forked from hswaw/hscloud
games/valheim: create serviceaccount for external users/systems
q3k uses this to give access to someone who plays on the valheim server so that they can get logs / restart things / etc. Change-Id: If205709142d386c460eeb835829888957d28a654 Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1442 Reviewed-by: patryk <patryk@hackerspace.pl>master
parent
28742b8106
commit
3c9b825ec7
|
|
@ -59,6 +59,37 @@ local kube = import "../../kube/kube.libsonnet";
|
|||
},
|
||||
},
|
||||
|
||||
// Given to some external users/systems which manage a given valheim server in a namespace.
|
||||
// TODO(q3k): only grant privileges to the same server
|
||||
controlAccount: {
|
||||
svcAccount: ns.Contain(kube.ServiceAccount(named("control"))),
|
||||
role: ns.Contain(kube.Role("control")) {
|
||||
rules: [
|
||||
{
|
||||
apiGroups: [""],
|
||||
resources: ["pods"],
|
||||
verbs: ["get", "list", "watch", "delete"],
|
||||
},
|
||||
{
|
||||
apiGroups: [""],
|
||||
resources: ["pods/log"],
|
||||
verbs: ["get"],
|
||||
},
|
||||
{
|
||||
apiGroups: ["apps"],
|
||||
resources: ["deployments"],
|
||||
verbs: ["get", "list", "watch"],
|
||||
},
|
||||
],
|
||||
},
|
||||
roleBinding: ns.Contain(kube.RoleBinding(named("control"))) {
|
||||
subjects_: [
|
||||
game.controlAccount.svcAccount,
|
||||
],
|
||||
roleRef_: game.controlAccount.role,
|
||||
},
|
||||
},
|
||||
|
||||
scripts: ns.Contain(kube.ConfigMap(named("scripts"))) {
|
||||
data: {
|
||||
# Based on https://github.com/mbround18/valheim-docker ,
|
||||
|
|
|
|||
Loading…
Reference in New Issue