From 4f8a04273c5d3b6c63f2aa2cf2fdbae6eb8e289d Mon Sep 17 00:00:00 2001 From: peefy Date: Thu, 9 Nov 2023 21:19:11 +0800 Subject: [PATCH] feat: add cluster role binding Signed-off-by: peefy --- add-rolebinding/README.md | 7 +++++++ add-rolebinding/kcl.mod | 5 +++++ add-rolebinding/main.k | 25 +++++++++++++++++++++++++ 3 files changed, 37 insertions(+) create mode 100644 add-rolebinding/README.md create mode 100644 add-rolebinding/kcl.mod create mode 100644 add-rolebinding/main.k diff --git a/add-rolebinding/README.md b/add-rolebinding/README.md new file mode 100644 index 00000000..1850bea7 --- /dev/null +++ b/add-rolebinding/README.md @@ -0,0 +1,7 @@ +## Introduction + +`add-rolebinding` is a KCL mutation module. + +## Resource + +The Code source and documents are [here](https://github.com/kcl-lang/artifacthub/tree/main/add-rolebinding) diff --git a/add-rolebinding/kcl.mod b/add-rolebinding/kcl.mod new file mode 100644 index 00000000..6c14b4f8 --- /dev/null +++ b/add-rolebinding/kcl.mod @@ -0,0 +1,5 @@ +[package] +name = "add-rolebinding" +version = "0.1.0" +description = "`add-rolebinding` is a KCL mutation module." + diff --git a/add-rolebinding/main.k b/add-rolebinding/main.k new file mode 100644 index 00000000..b9a2462f --- /dev/null +++ b/add-rolebinding/main.k @@ -0,0 +1,25 @@ +ns_list = [item.metadata.name for item in option("items") if item.kind == "Namespace"] +username = option("params")?.username or "user" + +items = option("items") + [ + { + synchronize: True + apiVersion: "rbac.authorization.k8s.io/v1" + kind: "RoleBinding" + name: "${username}-admin-binding" + namespace: ns.metadata.name + data: { + roleRef: { + apiGroup: "rbac.authorization.k8s.io" + kind: "ClusterRole" + name: "admin" + } + subjects: [ + { + kind: "User" + name: "${username}" + } + ] + } + } for ns in ns_list +]