReplaceNamespacedRoleBindingAsync(roleBinding, roleBinding.Metadata.Name, componentNamespace.Metadata.Name) .ConfigureAwait(false); } return(component); });
private async Task <string> DescribeObject(Kubernetes client, V1Namespace ns, V1RoleBinding o, StringBuilder buffer) { var fetched = await client.ReadNamespacedRoleBindingAsync(o.Metadata.Name, ns.Metadata.Name).ConfigureAwait(false); buffer.AppendLine($"API Veresion: {fetched.ApiVersion}"); buffer.AppendLine($"Kind: {fetched.Kind}"); buffer.AppendLine(DescribeMetadata(fetched.Metadata)); return($"Role Binding - {fetched.Metadata.Name}"); }