From 381a0e60dbdf5385631c7c40cbc18d264f873de1 Mon Sep 17 00:00:00 2001 From: Jason Hansen Date: Thu, 7 Nov 2019 09:33:52 -0500 Subject: [PATCH 1/2] team-c: add namespaces and bindings for new team --- namespaces/team-c.yaml | 7 +++++++ rbac/dev-rolebindings.yaml | 30 ++++++++++++++++++++++++++++++ rbac/ops-rolebindings.yaml | 13 +++++++++++++ 3 files changed, 50 insertions(+) create mode 100644 namespaces/team-c.yaml create mode 100644 rbac/dev-rolebindings.yaml create mode 100644 rbac/ops-rolebindings.yaml diff --git a/namespaces/team-c.yaml b/namespaces/team-c.yaml new file mode 100644 index 0000000..d91f4cb --- /dev/null +++ b/namespaces/team-c.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: Namespace +metadata: + labels: + name: team-c + name: team-c diff --git a/rbac/dev-rolebindings.yaml b/rbac/dev-rolebindings.yaml new file mode 100644 index 0000000..ba87e1c --- /dev/null +++ b/rbac/dev-rolebindings.yaml @@ -0,0 +1,30 @@ +--- +kind: Role +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: team-c-app-dev + namespace: development +rules: + - apiGroups: ["", "extensions", "apps"] + resources: ["*"] + verbs: ["*"] + - apiGroups: ["batch"] + resources: ["jobs", "cronjobs"] + verbs: ["*"] + - apiGroups: ["autoscaling"] + resources: ["*"] + verbs: ["*"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: team-c-app-dev + namespace: team-c +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: team-c-app-dev +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: ec685b73-9f21-40e5-8ad5-c13eba4caa09 diff --git a/rbac/ops-rolebindings.yaml b/rbac/ops-rolebindings.yaml new file mode 100644 index 0000000..29d6992 --- /dev/null +++ b/rbac/ops-rolebindings.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: teamc-cluster-admins +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - apiGroup: rbac.authorization.k8s.io + kind: Group + name: ef7f3a59-d048-4c8c-b800-225ca5c88704 From 239ada29edcfef7a62a4042ebedbd18d852e7370 Mon Sep 17 00:00:00 2001 From: Jason Hansen Date: Mon, 6 Apr 2020 21:41:02 -0700 Subject: [PATCH 2/2] team-c: update RBAC and add team annoations --- namespaces/team-c.yaml | 2 ++ rbac/ops-rolebindings.yaml | 13 ------------- rbac/{dev-rolebindings.yaml => team-c.yaml} | 0 3 files changed, 2 insertions(+), 13 deletions(-) delete mode 100644 rbac/ops-rolebindings.yaml rename rbac/{dev-rolebindings.yaml => team-c.yaml} (100%) diff --git a/namespaces/team-c.yaml b/namespaces/team-c.yaml index d91f4cb..990a597 100644 --- a/namespaces/team-c.yaml +++ b/namespaces/team-c.yaml @@ -4,4 +4,6 @@ kind: Namespace metadata: labels: name: team-c + annotations: + contoso.com/owner: "team-c@contoso.com" name: team-c diff --git a/rbac/ops-rolebindings.yaml b/rbac/ops-rolebindings.yaml deleted file mode 100644 index 29d6992..0000000 --- a/rbac/ops-rolebindings.yaml +++ /dev/null @@ -1,13 +0,0 @@ ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - name: teamc-cluster-admins -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: cluster-admin -subjects: - - apiGroup: rbac.authorization.k8s.io - kind: Group - name: ef7f3a59-d048-4c8c-b800-225ca5c88704 diff --git a/rbac/dev-rolebindings.yaml b/rbac/team-c.yaml similarity index 100% rename from rbac/dev-rolebindings.yaml rename to rbac/team-c.yaml