gitlabhq/role_binding.rb at master

mirror of https://github.com/gitlabhq/gitlabhq.git synced 2025-07-25 17:08:32 +00:00

Files

Hordur Freyr Yngvason 6971fd261d Give Knative serving permissions to service account

GitLab uses a kubernetes service account to perform deployments. For
serverless deployments to work as expected with externally created
clusters with their own knative installations (e.g. via Cloud Run), this
account requires additional permissions in the serving.knative.dev API
group.

2019-07-11 11:26:15 +00:00

50 lines

1.1 KiB

Ruby

Raw Permalink Blame History

 # frozen_string_literal: true
 module Gitlab
   module Kubernetes
     class RoleBinding
       def initialize(name:, role_name:, role_kind:, namespace:, service_account_name:)
         @name = name
         @role_name = role_name
         @role_kind = role_kind
         @namespace = namespace
         @service_account_name = service_account_name
       end
       def generate
         ::Kubeclient::Resource.new.tap do |resource|
           resource.metadata = metadata
           resource.roleRef  = role_ref
           resource.subjects = subjects
         end
       end
       private
       attr_reader :name, :role_name, :role_kind, :namespace, :service_account_name
       def metadata
         { name: name, namespace: namespace }
       end
       def role_ref
         {
           apiGroup: 'rbac.authorization.k8s.io',
           kind: role_kind,
           name: role_name
         }
       end
       def subjects
         [
           {
             kind: 'ServiceAccount',
             name: service_account_name,
             namespace: namespace
           }
         ]
       end
     end
   end
 end

50 lines 1.1 KiB Ruby Raw Permalink Blame History

50 lines

1.1 KiB

Ruby

Raw Permalink Blame History