k8s Deployment user per namespace
We currently struggle using k8s to deploy from our deployment pipeline. currently, i run the pipeline for build images and running test and then deploy from local user, which is not very clever, as I am the only one to deploy atm. The plan is to deplyo each project on "tag on master" with a user coupled to the current namespace. So i created a Service account like:
apiVersion: v1
kind: ServiceAccount
metadata:
name: gitlab-admin
namespace: <namespace>
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: gitlab-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: gitlab-admin
namespace: kube-system
I would repeat this one for each namespace, and generate a config file with the user token like:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: <ca-cert-data-base64>
server: https://z2jlrhd8lw.bki1.metakube.syseleven.de:31051
name: gitlab
contexts:
- context:
cluster: gitlab
namespace: <namespace>
user: gitlab-admin
name: gitlab
current-context: gitlab
kind: Config
preferences: {}
users:
- name: gitlab-admin
user:
token: <user-token-data-base64>
The result can be seen at: https://gitlab.com/developersforfuture/all-forfuture-onepager/-/jobs/251414280