{"id":18603343,"url":"https://github.com/numberly/gitlab2rbac","last_synced_at":"2025-07-11T12:10:29.116Z","repository":{"id":43930355,"uuid":"164685792","full_name":"numberly/gitlab2rbac","owner":"numberly","description":"Kubernetes RBAC rules from GitLab roles","archived":false,"fork":false,"pushed_at":"2025-06-23T08:47:41.000Z","size":191,"stargazers_count":29,"open_issues_count":2,"forks_count":5,"subscribers_count":6,"default_branch":"master","last_synced_at":"2025-07-10T09:55:30.671Z","etag":null,"topics":["gitlab","kubernetes","rbac"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/numberly.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2019-01-08T16:07:19.000Z","updated_at":"2025-06-24T01:53:04.000Z","dependencies_parsed_at":"2024-05-13T14:08:38.710Z","dependency_job_id":"c223a94d-0536-4f4d-b2d3-d8089f2f5a07","html_url":"https://github.com/numberly/gitlab2rbac","commit_stats":null,"previous_names":[],"tags_count":6,"template":false,"template_full_name":null,"purl":"pkg:github/numberly/gitlab2rbac","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numberly%2Fgitlab2rbac","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numberly%2Fgitlab2rbac/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numberly%2Fgitlab2rbac/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numberly%2Fgitlab2rbac/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/numberly","download_url":"https://codeload.github.com/numberly/gitlab2rbac/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/numberly%2Fgitlab2rbac/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":264804152,"owners_count":23666516,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["gitlab","kubernetes","rbac"],"created_at":"2024-11-07T02:14:15.484Z","updated_at":"2025-07-11T12:10:29.107Z","avatar_url":"https://github.com/numberly.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# gitlab2rbac\n`gitlab2rbac` synchronizes Kubernetes cluster user permissions with those defined in GitLab, ensuring consistent access controls across both platforms.\n\nThis tool takes [GitLab Permissions](https://docs.gitlab.com/ee/user/permissions.html) on a project level and generates corresponding [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) objects within Kubernetes.\n\n![graph](graph.png)\n\n## Installation\n### Requirements\nBefore anything else, `gitlab2rbac` requires:\n\n* [RBAC is enabled on your Kubernetes cluster](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)\n* [GitLab API v4 support is available](https://docs.gitlab.com/ee/api/rest/)\n\n### Deploy with helm\n\n```\nhelm install gitlab2rbac /path/to/chart/gitlab2rbac --create-namespace gitlab2rbac --set data.GITLAB_URL=\u003cyour_gitlab_instance_url\u003e,data.GITLAB_PRIVATE_TOKEN=\u003cyour_private_token\u003e,data.KUBERNETES_LOAD_INCLUSTER_CONFIG=True\n```\n\nor\n\n### Configuration\n`gitlab2rbac` requires a namespace, cluster roles and cluster role bindings. You can create these by executing:\n\n```sh\n$ kubectl apply -f https://raw.githubusercontent.com/numberly/gitlab2rbac/master/deploy/configuration.yaml\n```\n\nNext, create a [ConfigMap](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/) containing the necessary configuration:\n\n```sh\ncat \u003c\u003cEOF | kubectl create -f -\napiVersion: v1\nkind: ConfigMap\nmetadata:\n  name: gitlab2rbac\n  namespace: gitlab2rbac\ndata:\n  GITLAB_URL: https://{{ your GitLab instance URL }}\n  GITLAB_PRIVATE_TOKEN: {{ your GitLab private token }}\n  KUBERNETES_LOAD_INCLUSTER_CONFIG: \"True\"\nEOF\n```\n\n### Deployment\nFinally, just apply the manifest:\n\n```sh\n$ kubectl apply -f https://raw.githubusercontent.com/numberly/gitlab2rbac/master/deploy/gitlab2rbac.yaml\n```\n\nThis deployment will run `gitlab2rbac` in the `gitlab2rbac` namespace. The manifest includes:\n\n* A deployment resource, which acts as the cluster-wide controller for RBAC policies.\n* A service account and associated RBAC permissions required for the controller to operate.\n\n## Running locally\n### Requirements\nTo run `gitlab2rbac` locally, you need:\n\n* A Kubernetes environment, such as one set up with [minikube](https://minikube.sigs.k8s.io/docs/).\n* Python 3 (Python 2 might work but is not supported).\n* Virtualenv (recommended for environment isolation).\n\n### Setup\nEven if `gitlab2rbac` doesn't run inside Kubernetes, it needs a cluster with existing cluster roles. Create them with:\n\n```sh\n$ kubectl apply -f https://raw.githubusercontent.com/numberly/gitlab2rbac/master/deploy/configuration.yaml\n```\n\nThen you can clone the repository, install the dependencies and run `gitlab2rbac`:\n\n```sh\n$ git clone https://github.com/numberly/gitlab2rbac.git\n$ cd gitlab2rbac\n$ virtualenv .venv \u0026\u0026 source .venv/bin/activate\n(.venv) $ pip install -r requirements.txt\n(.venv) $ GITLAB_URL={{ your GitLab instance URL }} GITLAB_PRIVATE_TOKEN={{ your GitLab private token }} python gitlab2rbac.py\n```\n\n## Matrix GitLab role \u0026 Kubernetes resources\n**[here](./docs/matrix.md)**\n\n## Advanced configuration\n`gitlab2rbac` supports multiple environment variables for advanced configuration:\n\n| Flag                                | Description                                                                 | Default\t\t|\n|:------------------------------------|:----------------------------------------------------------------------------|:------------------|\n|`GITLAB2RBAC_FREQUENCY`              |Update interval in seconds.                                                  |60\t\t\t|\n|`GITLAB_ADMINS_GROUP`                |Base your k8s admins on GitLab namespace (None means GitLab administrators). |None\t\t|\n|`GITLAB_GROUPS_IGNORE_LIST`\t      |Groups to ignore (separated by commas, default value is \"lost-and-found\"\t    |lost-and-found\t|\n|`GITLAB_GROUPS_SEARCH`               |Limit to those groups (separated by commas, empty means all groups).         |gitlab2rbac \t|\n|`GITLAB_NAMESPACE_GRANULARITY`       |Whether to get permissions from GitLab projects or groups.                   |project     \t|\n|`GITLAB_PRIVATE_TOKEN`               |Configure gitlab API token.                                                  |            \t|\n|`GITLAB_USERNAME_IGNORE_LIST`\t      |Gitlab users to ignore for the synchronisation\t\t\t\t    |\t\t\t|\n|`GITLAB_TIMEOUT`                     |Timeout for GitLab operations, in seconds.                                   |10          \t|\n|`GITLAB_URL`                         |Configure gitlab API target.                                                 |            \t|\n|`KUBERNETES_AUTO_CREATE`             |Replicate GitLab groups/projects as Kubernetes namespaces.                   |False       \t|\n|`KUBERNETES_LOAD_INCLUSTER_CONFIG`   |Load configuration inside Kubernetes when gitlab2rbac runs as a pod.         |False       \t|\n|`KUBERNETES_TIMEOUT`                 |Timeout for Kubernetes operations, in seconds.                               |10          \t|\n\n## Kubernetes cluster compatibility\n\nThe following table outlines the compatibility between gitlab2rbac versions and Kubernetes cluster versions. Ensure that you are using the correct version of gitlab2rbac for your Kubernetes cluster to maintain stability and functionality.\n\n:construction: not tested\n\n:green_circle: ok\n\n| GitLab2rbac Version   | k8s 1.25 | k8s 1.26 | k8s 1.27 | k8s 1.28 | k8s 1.29 | k8s 1.30 | k8s 1.31 |\n|-------------------|:-----------:|:-----------:|:-----------:|:-----------:|:-----------:|:-----------:|:-----------:|\n| **0.2.4**    |      :green_circle:       |      :green_circle:       |      :green_circle:      |      :green_circle:      |      :green_circle:        |      :green_circle:        |      :green_circle:        |\n\n## License\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnumberly%2Fgitlab2rbac","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnumberly%2Fgitlab2rbac","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnumberly%2Fgitlab2rbac/lists"}