diff options
author | Thong Kuah <tkuah@gitlab.com> | 2018-09-28 08:20:24 +0300 |
---|---|---|
committer | Thong Kuah <tkuah@gitlab.com> | 2018-09-28 08:20:24 +0300 |
commit | 21148f85764102aab40b448724808a74db12e253 (patch) | |
tree | 75cdf25203017f834349fe6f42eb92c81dd13c77 | |
parent | 7ff63d49c44e80e244e766297a8de765dd91a074 (diff) |
WIP : Create gitlab-deploy service account for a namespace51716-automatically-create-service-account-to-project-namespace-tk
It feels that we should materialize the namespace, maybe
on the cluster_projects table so that we can keep track
what namespaces we have created
-rw-r--r-- | app/services/clusters/kubernetes/create_project_namespace_service_account_service.rb | 48 |
1 files changed, 48 insertions, 0 deletions
diff --git a/app/services/clusters/kubernetes/create_project_namespace_service_account_service.rb b/app/services/clusters/kubernetes/create_project_namespace_service_account_service.rb new file mode 100644 index 00000000000..6cb2cfee04b --- /dev/null +++ b/app/services/clusters/kubernetes/create_project_namespace_service_account_service.rb @@ -0,0 +1,48 @@ +# frozen_string_literal: true + +module Clusters + module Kubernetes + class CreateProjectNamespaceServiceAccountService + attr_reader :kubeclient, :namespace, :rbac + + def initialize(kubeclient, namespace, rbac: true) + @kubeclient = kubeclient + @namespace = namespace + @rbac = rbac + end + + def execute + kubeclient.create_service_account(service_account_resource) + kubeclient.create_secret(service_account_token_resource) + kubeclient.create_role_binding(role_binding_resource) if rbac? + end + + private + + def service_account_name + 'gitlab-deploy' + end + + def cluster_role_name + 'edit' + end + + def service_account_resource + Gitlab::Kubernetes::ServiceAccount.new(service_account_name, namespace).generate + end + + def service_account_token_resource + Gitlab::Kubernetes::ServiceAccountToken.new( + service_account_token_name, service_account_name, namespace).generate + end + + def role_binding_resource + Gitlab::Kubernetes::RoleBinding.new( + role_name: cluster_role_name, + namespace: namespace, + service_account_name: service_account_name + ).generate + end + end + end +end |