mirror of
https://github.com/holos-run/holos.git
synced 2026-03-20 09:15:02 +00:00
0771bd6b6c
The provisioner cluster is a worker-less autopilot cluster that provides secrets to other clusters in the platform. The `eso-creds-refresher` Job in the holos-system namespace of each other cluster refreshes service account tokens for SecretStores. This patch adds the IAM structure for the Job implemented by Namespace, ServiceAccount, Role, and RoleBinding api objects.
11 lines
289 B
Bash
Executable File
11 lines
289 B
Bash
Executable File
#! /bin/bash
|
|
#
|
|
|
|
set -euo pipefail
|
|
|
|
export PROJECT_ID="$(gcloud config get-value project)"
|
|
export PROJECT_NUMBER="$(gcloud projects describe $PROJECT_ID --format='value(projectNumber)')"
|
|
|
|
envsubst < rolebinding.template.yaml > rolebinding.yaml
|
|
echo "Apply rolebinding.yaml to seed cluster"
|