io.fabric8.kubernetes.api.model.rbac.PolicyRuleBuilder Java Examples
The following examples show how to use
io.fabric8.kubernetes.api.model.rbac.PolicyRuleBuilder.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
Source File: ClusterRoleOperatorIT.java From strimzi-kafka-operator with Apache License 2.0 | 6 votes |
@Override protected ClusterRole getOriginal() { PolicyRule rule = new PolicyRuleBuilder() .withApiGroups("") .withResources("nodes") .withVerbs("get") .build(); return new ClusterRoleBuilder() .withNewMetadata() .withName(RESOURCE_NAME) .withLabels(singletonMap("state", "new")) .endMetadata() .withRules(rule) .build(); }
Example #2
Source File: ClusterRoleOperatorIT.java From strimzi-kafka-operator with Apache License 2.0 | 6 votes |
@Override protected ClusterRole getModified() { PolicyRule rule = new PolicyRuleBuilder() .withApiGroups("") .withResources("nodes") .withVerbs("get", "list") .build(); return new ClusterRoleBuilder() .withNewMetadata() .withName(RESOURCE_NAME) .withLabels(singletonMap("state", "modified")) .endMetadata() .withRules(rule) .build(); }
Example #3
Source File: RoleIT.java From kubernetes-client with Apache License 2.0 | 6 votes |
@Before public void init() { currentNamespace = session.getNamespace(); // Do not run tests on opeshift 3.6.0 and 3.6.1 assumeFalse(client.getVersion().getMajor().equalsIgnoreCase("1") && client.getVersion().getMinor().startsWith("6")); Role role = new RoleBuilder() .withNewMetadata() .withName("job-reader") .endMetadata() .addToRules(0, new PolicyRuleBuilder() .addToApiGroups(0,"batch") .addToResourceNames(0,"my-job") .addToResources(0,"jobs") .addToVerbs(0, "get") .addToVerbs(1, "watch") .addToVerbs(2, "list") .build() ) .build(); client.rbac().roles().inNamespace(currentNamespace).createOrReplace(role); }
Example #4
Source File: ClusterRoleIT.java From kubernetes-client with Apache License 2.0 | 6 votes |
@Before public void init() { // Do not run tests on opeshift 3.6.0 and 3.6.1 assumeFalse(client.getVersion().getMajor().equalsIgnoreCase("1") && client.getVersion().getMinor().startsWith("6")); ClusterRole kubernetesclusterRole = new ClusterRoleBuilder() .withNewMetadata() .withName("node-reader") .endMetadata() .addToRules(0, new PolicyRuleBuilder() .addToApiGroups(0,"") .addToResourceNames(0,"my-node") .addToResources(0,"nodes") .addToVerbs(0, "get") .addToVerbs(1, "watch") .addToVerbs(2, "list") .build() ) .build(); client.rbac().clusterRoles().createOrReplace(kubernetesclusterRole); }
Example #5
Source File: KubernetesWorkspaceServiceAccount.java From che with Eclipse Public License 2.0 | 5 votes |
private void createExecRole(KubernetesClient k8sClient, String name) { Role execRole = new RoleBuilder() .withNewMetadata() .withName(name) .endMetadata() .withRules( new PolicyRuleBuilder() .withResources("pods/exec") .withApiGroups("") .withVerbs("create") .build()) .build(); k8sClient.rbac().roles().inNamespace(namespace).create(execRole); }
Example #6
Source File: KubernetesWorkspaceServiceAccount.java From che with Eclipse Public License 2.0 | 5 votes |
private void createViewRole(KubernetesClient k8sClient, String name) { Role viewRole = new RoleBuilder() .withNewMetadata() .withName(name) .endMetadata() .withRules( new PolicyRuleBuilder() .withResources("pods", "services") .withApiGroups("") .withVerbs("list") .build()) .build(); k8sClient.rbac().roles().inNamespace(namespace).create(viewRole); }
Example #7
Source File: SystemtestsKubernetesApps.java From enmasse with Apache License 2.0 | 4 votes |
public static void deployAMQBroker(String namespace, String name, String user, String password, BrokerCertBundle certBundle) throws Exception { kube.createNamespace(namespace); kube.getClient().rbac().roles().inNamespace(namespace).createOrReplace(new RoleBuilder() .withNewMetadata() .withName(name) .withNamespace(namespace) .endMetadata() .withRules(new PolicyRuleBuilder() .addToApiGroups("") .addToResources("secrets") .addToResourceNames(name) .addToVerbs("get") .build()) .build()); kube.getClient().rbac().roleBindings().inNamespace(namespace).createOrReplace(new RoleBindingBuilder() .withNewMetadata() .withName(name) .withNamespace(namespace) .endMetadata() .withNewRoleRef("rbac.authorization.k8s.io", "Role", name) .withSubjects(new SubjectBuilder() .withKind("ServiceAccount") .withName("address-space-controller") .withNamespace(kube.getInfraNamespace()) .build()) .build()); kube.createSecret(namespace, getBrokerSecret(name, certBundle, user, password)); kube.createDeploymentFromResource(namespace, getBrokerDeployment(name, user, password), 3, TimeUnit.MINUTES); ServicePort tlsPort = new ServicePortBuilder() .withName("amqps") .withPort(5671) .withTargetPort(new IntOrString(5671)) .build(); ServicePort mutualTlsPort = new ServicePortBuilder() .withName("amqpsmutual") .withPort(55671) .withTargetPort(new IntOrString(55671)) .build(); Service service = getSystemtestsServiceResource(name, name, new ServicePortBuilder() .withName("amqp") .withPort(5672) .withTargetPort(new IntOrString(5672)) .build(), tlsPort, mutualTlsPort); kube.createServiceFromResource(namespace, service); kube.createExternalEndpoint(name, namespace, service, tlsPort); kube.getClient() .apps().deployments() .inNamespace(namespace) .withName(name) .waitUntilReady(5, TimeUnit.MINUTES); Thread.sleep(5000); }