Example 21 with ClusterRole
use of io.fabric8.kubernetes.api.model.rbac.ClusterRole in project strimzi by strimzi.
the class RoleBindingOperatorTest method resource.
@Override
protected RoleBinding resource() {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName("some-service-account").withNamespace(NAMESPACE).build();
RoleRef roleRef = new RoleRefBuilder().withName("some-role").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return new RoleBindingBuilder().withNewMetadata().withName(RESOURCE_NAME).withNamespace(NAMESPACE).withLabels(singletonMap("foo", "bar")).endMetadata().withRoleRef(roleRef).withSubjects(singletonList(ks)).build();
}
Also used :
RoleBindingBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder)
RoleRef(io.fabric8.kubernetes.api.model.rbac.RoleRef)
SubjectBuilder(io.fabric8.kubernetes.api.model.rbac.SubjectBuilder)
Subject(io.fabric8.kubernetes.api.model.rbac.Subject)
RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder)
Example 22 with ClusterRole
use of io.fabric8.kubernetes.api.model.rbac.ClusterRole in project strimzi by strimzi.
the class KafkaCluster method generateClusterRoleBinding.
/**
* Creates the ClusterRoleBinding which is used to bind the Kafka SA to the ClusterRole
* which permissions the Kafka init container to access K8S nodes (necessary for rack-awareness).
*
* @param assemblyNamespace The namespace.
* @return The cluster role binding.
*/
public ClusterRoleBinding generateClusterRoleBinding(String assemblyNamespace) {
if (rack != null || isExposedWithNodePort()) {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName(getServiceAccountName()).withNamespace(assemblyNamespace).build();
RoleRef roleRef = new RoleRefBuilder().withName("strimzi-kafka-broker").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return getClusterRoleBinding(KafkaResources.initContainerClusterRoleBindingName(cluster, namespace), ks, roleRef);
} else {
return null;
}
}
Also used :
RoleRef(io.fabric8.kubernetes.api.model.rbac.RoleRef)
SubjectBuilder(io.fabric8.kubernetes.api.model.rbac.SubjectBuilder)
Subject(io.fabric8.kubernetes.api.model.rbac.Subject)
RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder)
Example 23 with ClusterRole
use of io.fabric8.kubernetes.api.model.rbac.ClusterRole in project strimzi by strimzi.
the class KafkaConnectCluster method generateClusterRoleBinding.
/**
* Creates the ClusterRoleBinding which is used to bind the Kafka Connect SA to the ClusterRole
* which permissions the Kafka init container to access K8S nodes (necessary for rack-awareness).
*
* @return The cluster role binding.
*/
public ClusterRoleBinding generateClusterRoleBinding() {
if (rack == null) {
return null;
}
Subject subject = new SubjectBuilder().withKind("ServiceAccount").withName(getServiceAccountName()).withNamespace(namespace).build();
RoleRef roleRef = new RoleRefBuilder().withName("strimzi-kafka-client").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return getClusterRoleBinding(KafkaConnectResources.initContainerClusterRoleBindingName(cluster, namespace), subject, roleRef);
}
Also used :
RoleRef(io.fabric8.kubernetes.api.model.rbac.RoleRef)
SubjectBuilder(io.fabric8.kubernetes.api.model.rbac.SubjectBuilder)
Subject(io.fabric8.kubernetes.api.model.rbac.Subject)
RoleRefBuilder(io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder)
Example 24 with ClusterRole
use of io.fabric8.kubernetes.api.model.rbac.ClusterRole in project strimzi by strimzi.
the class SetupClusterOperator method applyClusterOperatorInstallFiles.
/**
* Perform application of ServiceAccount, Roles and CRDs needed for proper cluster operator deployment.
* Configuration files are loaded from packaging/install/cluster-operator directory.
*/
public void applyClusterOperatorInstallFiles(String namespace) {
List<File> operatorFiles = Arrays.stream(new File(CO_INSTALL_DIR).listFiles()).sorted().filter(File::isFile).filter(file -> !file.getName().matches(".*(Binding|Deployment)-.*")).collect(Collectors.toList());
for (File operatorFile : operatorFiles) {
File createFile = operatorFile;
if (createFile.getName().contains(Constants.CLUSTER_ROLE + "-")) {
createFile = switchClusterRolesToRolesIfNeeded(createFile);
}
final String resourceType = createFile.getName().split("-")[1];
LOGGER.debug("Installation resource type: {}", resourceType);
switch(resourceType) {
case Constants.ROLE:
Role role = TestUtils.configFromYaml(createFile, Role.class);
ResourceManager.getInstance().createResource(extensionContext, new RoleBuilder(role).editMetadata().withNamespace(namespace).endMetadata().build());
break;
case Constants.CLUSTER_ROLE:
ClusterRole clusterRole = TestUtils.configFromYaml(createFile, ClusterRole.class);
ResourceManager.getInstance().createResource(extensionContext, clusterRole);
break;
case Constants.SERVICE_ACCOUNT:
ServiceAccount serviceAccount = TestUtils.configFromYaml(createFile, ServiceAccount.class);
ResourceManager.getInstance().createResource(extensionContext, new ServiceAccountBuilder(serviceAccount).editMetadata().withNamespace(namespace).endMetadata().build());
break;
case Constants.CONFIG_MAP:
ConfigMap configMap = TestUtils.configFromYaml(createFile, ConfigMap.class);
ResourceManager.getInstance().createResource(extensionContext, new ConfigMapBuilder(configMap).editMetadata().withNamespace(namespace).endMetadata().build());
break;
case Constants.CUSTOM_RESOURCE_DEFINITION_SHORT:
CustomResourceDefinition customResourceDefinition = TestUtils.configFromYaml(createFile, CustomResourceDefinition.class);
ResourceManager.getInstance().createResource(extensionContext, customResourceDefinition);
break;
default:
LOGGER.error("Unknown installation resource type: {}", resourceType);
throw new RuntimeException("Unknown installation resource type:" + resourceType);
}
}
}
Also used :
Environment(io.strimzi.systemtest.Environment)
ClusterRoleBinding(io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding)
EnvVar(io.fabric8.kubernetes.api.model.EnvVar)
Arrays(java.util.Arrays)
OlmResource(io.strimzi.systemtest.resources.operator.specific.OlmResource)
RoleBindingResource(io.strimzi.systemtest.resources.kubernetes.RoleBindingResource)
NetworkPolicyResource(io.strimzi.systemtest.resources.kubernetes.NetworkPolicyResource)
Role(io.fabric8.kubernetes.api.model.rbac.Role)
Level(org.apache.logging.log4j.Level)
HashMap(java.util.HashMap)
ExtensionContext(org.junit.jupiter.api.extension.ExtensionContext)
ClusterRoleBindingResource(io.strimzi.systemtest.resources.kubernetes.ClusterRoleBindingResource)
ArrayList(java.util.ArrayList)
RoleBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBuilder)
HelmResource(io.strimzi.systemtest.resources.operator.specific.HelmResource)
KubeClusterResource(io.strimzi.test.k8s.KubeClusterResource)
Map(java.util.Map)
TestUtils(io.strimzi.test.TestUtils)
Assumptions.assumeTrue(org.junit.jupiter.api.Assumptions.assumeTrue)
CustomResourceDefinition(io.fabric8.kubernetes.api.model.apiextensions.v1.CustomResourceDefinition)
StUtils(io.strimzi.systemtest.utils.StUtils)
ClusterOperatorRBACType(io.strimzi.systemtest.enums.ClusterOperatorRBACType)
BeforeAllOnce(io.strimzi.systemtest.BeforeAllOnce)
OpenShift(io.strimzi.test.k8s.cluster.OpenShift)
Predicate(java.util.function.Predicate)
CollectorElement(io.strimzi.test.logs.CollectorElement)
ServiceAccountBuilder(io.fabric8.kubernetes.api.model.ServiceAccountBuilder)
Constants(io.strimzi.systemtest.Constants)
IOException(java.io.IOException)
ClusterRoleBindingTemplates(io.strimzi.systemtest.templates.kubernetes.ClusterRoleBindingTemplates)
Collectors(java.util.stream.Collectors)
File(java.io.File)
ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap)
KubeClusterResource.kubeClient(io.strimzi.test.k8s.KubeClusterResource.kubeClient)
ConfigMapBuilder(io.fabric8.kubernetes.api.model.ConfigMapBuilder)
Objects(java.util.Objects)
RoleResource(io.strimzi.systemtest.resources.kubernetes.RoleResource)
List(java.util.List)
Exec(io.strimzi.test.executor.Exec)
Logger(org.apache.logging.log4j.Logger)
ResourceManager(io.strimzi.systemtest.resources.ResourceManager)
ClusterRole(io.fabric8.kubernetes.api.model.rbac.ClusterRole)
ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount)
LogManager(org.apache.logging.log4j.LogManager)
Collections(java.util.Collections)
SuppressFBWarnings(edu.umd.cs.findbugs.annotations.SuppressFBWarnings)
ServiceAccount(io.fabric8.kubernetes.api.model.ServiceAccount)
ConfigMap(io.fabric8.kubernetes.api.model.ConfigMap)
CustomResourceDefinition(io.fabric8.kubernetes.api.model.apiextensions.v1.CustomResourceDefinition)
ServiceAccountBuilder(io.fabric8.kubernetes.api.model.ServiceAccountBuilder)
RoleBuilder(io.fabric8.kubernetes.api.model.rbac.RoleBuilder)
ClusterRole(io.fabric8.kubernetes.api.model.rbac.ClusterRole)
Role(io.fabric8.kubernetes.api.model.rbac.Role)
ClusterRole(io.fabric8.kubernetes.api.model.rbac.ClusterRole)
ConfigMapBuilder(io.fabric8.kubernetes.api.model.ConfigMapBuilder)
File(java.io.File)
Example 25 with ClusterRole
use of io.fabric8.kubernetes.api.model.rbac.ClusterRole in project strimzi-kafka-operator by strimzi.
the class ClusterRoleOperator method convertYamlToClusterRole.
public static ClusterRole convertYamlToClusterRole(String yaml) {
try {
ObjectMapper yamlReader = new ObjectMapper(new YAMLFactory());
ClusterRole cr = yamlReader.readValue(yaml, ClusterRole.class);
return cr;
} catch (IOException e) {
throw new RuntimeException(e);
}
}
Also used :
YAMLFactory(com.fasterxml.jackson.dataformat.yaml.YAMLFactory)
IOException(java.io.IOException)
ObjectMapper(com.fasterxml.jackson.databind.ObjectMapper)
ClusterRole(io.fabric8.kubernetes.api.model.rbac.ClusterRole)
Aggregations
SubjectBuilder (io.fabric8.kubernetes.api.model.rbac.SubjectBuilder)18
RoleRefBuilder (io.fabric8.kubernetes.api.model.rbac.RoleRefBuilder)16
RoleRef (io.fabric8.kubernetes.api.model.rbac.RoleRef)14
Subject (io.fabric8.kubernetes.api.model.rbac.Subject)14
ClusterRole (io.fabric8.kubernetes.api.model.rbac.ClusterRole)12
ClusterRoleBindingBuilder (io.fabric8.kubernetes.api.model.rbac.ClusterRoleBindingBuilder)10
ClusterRoleBinding (io.fabric8.kubernetes.api.model.rbac.ClusterRoleBinding)8
IOException (java.io.IOException)8
RoleBindingBuilder (io.fabric8.kubernetes.api.model.rbac.RoleBindingBuilder)6
ArrayList (java.util.ArrayList)5
Map (java.util.Map)5
EnvVar (io.fabric8.kubernetes.api.model.EnvVar)4
ServiceAccount (io.fabric8.kubernetes.api.model.ServiceAccount)4
ServiceAccountBuilder (io.fabric8.kubernetes.api.model.ServiceAccountBuilder)4
Role (io.fabric8.kubernetes.api.model.rbac.Role)4
BeforeAllOnce (io.strimzi.systemtest.BeforeAllOnce)4
Environment (io.strimzi.systemtest.Environment)4
KubeClusterResource.kubeClient (io.strimzi.test.k8s.KubeClusterResource.kubeClient)4
ObjectMapper (com.fasterxml.jackson.databind.ObjectMapper)3
YAMLFactory (com.fasterxml.jackson.dataformat.yaml.YAMLFactory)3
