Document usage with RBAC #147
Description
It might be useful to document how to use this on an RBAC enabled cluster and how to create the service account, role, and role binding using the official kubernetes java client.
ApiClient officialClient = Config.fromUserPassword(
"https://la-de-do-da"
"username",
"password"
);
CoreV1Api coreV1Api = new CoreV1Api();
RbacAuthorizationV1Api rbacV1API = new RbacAuthorizationV1Api(officialClient);
V1ObjectMeta objectMeta = new V1ObjectMeta();
objectMeta.setName("tiller");
V1ServiceAccount serviceAccount = new V1ServiceAccount();
serviceAccount.setMetadata(objectMeta);
coreV1Api.createNamespacedServiceAccount("kube-system", serviceAccount, "false");
V1PolicyRule policyRule = new V1PolicyRule();
policyRule.setApiGroups(Collections.singletonList("*"));
policyRule.setResources(Collections.singletonList("*"));
policyRule.setVerbs(Collections.singletonList("*"));
policyRule.setNonResourceURLs(Collections.singletonList("*"));
V1ClusterRole clusterRole = new V1ClusterRole();
clusterRole.setMetadata(objectMeta);
clusterRole.addRulesItem(policyRule);
rbacV1API.createClusterRole(clusterRole, "false");
V1RoleRef v1RoleRef = new V1RoleRef();
v1RoleRef.setApiGroup("rbac.authorization.k8s.io");
v1RoleRef.setKind("ClusterRole");
v1RoleRef.setName("tiller");
V1Subject v1Subject = new V1Subject();
v1Subject.setKind("ServiceAccount");
v1Subject.setName("tiller");
v1Subject.setNamespace("kube-system");
V1ClusterRoleBinding v1ClusterRoleBinding = new V1ClusterRoleBinding();
v1ClusterRoleBinding.setMetadata(objectMeta);
v1ClusterRoleBinding.setRoleRef(v1RoleRef);
v1ClusterRoleBinding.setSubjects(Collections.singletonList(v1Subject));
rbacV1API.createClusterRoleBinding(v1ClusterRoleBinding, "false");