From 4dd769fdf742eb46e9cac9c023e5cd6b08ea28ef Mon Sep 17 00:00:00 2001 From: Vegard Hagen Date: Wed, 30 Oct 2024 18:56:44 +0100 Subject: [PATCH] feat: add extra admin user --- k8s/infra/auth/lldap/lldap-config.yaml | 4 +-- k8s/infra/project.yaml | 2 ++ .../extra-admin-cluster-role-binding.yaml | 25 +++++++++++++++++++ k8s/infra/users/extra-admin.yaml | 9 +++++++ k8s/infra/users/kustomization.yaml | 7 ++++++ 5 files changed, 45 insertions(+), 2 deletions(-) create mode 100644 k8s/infra/users/extra-admin-cluster-role-binding.yaml create mode 100644 k8s/infra/users/extra-admin.yaml create mode 100644 k8s/infra/users/kustomization.yaml diff --git a/k8s/infra/auth/lldap/lldap-config.yaml b/k8s/infra/auth/lldap/lldap-config.yaml index 4e71958..8735aff 100644 --- a/k8s/infra/auth/lldap/lldap-config.yaml +++ b/k8s/infra/auth/lldap/lldap-config.yaml @@ -7,8 +7,8 @@ metadata: namespace: lldap spec: encryptedData: - groups.json: AgCsBk4Vkv6TJ86WW7zrCXgLsM6zelThcVE/+gFRNM0CS1qPIKfaqh9L2ZM7LQOhULzCvnvwp8rWkQIBVZgPhTZi829wdj6nKyzKYkQ3QOiDQJSFnWqS93Qf650gA/HxgdahtVnPzMHO4Icf0l+khjoQu1UDPQv9PZP8c6DbGnD5+d/Hu8MY2V91qP/uUkSBDpUPOlpykg9H97L+eNkyHh3S7SBXMCsM2gl2JmcQ+ojNi7g+RVLfLuLNI8kiqA8y74pSRFhMD2PSiNT3v/Dn50afXEDNv88NGQQZAJG0kuvpfmeQePZayIBEeUl/dC0QbHtlxa31OF6L01eoSalUjsTRTVzY6REMwiSnLGDRRgnNAJ9Q7L8QMBmHcKZFVCzZCTLm7YG8jHdyvTrI1MAHHAX3hrje4zIfWdzpB8iD0Xqb+Y/lRJG8LgpRQuFwDFv4Lm0A5dXi7xOJJwoZqfQzZoUPFUA8xSpIq+in859EdbIiRGcTl132z+AK3TOFH5cdmtBkhoGWTOuvYOh2PB/KsDlAamYardpwrx2r4GXUUpR40b1GssGnTF0pcH20ovw34CG0qfu3cD34hPpOZPLwXctV247dTNM7rrMRk7fH1lLuU2i2M9j0eZnUkuiN3vntwEj+9r/uxfx11fGaj5QouvDof555t4RdOOk9aH8iBwLt92f75GvFVoeKqod1CWfZ6+gkl8ZJVP8XqKRAjpl5Rt2IrvtiCLK5gp3m5TpsLBhCh92UIMkCKCklo8LreOpHt6ROX9ZNHo07xbj9 - users.json: AgAQ3YsvSBluOwD8g9mJPlaOdiS+4hJdtYJ740If7wmk7tH5weg3GWX3ZGPldt/ykOjScEdthcMqs3GDYRA0eIEChENZ/nUakp/gsGLgNVX1gttZnW850y62fP0tt8cRokf/egfzkNJGt70gLI25MhZB8k1HUDEN1xVmGeKPb1QSTgO8Kf5jAz7oOC4V1cYLGHvyHNbyhVL65oTDsqePE9YPkrI1uXhTZTz8DFD/XL4JxvaDnH63dzecyRPSPUgStuupWYKAWKhnizZuzMl8TAHtlkUVHuyigtvX9Uzmt7pzblO7FsHE+Ga1dKfwB7ep8JiFqEDi83U4C/nT/cQ4pHYLGAEw5Ek0XOB8uTbSZmw0e50LdJyUB+LQ/+SOs7XF7nEj00ycA/k/L8uOthkhYJ0Rwi62Tm4kXjAFgtIN46rHA7vitTKsAgjsI/FBsxR7bUsCLh6IK6sUrbde/NYJ8Yrf+5yoVXqfN6mk1nfrvYEJOmdSbIkSQfg2cmMAYNQJYJBlfJeYPAK8VJ1SkKztMufzj9u+fI+8FkcQQAUfF3X8W6dRXFSnRMyJNSvwGWcYLBEs1MWMPO2CFM/17mxtsE+ThsISVx/njB247Gh0BWhNgEABnzf2fJ50maC+uiNnPieM4p5etxqQv/E7JYTq+bRqahsCSCMiLB48LRcjUhX5oRpHogdsIbHcdNf5GwBOKsfqXauqWUti4Wwv1Esf8h6rKfQ28+Vu+vTe5oGDqyo7BOkhhh3kmTuOWaGCTCiAtElyMgmd1p4qxoxhr8SucXBSyjIRV3LDFSlIlw0nxNivpYK23Xr2UyISWyLwyiZHtLN0u49pViXM4azWRCzJTUEQBiOtNpifhWX8kR8FQQ0tCziQYOddIGK+8B0biKppE+szkZ6OXIt0M4AIGIb1CKKKKxhuto+Un+TwYm506JhUVWqRlrdqTf+QbF+YB61usHY+HTC7QIIFWQANwO8zWTWtwVT6m1LPTkUjqhBSai0988kzhKR9dgHOTDgFAoqs53XdWu/HTJfBR9tvK5pUFsljhnmy+2E3qF3sqXnu0xLeWEHhOixtCNj4roGYw7+z/0juXJkhntu6mV/a/3I6A4uuAv+WHxrnnkCY5/FWjxln5SRrsZg++AcDiCv/kYQUXYyQjAY5zVo3Z2W7slQEVOv0xrpROzAVU92v789D4BXhMWA5lNWKHS63ks5YgBR9Ypbhu+TxYYsYd2AZ9CdeHk1cIBJcliByyY4BW9dvsgic2p3PovNR7y4qbIXbgxho+DG4RqWGkAcFulWy2eP5k5yPLfCUeyLifCfTLsNkOEq7LPQkZVykdlFPdsc2v85JpeMkqqR7EX61CmYAGxgOIYKg9kJ18uP2LAu5MwG0l1h9Qm6YO4SmdXnaU5E0oJpkXyy4c2jfkU3nezgC7nHSy8A= + groups.json: AgBW44gF2ox4DzSkcsWm7aZYk1KHpuAjzhSsw6nLEJauMTpJC6j8xKin/0ILWyGsZHZDZHYBRl4L1U3I9/hlt4Km12MSsfN1lFqvfNBeEB2T6OU2vTtl0aVSxaKH0m7yBCZapyXFvCGizhqRIWAMm9cJvN5DDiPksmi2K3GWrX51ih3wJxOxy0peB2r7M5ScQ3i9piHiGJfq6uAFKWWafsco+ry6jTVYGixOCn/lu6B8/bNdn0DqJ2HZrUP76bOSLw2Ifti2ItZzE8T7iGK+XBE0dJ/Z/ek4lHl4xiF2+V5XIiLVsXq/JEhE1VrsaNZJBXICQrzQTVr7oNv6wq7s5QKim4x30f7m7C6fGcV3JWonAjfpoZv/5SCpsUqkPokP8I82WGuG7/4za/18HRQbCDSbSKd1FpznT1B1orgZUNVjciRn6lYxBV9Z6aw8dJ5tASuiFRekQvBmfs5jlGwYrrozo+67XNryFknbSTShEVQV/mP3mJwggdRaQYnPnY1E2+QBJnX57sGC4pRoe5TX8avzM6r0mXboZhsSm0H/xwr4M2gXOzodkxLwM5IoOwX0J0A0X2W4zY+oBJNnA7IXt9iG9HjrGNgnMmynVEKNcMH6POyYup6UOVhTjyrzqMxbD525oCe4ewkfWCf8fO763E0qaxnjah03jFuc5N7ID9SSBGKZV8v6V53vtA7cExe15+02Gl0bqYqi9zMJib7VRj787OGiOpijwwlSkeoZx7yJjBDWmQc044pR1zjsictuK4U8luUZ6qeYkvm7 + users.json: AgCsNmVaAzBY/Y1pq8hICNaenZteaVfxlcQ8y1hfw4SyQaxIuUSA4IRJqLtoOfIhUgOWwCZgbdvhP1Ptf8CViMNlG2SUXXqbhtjF9OBFli2wA2MBYZwFLanHwrLRRgrqvXWXzSvQS0nRF7T36TF1vkpBrqrNIHXIOof7wTowsO06GpQKo+XStxAQ+cNC6VviQqkZh2QmySqo6BR8H14VQTxOiDETnEi3btwGVn4MxjTLITVt0rua6seib8ohTYYAgf+57DImkaWCv9WlsV5iEsv03ERCSrII17Jfu/j49I+CQD61TJtYzEjrubGXLCV59KFtqb8MIVyPSpodfJMcf5Wwc3WIgqDbzwKKsAR1smgKBVBK97+CoGly/qbt94/9+gD0GjvoXB1wbY7g29uWcJYMiGE2LaS3tFnj7/gjGrgul5x4yJZ1ajFql2nnSgPrehBSBhB3zui9KJjeDe8auz0K/6ivF+Tz5J5Tr8H8q748GkXLvMwR7qdiP5YZVg69rSupBgJJJwLvzIUDRBU/rwcBni4geTZcMYJXWLFGzOHyOIucS1MEszhi28+/S9NoZJaz4JzBHbexUkKXz2XCZFSyI8idTb1VxraLaKrSn/Jx8aXzBoKpBW/YZDrPkAxL1yWRgA+J9nmMriXNH/im0EUFF/cGUxnYjKliiaEsXt2kRZCbfasSOlpF6IpHntV7Ghvu0B0/hCB7Ah2H/4EcZZM2ck0r7Slv4CwY0sQBiPmRlqrCICIC2XWs1DkEtP5ESr6DM6wQttPB2R5VmF56mim+GsNR7/ZVxMq9cITljW15Eev4AC4Tj0sylW1os5wNJatbWLfY8Fox7M8haDvMr9rJ24ZvlqiBJ3r24hNc3/GqASfkqXsGu6pNWgfjrukcpgd81ZF+NT3A2zFXZH/bn9GpWhLqnPLEWKDfRsxh8cZ6RKp9Za/DFbvoG+g6cKga0eZB+d/HJWdqaBm3q1QqwKfh+bcPXZ60xGg9bllvBikOGiOl4bqqpPe0i0Dhxd6XnqLUwIpIvxJTflYlO2hxkFt6qAi690qeaUqLFtDX+O4HtQzM23QrH87kbIYO0DS1rimMY9mTcWwqmT2/eTozFi2FWP9ODNwmRaFsxlowmOjqH/eypyOB4G7M0W7VE3KJtA0Avynz+zAbZZGF+oabR8MzwhXxGSKQJrYgmWB12idTYaNt/Tpt5qJR5HVPIAxXQ4/QJMpHhoHjJnmW12VIYtd0bS780MNEbVCzyNciOZGpahr66403cUbseiqdbUk3co1NxlqQnAdJY72do3CQkgkRpaW6DM08ByHs1v4Bp2tprAKyUWqCy6O0ozhHvqACHbt4wZHZFrW1meAPn8rmAlclDlan+KItmgjkDkNm89FNt2VU1EQBIDs1ZIulCDfVQaLvxKHrqAZYB7BSs3aY7VV2WGtVNz4Y28+6+BADeXegX/+TdRy4lYKfEGnCIVLZoHbOMt8+aqD88v+fptiAfE5fHURpIZkD54PhDksSHxSPVvOcZv1zlDjlokL+HNlP7eTRLpsNfhQaoefaWqzrXdQg8OcCxlJypj8rvENlaidFT2MHOfYan/Je7PiAMFx6dNWrwwsK8VR3LyvcKNyKhkOkdswz2UyuGpn7sA64e49ux0lH4m0sdYBLtyhK+RiRaFl+R/OlmkcpiaxEA4aGtec0jXFkBMiT3M5OuHaeOzueIXna4SyLf5CAMt/31FflGbCLYShYOkvT3xG8JX1VKVg94jlsxFmnrg== template: metadata: creationTimestamp: null diff --git a/k8s/infra/project.yaml b/k8s/infra/project.yaml index ced634f..8ea1ed2 100644 --- a/k8s/infra/project.yaml +++ b/k8s/infra/project.yaml @@ -7,6 +7,8 @@ spec: sourceRepos: - 'https://github.com/vehagn/homelab' destinations: + - namespace: 'kube-system' + server: '*' - namespace: 'argocd' server: '*' clusterResourceWhitelist: diff --git a/k8s/infra/users/extra-admin-cluster-role-binding.yaml b/k8s/infra/users/extra-admin-cluster-role-binding.yaml new file mode 100644 index 0000000..f8d1150 --- /dev/null +++ b/k8s/infra/users/extra-admin-cluster-role-binding.yaml @@ -0,0 +1,25 @@ +#apiVersion: rbac.authorization.k8s.io/v1 +#kind: ClusterRoleBinding +#metadata: +# name: extra-cluster-admin +#roleRef: +# apiGroup: rbac.authorization.k8s.io +# kind: ClusterRole +# name: cluster-admin +#subjects: +# - apiGroup: rbac.authorization.k8s.io +# kind: Group +# name: extra:masters +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: extra-cluster-admin +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: extra-admin + namespace: kube-system diff --git a/k8s/infra/users/extra-admin.yaml b/k8s/infra/users/extra-admin.yaml new file mode 100644 index 0000000..47bec79 --- /dev/null +++ b/k8s/infra/users/extra-admin.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: extra-admin + namespace: kube-system + +# TOKEN=$(kubectl -n kube-system create token extra-admin) +# kubectl config set-credentials admin --token=$TOKEN +# kubectl config set-context admin@kubernetes --cluster talos --user extra-admin \ No newline at end of file diff --git a/k8s/infra/users/kustomization.yaml b/k8s/infra/users/kustomization.yaml new file mode 100644 index 0000000..5f44b21 --- /dev/null +++ b/k8s/infra/users/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +# https://dev.to/danielkun/kubernetes-certificates-tokens-authentication-and-service-accounts-4fj7 +resources: + - extra-admin.yaml + - extra-admin-cluster-role-binding.yaml \ No newline at end of file