6971fd261d
GitLab uses a kubernetes service account to perform deployments. For serverless deployments to work as expected with externally created clusters with their own knative installations (e.g. via Cloud Run), this account requires additional permissions in the serving.knative.dev API group.
50 lines
1 KiB
Ruby
50 lines
1 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
|
|
describe Gitlab::Kubernetes::RoleBinding, '#generate' do
|
|
let(:role_name) { 'edit' }
|
|
let(:role_kind) { 'ClusterRole' }
|
|
let(:namespace) { 'my-namespace' }
|
|
let(:service_account_name) { 'my-service-account' }
|
|
|
|
let(:subjects) do
|
|
[
|
|
{
|
|
kind: 'ServiceAccount',
|
|
name: service_account_name,
|
|
namespace: namespace
|
|
}
|
|
]
|
|
end
|
|
|
|
let(:role_ref) do
|
|
{
|
|
apiGroup: 'rbac.authorization.k8s.io',
|
|
kind: role_kind,
|
|
name: role_name
|
|
}
|
|
end
|
|
|
|
let(:resource) do
|
|
::Kubeclient::Resource.new(
|
|
metadata: { name: "gitlab-#{namespace}", namespace: namespace },
|
|
roleRef: role_ref,
|
|
subjects: subjects
|
|
)
|
|
end
|
|
|
|
subject do
|
|
described_class.new(
|
|
name: "gitlab-#{namespace}",
|
|
role_name: role_name,
|
|
role_kind: role_kind,
|
|
namespace: namespace,
|
|
service_account_name: service_account_name
|
|
).generate
|
|
end
|
|
|
|
it 'builds a Kubeclient Resource' do
|
|
is_expected.to eq(resource)
|
|
end
|
|
end
|