forked from hswaw/hscloud
Prodaccess/Prodvider allow issuing short-lived certificates for all SSO users to access the kubernetes cluster. Currently, all users get a personal-$username namespace in which they have adminitrative rights. Otherwise, they get no access. In addition, we define a static CRB to allow some admins access to everything. In the future, this will be more granular. We also update relevant documentation. Change-Id: Ia18594eea8a9e5efbb3e9a25a04a28bbd6a42153
18 lines
429 B
Text
18 lines
429 B
Text
load("@io_bazel_rules_go//go:def.bzl", "go_library")
|
|
load("@io_bazel_rules_go//extras:embed_data.bzl", "go_embed_data")
|
|
|
|
go_embed_data(
|
|
name = "certs_data",
|
|
srcs = glob(["*.crt"]),
|
|
package = "certs",
|
|
flatten = True,
|
|
)
|
|
|
|
go_library(
|
|
name = "go_default_library",
|
|
srcs = [
|
|
":certs_data", # keep
|
|
],
|
|
importpath = "code.hackerspace.pl/cluster/certs",
|
|
visibility = ["//visibility:public"],
|
|
)
|