private void createWorkspaceServiceAccount(OpenShiftClient osClient) { osClient .serviceAccounts() .inNamespace(projectName) .createOrReplaceWithNew() .withAutomountServiceAccountToken(true) .withNewMetadata() .withName(serviceAccountName) .endMetadata() .done(); }
client.serviceAccounts().inNamespace("thisisatest").createOrReplace(fabric8);
client.serviceAccounts().inNamespace("thisisatest").create(fabric8);
private void createFromUri(String prjName, String uri) throws OpenShiftClientException { URL url = toUrl(uri); if (url != null) { KubernetesList kubeList = delegate.lists().load(url).get(); List<HasMetadata> items = kubeList.getItems(); if (items.size() > 0) { for (HasMetadata item : items) { String name = item.getMetadata().getName(); if (item instanceof ServiceAccount) { if (delegate.serviceAccounts().inNamespace(prjName).withName(name).get() == null) { setGuvnorAlaGenerated(item); } } else if (item instanceof Secret) { if (delegate.secrets().inNamespace(prjName).withName(name).get() == null) { setGuvnorAlaGenerated(item); } } else if (item instanceof ImageStream) { if (delegate.imageStreams().inNamespace(prjName).withName(name).get() == null) { setGuvnorAlaGenerated(item); } } } delegate.lists().inNamespace(prjName).create(kubeList); } } }
/** * Make sure that workspace service account exists and has `view` and `exec` role bindings. * * <p>Note that `view` role is used from cluster scope and `exec` role is created in the current * namespace if does not exit. * * @throws InfrastructureException when any exception occurred */ void prepare() throws InfrastructureException { OpenShiftClient osClient = clientFactory.createOC(workspaceId); if (osClient.serviceAccounts().inNamespace(projectName).withName(serviceAccountName).get() == null) { createWorkspaceServiceAccount(osClient); } String execRoleName = "exec"; if (osClient.roles().inNamespace(projectName).withName(execRoleName).get() == null) { createExecRole(osClient, execRoleName); } osClient.roleBindings().inNamespace(projectName).createOrReplace(createExecRoleBinding()); osClient.roleBindings().inNamespace(projectName).createOrReplace(createViewRoleBinding()); }
for (ServiceAccount item : delegate.serviceAccounts().inNamespace(prjName).list().getItems()) { if (isGuvnorAlaGenerated(item)) { delegate.serviceAccounts().inNamespace(prjName).delete(item);
@Override public void apply(KubernetesList resources, boolean patchPersistentVolumeClaims) { for (HasMetadata resource : resources.getItems()) { try { if (resource instanceof ConfigMap) { client.configMaps().withName(resource.getMetadata().getName()).patch((ConfigMap) resource); } else if (resource instanceof Secret) { client.secrets().withName(resource.getMetadata().getName()).patch((Secret) resource); } else if (resource instanceof Deployment) { client.apps().deployments().withName(resource.getMetadata().getName()).patch((Deployment) resource); } else if (resource instanceof StatefulSet) { client.apps().statefulSets().withName(resource.getMetadata().getName()).cascading(false).patch((StatefulSet) resource); } else if (resource instanceof Service) { client.services().withName(resource.getMetadata().getName()).patch((Service) resource); } else if (resource instanceof ServiceAccount) { client.serviceAccounts().withName(resource.getMetadata().getName()).patch((ServiceAccount) resource); } else if (resource instanceof PersistentVolumeClaim && patchPersistentVolumeClaims) { client.persistentVolumeClaims().withName(resource.getMetadata().getName()).patch((PersistentVolumeClaim) resource); } } catch (KubernetesClientException e) { if (e.getCode() == 404) { // Create it if it does not exist client.resource(resource).createOrReplace(); } else { throw e; } } } }