games/valheim: create serviceaccount for external users/systems

q3k uses this to give access to someone who plays on the valheim server
so that they can get logs / restart things / etc.

Change-Id: If205709142d386c460eeb835829888957d28a654
Reviewed-on: https://gerrit.hackerspace.pl/c/hscloud/+/1442
Reviewed-by: patryk <patryk@hackerspace.pl>
This commit is contained in:
q3k 2022-11-27 14:48:07 +00:00 committed by q3k
parent 28742b8106
commit 3c9b825ec7

View file

@ -59,6 +59,37 @@ local kube = import "../../kube/kube.libsonnet";
},
},
// Given to some external users/systems which manage a given valheim server in a namespace.
// TODO(q3k): only grant privileges to the same server
controlAccount: {
svcAccount: ns.Contain(kube.ServiceAccount(named("control"))),
role: ns.Contain(kube.Role("control")) {
rules: [
{
apiGroups: [""],
resources: ["pods"],
verbs: ["get", "list", "watch", "delete"],
},
{
apiGroups: [""],
resources: ["pods/log"],
verbs: ["get"],
},
{
apiGroups: ["apps"],
resources: ["deployments"],
verbs: ["get", "list", "watch"],
},
],
},
roleBinding: ns.Contain(kube.RoleBinding(named("control"))) {
subjects_: [
game.controlAccount.svcAccount,
],
roleRef_: game.controlAccount.role,
},
},
scripts: ns.Contain(kube.ConfigMap(named("scripts"))) {
data: {
# Based on https://github.com/mbround18/valheim-docker ,