|
|
@ -56,7 +56,6 @@ reconcilers scope to the tenant namespaces.`,
|
|
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
const (
|
|
|
|
tenantLabel = "toolkit.fluxcd.io/tenant"
|
|
|
|
tenantLabel = "toolkit.fluxcd.io/tenant"
|
|
|
|
tenantRoleBinding = "gotk-reconciler"
|
|
|
|
|
|
|
|
)
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
|
|
var (
|
|
|
|
var (
|
|
|
@ -123,18 +122,20 @@ func createTenantCmdRun(cmd *cobra.Command, args []string) error {
|
|
|
|
|
|
|
|
|
|
|
|
roleBinding := rbacv1.RoleBinding{
|
|
|
|
roleBinding := rbacv1.RoleBinding{
|
|
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
|
|
ObjectMeta: metav1.ObjectMeta{
|
|
|
|
Name: tenantRoleBinding,
|
|
|
|
Name: fmt.Sprintf("%s-reconciler", tenant),
|
|
|
|
Namespace: ns,
|
|
|
|
Namespace: ns,
|
|
|
|
Labels: objLabels,
|
|
|
|
Labels: objLabels,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
Subjects: []rbacv1.Subject{
|
|
|
|
Subjects: []rbacv1.Subject{
|
|
|
|
{
|
|
|
|
{
|
|
|
|
|
|
|
|
APIGroup: "rbac.authorization.k8s.io",
|
|
|
|
Kind: "User",
|
|
|
|
Kind: "User",
|
|
|
|
Name: fmt.Sprintf("gotk:%s:reconciler", ns),
|
|
|
|
Name: fmt.Sprintf("gotk:%s:reconciler", ns),
|
|
|
|
},
|
|
|
|
},
|
|
|
|
{
|
|
|
|
{
|
|
|
|
Kind: "ServiceAccount",
|
|
|
|
Kind: "ServiceAccount",
|
|
|
|
Name: tenant,
|
|
|
|
Name: tenant,
|
|
|
|
|
|
|
|
Namespace: ns,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
RoleRef: rbacv1.RoleRef{
|
|
|
|
RoleRef: rbacv1.RoleRef{
|
|
|
@ -290,7 +291,7 @@ func exportTenant(namespace corev1.Namespace, account corev1.ServiceAccount, rol
|
|
|
|
fmt.Println(resourceToString(data))
|
|
|
|
fmt.Println(resourceToString(data))
|
|
|
|
|
|
|
|
|
|
|
|
account.TypeMeta = metav1.TypeMeta{
|
|
|
|
account.TypeMeta = metav1.TypeMeta{
|
|
|
|
APIVersion: "",
|
|
|
|
APIVersion: "v1",
|
|
|
|
Kind: "ServiceAccount",
|
|
|
|
Kind: "ServiceAccount",
|
|
|
|
}
|
|
|
|
}
|
|
|
|
data, err = yaml.Marshal(account)
|
|
|
|
data, err = yaml.Marshal(account)
|
|
|
|