Merge pull request DOME-Marketplace#36 from DOME-Marketplace/sbx_acco…

…unt_script

Template with resources for SBX env access - new namespace with all r…

scripts/templates_sbx/config/kube-config.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Config
+preferences: {}
+current-context: %NAMESPACE%-service-account@Sbx
+clusters:
+- cluster:
+ certificate-authority-data: %CA_CERT%
+ server: %KUBE_SERVER_URL%
+ name: !!str Sbx
+contexts:
+- context:
+ cluster: !!str Sbx
+ user: %NAMESPACE%-service-account
+ name: %NAMESPACE%-service-account@Sbx
+users:
+- name: %NAMESPACE%-service-account
+ user:
+ token: %TOKEN%

scripts/templates_sbx/namespace.yaml

@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: %NAMESPACE%

scripts/templates_sbx/role-binding.yaml

@@ -0,0 +1,13 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+ name: %NAMESPACE%-role-binding
+ namespace: %NAMESPACE%
+subjects:
+- kind: ServiceAccount
+ name: %NAMESPACE%-service-account
+ namespace: %NAMESPACE%
+roleRef:
+ kind: Role
+ name: integration-role
+ apiGroup: rbac.authorization.k8s.io

scripts/templates_sbx/role.yaml

@@ -0,0 +1,12 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+ name: integration-role
+ namespace: %NAMESPACE%
+rules:
+- apiGroups: [""]
+ resources: ["*"]
+ verbs: ["get", "list", "create", "update", "delete", "watch"]
+- apiGroups: ["bitnami.com"]
+ resources: ["sealedsecrets"]
+ verbs: ["get", "list", "create", "update", "delete", "watch"]

scripts/templates_sbx/service-account.yaml

@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: %NAMESPACE%-service-account
+ namespace: %NAMESPACE%

scripts/templates_sbx/token.yaml

@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: %NAMESPACE%-sa-secret
+ namespace: %NAMESPACE%
+ annotations:
+ kubernetes.io/service-account.name: %NAMESPACE%-service-account
+type: kubernetes.io/service-account-token