Discover Packages
github.com/yacut/kubernetes-rbac-synchroniser
command
module
Version:
v1.0.0
Opens a new window with list of versions in this module.
Published: Dec 7, 2017
License: Apache-2.0
Opens a new window with license information.
Imports: 20
Opens a new window with list of imports.
Imported by: 0
Opens a new window with list of known importers.
README
README
¶
kubernetes-rbac-synchroniser
What It Does
RBAC Synchroniser pulls a Google Group, extracts Google Group Member Emails and updates the Kubernetes RoleBinding in the given namespace.
Requirements
The service account's private key file: -config-file-path flag
The email of the user with permissions to access the Admin APIs: -google-admin-email flag
see guide: https://developers.google.com/admin-sdk/directory/v1/guides/delegation
The Google Group list per Kubernetes namespace: -namespace-group flag
Configure Minimal GKE IAM permissions for each Google Group: gcloud beta iam roles create minimal_gke_role --project my_project --title "Container Engine Minimal" --description "Minimal GKE Role which allows 'gcloud container clusters get-credentials' command" --permissions "container.apiServices.get,container.apiServices.list,container.clusters.get,container.clusters.getCredentials"
see: https://stackoverflow.com/questions/45945074/iam-and-rbac-conflicts-on-google-cloud-container-engine-gke/45945239#45945239
Flags
Flag
Description
Defalut
-cluster-role-name
The cluster role name with permissions.
"view"
-config-file-path
The Path to the Service Account's Private Key file.
-google-admin-email
The Google Admin Email.
-fake-group-response
Fake Google Admin API Response.
-namespace-group
The group and namespace. May be used multiple times.
-in-cluster-config
Use in cluster kubeconfig.
true
-kubeconfig
Absolute path to the kubeconfig file.
-listen-address
The address to listen on for HTTP requests.
":8080"
-rolebinding-name
The role binding name per namespace.
"developer"
-update-interval
Update interval in seconds.
15m0s
-log-json
Log as JSON instead of the default ASCII formatter.
false
Prometheus metrics
rbac_synchroniser_success : Cumulative number of role update operations.
rbac_synchroniser_errors : Cumulative number of errors during role update operations.
Examples
https://github.com/yacut/kubernetes-rbac-synchroniser/tree/master/examples
Links
Expand ▾
Collapse ▴
Documentation
¶
There is no documentation for this package.
Source Files
¶
Click to show internal directories.
Click to hide internal directories.