use of io.fabric8.kubernetes.api.model.rbac.RoleRef in project strimzi by strimzi.
the class RoleBindingOperatorTest method resource.
@Override
protected RoleBinding resource() {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName("some-service-account").withNamespace(NAMESPACE).build();
RoleRef roleRef = new RoleRefBuilder().withName("some-role").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return new RoleBindingBuilder().withNewMetadata().withName(RESOURCE_NAME).withNamespace(NAMESPACE).withLabels(singletonMap("foo", "bar")).endMetadata().withRoleRef(roleRef).withSubjects(singletonList(ks)).build();
}
use of io.fabric8.kubernetes.api.model.rbac.RoleRef in project strimzi by strimzi.
the class KafkaCluster method generateClusterRoleBinding.
/**
* Creates the ClusterRoleBinding which is used to bind the Kafka SA to the ClusterRole
* which permissions the Kafka init container to access K8S nodes (necessary for rack-awareness).
*
* @param assemblyNamespace The namespace.
* @return The cluster role binding.
*/
public ClusterRoleBinding generateClusterRoleBinding(String assemblyNamespace) {
if (rack != null || isExposedWithNodePort()) {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName(getServiceAccountName()).withNamespace(assemblyNamespace).build();
RoleRef roleRef = new RoleRefBuilder().withName("strimzi-kafka-broker").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return getClusterRoleBinding(KafkaResources.initContainerClusterRoleBindingName(cluster, namespace), ks, roleRef);
} else {
return null;
}
}
use of io.fabric8.kubernetes.api.model.rbac.RoleRef in project strimzi by strimzi.
the class KafkaConnectCluster method generateClusterRoleBinding.
/**
* Creates the ClusterRoleBinding which is used to bind the Kafka Connect SA to the ClusterRole
* which permissions the Kafka init container to access K8S nodes (necessary for rack-awareness).
*
* @return The cluster role binding.
*/
public ClusterRoleBinding generateClusterRoleBinding() {
if (rack == null) {
return null;
}
Subject subject = new SubjectBuilder().withKind("ServiceAccount").withName(getServiceAccountName()).withNamespace(namespace).build();
RoleRef roleRef = new RoleRefBuilder().withName("strimzi-kafka-client").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return getClusterRoleBinding(KafkaConnectResources.initContainerClusterRoleBindingName(cluster, namespace), subject, roleRef);
}
use of io.fabric8.kubernetes.api.model.rbac.RoleRef in project strimzi-kafka-operator by strimzi.
the class EntityTopicOperator method generateRoleBindingForRole.
public RoleBinding generateRoleBindingForRole(String namespace, String watchedNamespace) {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName(EntityOperator.entityOperatorServiceAccountName(cluster)).withNamespace(namespace).build();
RoleRef roleRef = new RoleRefBuilder().withName(getRoleName()).withApiGroup("rbac.authorization.k8s.io").withKind("Role").build();
RoleBinding rb = generateRoleBinding(roleBindingForRoleName(cluster), watchedNamespace, roleRef, singletonList(ks));
// We set OwnerReference only within the same namespace since it does not work cross-namespace
if (!namespace.equals(watchedNamespace)) {
rb.getMetadata().setOwnerReferences(Collections.emptyList());
}
return rb;
}
use of io.fabric8.kubernetes.api.model.rbac.RoleRef in project strimzi-kafka-operator by strimzi.
the class KafkaCluster method generateClusterRoleBinding.
/**
* Creates the ClusterRoleBinding which is used to bind the Kafka SA to the ClusterRole
* which permissions the Kafka init container to access K8S nodes (necessary for rack-awareness).
*
* @param assemblyNamespace The namespace.
* @return The cluster role binding.
*/
public ClusterRoleBinding generateClusterRoleBinding(String assemblyNamespace) {
if (rack != null || isExposedWithNodePort()) {
Subject ks = new SubjectBuilder().withKind("ServiceAccount").withName(getServiceAccountName()).withNamespace(assemblyNamespace).build();
RoleRef roleRef = new RoleRefBuilder().withName("strimzi-kafka-broker").withApiGroup("rbac.authorization.k8s.io").withKind("ClusterRole").build();
return getClusterRoleBinding(KafkaResources.initContainerClusterRoleBindingName(cluster, namespace), ks, roleRef);
} else {
return null;
}
}
Aggregations