forked from hswaw/hscloud
games/valheim: allow patryk@ and palid@ to administer valheim namespace
This will create the following: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: annotations: {} labels: name: sso-admins name: sso:admins namespace: valheim roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:admin-namespace subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: patryk@hackerspace.pl - apiGroup: rbac.authorization.k8s.io kind: User name: palid@hackerspace.pl It's not enough to allow palid to use kubecfg (as we use a secretstore secret in this jsonnet), but at least to manually restart the server via kubectl, which is needed to update the game. Change-Id: I6cb42ca87c9a78bbe34957f2c5e23acd2efe3423
This commit is contained in:
parent
a715a02ad0
commit
2371ca9073
1 changed files with 14 additions and 1 deletions
|
@ -155,7 +155,20 @@ local kube = import "../../kube/kube.libsonnet";
|
|||
},
|
||||
},
|
||||
|
||||
ns: kube.Namespace("valheim") {
|
||||
# Make namespace for valheim.
|
||||
ns: kube.Namespace("valheim"),
|
||||
|
||||
# Allow patryk and palid to administer this namespace via the namespace-admin clusterrole.
|
||||
adminRB: top.ns.Contain(kube.RoleBinding("sso:admins")) {
|
||||
subjects: [
|
||||
{ apiGroup: "rbac.authorization.k8s.io", kind: "User", name: "%s@hackerspace.pl" % [u] }
|
||||
for u in ["patryk", "palid"]
|
||||
],
|
||||
roleRef: {
|
||||
apiGroup: "rbac.authorization.k8s.io",
|
||||
kind: "ClusterRole",
|
||||
name: "system:admin-namespace",
|
||||
},
|
||||
},
|
||||
|
||||
q3k: top.env(top.ns, "q3k") {
|
||||
|
|
Loading…
Reference in a new issue