-
Notifications
You must be signed in to change notification settings - Fork 2.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fully support generation of K8s RBAC resources
These changes address a long-time issue in regards of K8s RBAC resources (see related issues). These changes allow to generate custom Roles, ClusterRoles, ServiceAccount, and RoleBindings. Plus, it allows the Kubernetes Client and Kubernetes Config extensions to configure the role binding to generate. Fix #16612 Fix #19286 Fix #15422
- Loading branch information
Showing
52 changed files
with
1,844 additions
and
137 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
65 changes: 65 additions & 0 deletions
65
...untime-internal/src/main/java/io/quarkus/kubernetes/client/runtime/RoleBindingConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
package io.quarkus.kubernetes.client.runtime; | ||
|
||
import java.util.Map; | ||
import java.util.Optional; | ||
|
||
import io.quarkus.runtime.annotations.ConfigGroup; | ||
import io.quarkus.runtime.annotations.ConfigItem; | ||
|
||
@ConfigGroup | ||
public class RoleBindingConfig { | ||
|
||
/** | ||
* Name of the RoleBinding resource to be generated. If not provided, it will use the application name plus the role | ||
* ref name. | ||
*/ | ||
@ConfigItem | ||
public Optional<String> name; | ||
|
||
/** | ||
* Labels to add into the RoleBinding resource. | ||
*/ | ||
@ConfigItem | ||
public Map<String, String> labels; | ||
|
||
/** | ||
* The "kind" resource to use by the Subject element in the generated Role Binding resource. | ||
* By default, it's "ServiceAccount" kind. | ||
*/ | ||
@ConfigItem(defaultValue = "ServiceAccount") | ||
public String subjectKind; | ||
|
||
/** | ||
* The "apiGroup" resource that matches with the "kind" property. By default, it's empty. | ||
*/ | ||
@ConfigItem | ||
public Optional<String> subjectApiGroup; | ||
|
||
/** | ||
* The "name" resource to use by the Subject element in the generated Role Binding resource. | ||
* By default, it's the application name. | ||
*/ | ||
@ConfigItem | ||
public Optional<String> subjectName; | ||
|
||
/** | ||
* The "namespace" resource to use by the Subject element in the generated Role Binding resource. | ||
* By default, it will use the same as provided in the generated resources. | ||
*/ | ||
@ConfigItem | ||
public Optional<String> subjectNamespace; | ||
|
||
/** | ||
* The name of the Role resource to use by the RoleRef element in the generated Role Binding resource. | ||
* By default, it's "view" role name. | ||
*/ | ||
@ConfigItem(defaultValue = "view") | ||
public String roleName; | ||
|
||
/** | ||
* If the Role sets in the `role-name` property is cluster wide or not. | ||
* By default, it's "true". | ||
*/ | ||
@ConfigItem(defaultValue = "true") | ||
public boolean clusterWide; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
34 changes: 34 additions & 0 deletions
34
...-config/runtime/src/main/java/io/quarkus/kubernetes/config/runtime/SecretsRoleConfig.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
package io.quarkus.kubernetes.config.runtime; | ||
|
||
import java.util.Optional; | ||
|
||
import io.quarkus.runtime.annotations.ConfigGroup; | ||
import io.quarkus.runtime.annotations.ConfigItem; | ||
|
||
@ConfigGroup | ||
public class SecretsRoleConfig { | ||
|
||
/** | ||
* The name of the role. | ||
*/ | ||
@ConfigItem(defaultValue = "view-secrets") | ||
public String name; | ||
|
||
/** | ||
* The namespace of the role. | ||
*/ | ||
@ConfigItem | ||
public Optional<String> namespace; | ||
|
||
/** | ||
* Whether the role is cluster wide or not. By default, it's not a cluster wide role. | ||
*/ | ||
@ConfigItem(defaultValue = "false") | ||
public boolean clusterWide; | ||
|
||
/** | ||
* If the current role is meant to be generated or not. If not, it will only be used to generate the role binding resource. | ||
*/ | ||
@ConfigItem(defaultValue = "true") | ||
public boolean generate; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.