Untitled

avatar
unknown
plain_text
2 months ago
1.2 kB
4
Indexable
# In the setup_rbac() function, add:
setup_rbac() {
    log "Setting up RBAC for RunAI resources..."
    
    # Get current user from token
    CURRENT_USER=$(kubectl config view --minify --output 'jsonpath={.users[0].user.username}')
    
    # Create ClusterRole
    cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: runai-dgx-test-role
rules:
- apiGroups: ["run.ai"]
  resources: ["projects", "departments", "trainingworkloads", "inferenceworkloads"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- apiGroups: [""]
  resources: ["namespaces", "pods", "services", "configmaps", "secrets"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
EOF

    # Create ClusterRoleBinding
    cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: runai-dgx-test-binding
subjects:
- kind: User
  name: "${CURRENT_USER}"
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: runai-dgx-test-role
  apiGroup: rbac.authorization.k8s.io
EOF

    # Wait for RBAC to propagate
    sleep 5
}
Editor is loading...
Leave a Comment