nicolas
/
rivieradev-gitops
mirror of https://github.com/nmasse-itix/rivieradev-gitops.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5 Commits
1 Branch
0 Tags
123 KiB
 
Tree: 630ea930e4
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '630ea930e4'
${ noResults }
rivieradev-gitops/authentication/templates/cluster-auth.yaml

109 lines
2.5 KiB
Raw Blame History

apiVersion: v1
kind: Secret
metadata:
name: htpasswd-{{ trunc 8 (include "openshift-users-txt" . | sha256sum) }}
namespace: openshift-config
annotations:
argocd.argoproj.io/sync-options: Prune=false
argocd.argoproj.io/compare-options: IgnoreExtraneous
type: Opaque
data:
htpasswd: {{ include "openshift-htpasswd" . | b64enc | quote }}
users.txt: {{ include "openshift-users-txt" . | b64enc | quote }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: can-use-scc-privileged
rules:
- apiGroups:
- security.openshift.io
resourceNames:
- privileged
resources:
- securitycontextconstraints
verbs:
- use
{{- range (include "openshift-users" . | fromJsonArray) }}
---
kind: Namespace
apiVersion: v1
metadata:
annotations:
argocd.argoproj.io/sync-options: Prune=false
labels:
env: test
name: {{ (printf "%s-test" .) | quote }}
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ (printf "%s-admin" .) | quote }}
namespace: {{ (printf "%s-test" .) | quote }}
annotations:
argocd.argoproj.io/sync-options: Prune=false
subjects:
- kind: User
apiGroup: rbac.authorization.k8s.io
name: {{ . | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
---
kind: Namespace
apiVersion: v1
metadata:
annotations:
argocd.argoproj.io/sync-options: Prune=false
labels:
modelmesh-enabled: "true"
opendatahub.io/dashboard: "true"
name: {{ . | quote }}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: shared-memory
namespace: {{ . | quote }}
spec:
storageClassName: efs-csi
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
volumeMode: Filesystem
---
kind: RoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ (printf "%s-admin" .) | quote }}
namespace: {{ . | quote }}
annotations:
argocd.argoproj.io/sync-options: Prune=false
subjects:
- kind: User
apiGroup: rbac.authorization.k8s.io
name: {{ . | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ (printf "%s-can-use-scc-privileged" .) | quote }}
annotations:
argocd.argoproj.io/sync-options: Prune=false
subjects:
- kind: User
apiGroup: rbac.authorization.k8s.io
name: {{ . | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: can-use-scc-privileged
{{- end }}