Commit 64c305e4 authored by Thong Kuah's avatar Thong Kuah

Use basic auth to create cluster role binding

The alternative is the user has `container.admin` permissions.

This approach is preferred as this means the QA spec can be run by any
GitLabber and indeed any contributor who can create a GKE cluster.
parent b86631a5
...@@ -25,6 +25,7 @@ module QA ...@@ -25,6 +25,7 @@ module QA
gcloud container clusters gcloud container clusters
create #{cluster_name} create #{cluster_name}
#{auth_options} #{auth_options}
--enable-basic-auth
--zone #{Runtime::Env.gcloud_zone} --zone #{Runtime::Env.gcloud_zone}
&& gcloud container clusters && gcloud container clusters
get-credentials get-credentials
...@@ -33,6 +34,8 @@ module QA ...@@ -33,6 +34,8 @@ module QA
CMD CMD
@api_url = `kubectl config view --minify -o jsonpath='{.clusters[].cluster.server}'` @api_url = `kubectl config view --minify -o jsonpath='{.clusters[].cluster.server}'`
@master_auth = JSON.parse(`gcloud container clusters describe #{cluster_name} --zone #{Runtime::Env.gcloud_zone} --format 'json(masterAuth.username, masterAuth.password)'`)
if rbac if rbac
create_service_account create_service_account
...@@ -64,7 +67,7 @@ module QA ...@@ -64,7 +67,7 @@ module QA
def create_service_account def create_service_account
shell('kubectl create -f -', stdin_data: service_account) shell('kubectl create -f -', stdin_data: service_account)
shell('kubectl create -f -', stdin_data: service_account_role_binding) shell("kubectl --username #{@master_auth['masterAuth']['username']} --password #{@master_auth['masterAuth']['password']} create -f -", stdin_data: service_account_role_binding)
end end
def service_account def service_account
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment