| radex | 0776a79 | 2023-10-10 00:02:29 +0200 | [diff] [blame] | 1 | local kube = import "../../../kube/kube.libsonnet"; |
| 2 | |
| 3 | { |
| 4 | local createNamespaceRoleBinding(namespace, users) = kube.RoleBinding("admins") { |
| 5 | metadata+: { |
| 6 | namespace: namespace, |
| 7 | }, |
| 8 | roleRef: { |
| 9 | apiGroup: "rbac.authorization.k8s.io", |
| 10 | kind: "ClusterRole", |
| 11 | name: "system:admin-namespace", |
| 12 | }, |
| 13 | subjects: [ |
| 14 | kube.User("%s@hackerspace.pl" % [user]) |
| 15 | for user in users |
| 16 | ], |
| 17 | }, |
| 18 | NamespaceAdmins: { |
| 19 | namespaces:: error "namespaces not set", |
| 20 | local namespaces = self.namespaces, |
| Serge Bazanski | ab2e470 | 2023-10-31 10:48:24 +0000 | [diff] [blame] | 21 | nsObjects: [ |
| 22 | kube.Namespace(namespace) |
| 23 | for namespace in std.objectFields(namespaces) |
| 24 | ], |
| radex | 0776a79 | 2023-10-10 00:02:29 +0200 | [diff] [blame] | 25 | roleBindings: [ |
| 26 | createNamespaceRoleBinding(namespace, namespaces[namespace]) |
| 27 | for namespace in std.objectFields(namespaces) |
| 28 | ], |
| 29 | }, |
| 30 | } |