rke/authz/authz.go

package authz

import (
	"context"

	"github.com/rancher/rke/k8s"
	"github.com/rancher/rke/log"
	"github.com/rancher/rke/templates"
	"k8s.io/client-go/transport"
)

func ApplyJobDeployerServiceAccount(ctx context.Context, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) error {
	log.Infof(ctx, "[authz] Creating rke-job-deployer ServiceAccount")
	k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)
	if err != nil {
		return err
	}
	if err := k8s.UpdateClusterRoleBindingFromYaml(k8sClient, templates.JobDeployerClusterRoleBinding); err != nil {
		return err
	}
	if err := k8s.UpdateServiceAccountFromYaml(k8sClient, templates.JobDeployerServiceAccount); err != nil {
		return err
	}
	log.Infof(ctx, "[authz] rke-job-deployer ServiceAccount created successfully")
	return nil
}

func ApplySystemNodeClusterRoleBinding(ctx context.Context, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) error {
	log.Infof(ctx, "[authz] Creating system:node ClusterRoleBinding")
	k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)
	if err != nil {
		return err
	}
	if err := k8s.UpdateClusterRoleBindingFromYaml(k8sClient, templates.SystemNodeClusterRoleBinding); err != nil {
		return err
	}
	log.Infof(ctx, "[authz] system:node ClusterRoleBinding created successfully")
	return nil
}

func ApplyKubeAPIClusterRole(ctx context.Context, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) error {
	log.Infof(ctx, "[authz] Creating kube-apiserver proxy ClusterRole and ClusterRoleBinding")
	k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)
	if err != nil {
		return err
	}
	if err := k8s.UpdateClusterRoleFromYaml(k8sClient, templates.KubeAPIClusterRole); err != nil {
		return err
	}
	if err := k8s.UpdateClusterRoleBindingFromYaml(k8sClient, templates.KubeAPIClusterRoleBinding); err != nil {
		return err
	}
	log.Infof(ctx, "[authz] kube-apiserver proxy ClusterRole and ClusterRoleBinding created successfully")
	return nil
}
Enable RBAC and needed addons/network plugin configuration 2017-12-14 21:56:19 +00:00			`package authz`

			`import (`
Add context.Context to everything and also make logging pluggable 2018-01-09 22:10:56 +00:00			`"context"`

Enable RBAC and needed addons/network plugin configuration 2017-12-14 21:56:19 +00:00			`"github.com/rancher/rke/k8s"`
Add context.Context to everything and also make logging pluggable 2018-01-09 22:10:56 +00:00			`"github.com/rancher/rke/log"`
Use go templates for addons, network plugins and other manifests 2017-12-16 03:37:45 +00:00			`"github.com/rancher/rke/templates"`
Update to new certs package since latest k8s dropped it 2019-08-19 17:53:15 +00:00			`"k8s.io/client-go/transport"`
Enable RBAC and needed addons/network plugin configuration 2017-12-14 21:56:19 +00:00			`)`

Update to new certs package since latest k8s dropped it 2019-08-19 17:53:15 +00:00			`func ApplyJobDeployerServiceAccount(ctx context.Context, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) error {`
Add context.Context to everything and also make logging pluggable 2018-01-09 22:10:56 +00:00			`log.Infof(ctx, "[authz] Creating rke-job-deployer ServiceAccount")`
Add support for custom WrapTransport for Kubernetes Client 2018-02-20 11:51:57 +00:00			`k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)`
Enable RBAC and needed addons/network plugin configuration 2017-12-14 21:56:19 +00:00			`if err != nil {`
			`return err`
			`}`
Use go templates for addons, network plugins and other manifests 2017-12-16 03:37:45 +00:00			`if err := k8s.UpdateClusterRoleBindingFromYaml(k8sClient, templates.JobDeployerClusterRoleBinding); err != nil {`
Enable RBAC and needed addons/network plugin configuration 2017-12-14 21:56:19 +00:00			`return err`
			`}`
Use go templates for addons, network plugins and other manifests 2017-12-16 03:37:45 +00:00			`if err := k8s.UpdateServiceAccountFromYaml(k8sClient, templates.JobDeployerServiceAccount); err != nil {`
Enable RBAC and needed addons/network plugin configuration 2017-12-14 21:56:19 +00:00			`return err`
			`}`
Add context.Context to everything and also make logging pluggable 2018-01-09 22:10:56 +00:00			`log.Infof(ctx, "[authz] rke-job-deployer ServiceAccount created successfully")`
Enable RBAC and needed addons/network plugin configuration 2017-12-14 21:56:19 +00:00			`return nil`
			`}`

Update to new certs package since latest k8s dropped it 2019-08-19 17:53:15 +00:00			`func ApplySystemNodeClusterRoleBinding(ctx context.Context, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) error {`
Add context.Context to everything and also make logging pluggable 2018-01-09 22:10:56 +00:00			`log.Infof(ctx, "[authz] Creating system:node ClusterRoleBinding")`
Add support for custom WrapTransport for Kubernetes Client 2018-02-20 11:51:57 +00:00			`k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)`
Enable RBAC and needed addons/network plugin configuration 2017-12-14 21:56:19 +00:00			`if err != nil {`
			`return err`
			`}`
Use go templates for addons, network plugins and other manifests 2017-12-16 03:37:45 +00:00			`if err := k8s.UpdateClusterRoleBindingFromYaml(k8sClient, templates.SystemNodeClusterRoleBinding); err != nil {`
Enable RBAC and needed addons/network plugin configuration 2017-12-14 21:56:19 +00:00			`return err`
			`}`
Add context.Context to everything and also make logging pluggable 2018-01-09 22:10:56 +00:00			`log.Infof(ctx, "[authz] system:node ClusterRoleBinding created successfully")`
Enable RBAC and needed addons/network plugin configuration 2017-12-14 21:56:19 +00:00			`return nil`
			`}`
Add kubeapi proxy cluster role and role binding 2019-07-25 20:07:38 +00:00
Update to new certs package since latest k8s dropped it 2019-08-19 17:53:15 +00:00			`func ApplyKubeAPIClusterRole(ctx context.Context, kubeConfigPath string, k8sWrapTransport transport.WrapperFunc) error {`
Add kubeapi proxy cluster role and role binding 2019-07-25 20:07:38 +00:00			`log.Infof(ctx, "[authz] Creating kube-apiserver proxy ClusterRole and ClusterRoleBinding")`
			`k8sClient, err := k8s.NewClient(kubeConfigPath, k8sWrapTransport)`
			`if err != nil {`
			`return err`
			`}`
			`if err := k8s.UpdateClusterRoleFromYaml(k8sClient, templates.KubeAPIClusterRole); err != nil {`
			`return err`
			`}`
			`if err := k8s.UpdateClusterRoleBindingFromYaml(k8sClient, templates.KubeAPIClusterRoleBinding); err != nil {`
			`return err`
			`}`
			`log.Infof(ctx, "[authz] kube-apiserver proxy ClusterRole and ClusterRoleBinding created successfully")`
			`return nil`
			`}`