home/nixos-servers
home/nixos-servers
2
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

bootstrap admin clusterrolebinding

Browse source
This commit is contained in:
Pim Kunis 2023-12-15 14:34:33 +01:00
parent 1c0e4794a8
commit 0071dbfee5
2 changed files with 24 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -65,7 +65,3 @@ Extract the resulting signed certificate from the CSR object:
``` ```
k3s kubectl get csr <username>-csr -o jsonpath='{.status.certificate}' | base64 --decode > <username>.crt k3s kubectl get csr <username>-csr -o jsonpath='{.status.certificate}' | base64 --decode > <username>.crt
``` ```
## TODO
1. Manage the bootstrap k3s clusterrolebinding with kubenix: `k3s kubectl create clusterrolebinding pim-cluster-admin --user=pim --clusterrole=cluster-admin`.

24
configuration.nix
View file

@ -182,4 +182,28 @@
services.k3s.extraFlags = "--tls-san jefke.hyp --data-dir /mnt/data/k3s"; services.k3s.extraFlags = "--tls-san jefke.hyp --data-dir /mnt/data/k3s";
virtualisation.libvirtd.enable = true; virtualisation.libvirtd.enable = true;
system.activationScripts.k3s-bootstrap.text =
let
k3sBootstrapFile = pkgs.writeTextFile {
name = "k3s-bootstrap";
text = ''
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: pim-cluster-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
kind: User
name: pim
'';
};
in
''
ln -sf ${k3sBootstrapFile} /mnt/data/k3s/server/manifests/k3s-bootstrap.yaml
'';
} }