| local kube = import "../../../kube/kube.libsonnet"; |
| |
| { |
| local createNamespaceRoleBinding(namespace, users) = kube.RoleBinding("admins") { |
| metadata+: { |
| namespace: namespace, |
| }, |
| roleRef: { |
| apiGroup: "rbac.authorization.k8s.io", |
| kind: "ClusterRole", |
| name: "system:admin-namespace", |
| }, |
| subjects: [ |
| kube.User("%s@hackerspace.pl" % [user]) |
| for user in users |
| ], |
| }, |
| NamespaceAdmins: { |
| namespaces:: error "namespaces not set", |
| local namespaces = self.namespaces, |
| nsObjects: [ |
| kube.Namespace(namespace) |
| for namespace in std.objectFields(namespaces) |
| ], |
| roleBindings: [ |
| createNamespaceRoleBinding(namespace, namespaces[namespace]) |
| for namespace in std.objectFields(namespaces) |
| ], |
| }, |
| } |