Gitiles
Code Review Sign In
gerrit.hackerspace.pl / hscloud / b13b7ffcdb3d37022d4cad4603b9bdacc6c54936
commitb13b7ffcdb3d37022d4cad4603b9bdacc6c54936[log] [tgz]
authorSergiusz Bazanski <q3k@hackerspace.pl>Thu Aug 29 20:12:24 2019 +0200
committerSergiusz Bazanski <q3k@hackerspace.pl>Fri Aug 30 23:08:18 2019 +0200
treefa2309b04edc36fe855f9e344dae4a91ef376add
parentd16454badc639bcec7ab4b54e7fe6a897b6052af [diff]
prod{access,vider}: implement

Prodaccess/Prodvider allow issuing short-lived certificates for all SSO
users to access the kubernetes cluster.

Currently, all users get a personal-$username namespace in which they
have adminitrative rights. Otherwise, they get no access.

In addition, we define a static CRB to allow some admins access to
everything. In the future, this will be more granular.

We also update relevant documentation.

Change-Id: Ia18594eea8a9e5efbb3e9a25a04a28bbd6a42153
28 files changed
tree: fa2309b04edc36fe855f9e344dae4a91ef376add
  1. app/
  2. bgpwtf/
  3. bzl/
  4. cluster/
  5. dc/
  6. devtools/
  7. gcp/
  8. go/
  9. hswaw/
  10. kube/
  11. personal/
  12. pip/
  13. tools/
  14. .bazelrc
  15. .gitignore
  16. BUILD
  17. COPYING
  18. env.sh
  19. README
  20. WORKSPACE