unity-builder/src/model/cloud-runner/providers/k8s/kubernetes-role.ts

import { RbacAuthorizationV1Api } from '@kubernetes/client-node';

class KubernetesRole {
  static async createRole(serviceAccountName: string, namespace: string, rbac: RbacAuthorizationV1Api) {
    // create admin kubernetes role and role binding
    const roleBinding = {
      apiVersion: 'rbac.authorization.k8s.io/v1',
      kind: 'RoleBinding',
      metadata: {
        name: `${serviceAccountName}-admin`,
        namespace,
      },
      subjects: [
        {
          kind: 'ServiceAccount',
          name: serviceAccountName,
          namespace,
        },
      ],
      roleRef: {
        apiGroup: 'rbac.authorization.k8s.io',
        kind: 'Role',
        name: `${serviceAccountName}-admin`,
      },
    };

    const role = {
      apiVersion: 'rbac.authorization.k8s.io/v1',
      kind: 'Role',
      metadata: {
        name: `${serviceAccountName}-admin`,
        namespace,
      },
      rules: [
        {
          apiGroups: ['*'],
          resources: ['*'],
          verbs: ['*'],
        },
      ],
    };
    const roleBindingResponse = await rbac.createNamespacedRoleBinding(namespace, roleBinding);
    const roleResponse = await rbac.createNamespacedRole(namespace, role);

    return { roleBindingResponse, roleResponse };
  }

  public static async deleteRole(serviceAccountName: string, namespace: string, rbac: RbacAuthorizationV1Api) {
    await rbac.deleteNamespacedRoleBinding(`${serviceAccountName}-admin`, namespace);
    await rbac.deleteNamespacedRole(`${serviceAccountName}-admin`, namespace);
  }
}
export { KubernetesRole };
Cloud runner develop - Stabilizes kubernetes provider (#531) * fixes * fixes * fixes * fixes * fixes * check for startup message in workflows * check for startup message in workflows * check for startup message in workflows * check for startup message in workflows * check for startup message in workflows * check for startup message in workflows * Update cloud-runner-ci-pipeline.yml * Update cloud-runner-ci-pipeline.yml * no storage class specified * log file path * log file path * log file path * log file path * log file path * log file path * log file path * log file path * updates * log file path * latest develop * log file path * log file path * Update package.json * log file path * log file path * log file path * log file path * log file path * log file path * log file path * log file path * log file path * log file path * log file path * log file path * log file path * log file path * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * stream logs through standard input and new remote client cli command * update pipeline to use k3s * version: 'latest' * fixes * disable aws pipe for now * disable aws pipe for now * disable aws pipe for now * disable aws pipe for now * disable aws pipe for now * disable aws pipe for now * disable aws pipe for now * disable aws pipe for now * disable aws pipe for now * disable aws pipe for now * push k8s logs to LOG SERVICE IP * push k8s logs to LOG SERVICE IP * push k8s logs to LOG SERVICE IP * push k8s logs to LOG SERVICE IP * push k8s logs to LOG SERVICE IP * push k8s logs to LOG SERVICE IP * push k8s logs to LOG SERVICE IP * push k8s logs to LOG SERVICE IP * tests * tests * tests * tests * tests * tests * tests * tests * tests * tests * tests * tests * tests * tests * tests * tests * tests * podname logs for log service * podname logs for log service * podname logs for log service * podname logs for log service * podname logs for log service * podname logs for log service * podname logs for log service * podname logs for log service * podname logs for log service * hashed logs * hashed logs * hashed logs * hashed logs * hashed logs * hashed logs * no wait, just repeat logs * no wait, just repeat logs * remove typo - double await * test fix - kubernetes - name typo in github yaml * test fix - kubernetes - name typo in github yaml * check missing log file * check missing log file * Push to steam test * Push to steam test * Fix path * k8s reliable log hashing * k8s reliable log hashing * k8s reliable log hashing * hashed logging k8s * hashed logging k8s * hashed logging k8s * hashed logging k8s * hashed logging k8s * hashed logging k8s * Include log chunk when task runner sees log update, clarify if we can pull logs from same line or next line * Include log chunk when task runner sees log update, clarify if we can pull logs from same line or next line * Include log chunk when task runner sees log update, clarify if we can pull logs from same line or next line * Include log chunk when task runner sees log update, clarify if we can pull logs from same line or next line * Include log chunk when task runner sees log update, clarify if we can pull logs from same line or next line * Fix exit flow for k8s job * hash comparison logging for log complete in k8s flow * Interrupt k8s logs when logs found * cleanup async parameter * cleanup async parameter * cleanup async parameter * fixes * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix * fix 2024-02-06 23:46:31 +00:00			`import { RbacAuthorizationV1Api } from '@kubernetes/client-node';`

			`class KubernetesRole {`
			`static async createRole(serviceAccountName: string, namespace: string, rbac: RbacAuthorizationV1Api) {`
			`// create admin kubernetes role and role binding`
			`const roleBinding = {`
			`apiVersion: 'rbac.authorization.k8s.io/v1',`
			`kind: 'RoleBinding',`
			`metadata: {`
			name: `${serviceAccountName}-admin`,
			`namespace,`
			`},`
			`subjects: [`
			`{`
			`kind: 'ServiceAccount',`
			`name: serviceAccountName,`
			`namespace,`
			`},`
			`],`
			`roleRef: {`
			`apiGroup: 'rbac.authorization.k8s.io',`
			`kind: 'Role',`
			name: `${serviceAccountName}-admin`,
			`},`
			`};`

			`const role = {`
			`apiVersion: 'rbac.authorization.k8s.io/v1',`
			`kind: 'Role',`
			`metadata: {`
			name: `${serviceAccountName}-admin`,
			`namespace,`
			`},`
			`rules: [`
			`{`
			`apiGroups: ['*'],`
			`resources: ['*'],`
			`verbs: ['*'],`
			`},`
			`],`
			`};`
			`const roleBindingResponse = await rbac.createNamespacedRoleBinding(namespace, roleBinding);`
			`const roleResponse = await rbac.createNamespacedRole(namespace, role);`

			`return { roleBindingResponse, roleResponse };`
			`}`

			`public static async deleteRole(serviceAccountName: string, namespace: string, rbac: RbacAuthorizationV1Api) {`
			await rbac.deleteNamespacedRoleBinding(`${serviceAccountName}-admin`, namespace);
			await rbac.deleteNamespacedRole(`${serviceAccountName}-admin`, namespace);
			`}`
			`}`
			`export { KubernetesRole };`