Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/numberly/gitlab2rbac
Kubernetes RBAC rules from GitLab roles
https://github.com/numberly/gitlab2rbac
gitlab kubernetes rbac
Last synced: about 2 months ago
JSON representation
Kubernetes RBAC rules from GitLab roles
- Host: GitHub
- URL: https://github.com/numberly/gitlab2rbac
- Owner: numberly
- License: mit
- Created: 2019-01-08T16:07:19.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2024-08-23T16:03:03.000Z (4 months ago)
- Last Synced: 2024-08-23T17:43:02.601Z (4 months ago)
- Topics: gitlab, kubernetes, rbac
- Language: Python
- Homepage:
- Size: 176 KB
- Stars: 28
- Watchers: 6
- Forks: 4
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# gitlab2rbac
`gitlab2rbac` synchronizes Kubernetes cluster user permissions with those defined in GitLab, ensuring consistent access controls across both platforms.This tool takes [GitLab Permissions](https://docs.gitlab.com/ee/user/permissions.html) on a project level and generates corresponding [RBAC](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) objects within Kubernetes.
![graph](graph.png)
## Installation
### Requirements
Before anything else, `gitlab2rbac` requires:* [RBAC is enabled on your Kubernetes cluster](https://kubernetes.io/docs/reference/access-authn-authz/rbac/)
* [GitLab API v4 support is available](https://docs.gitlab.com/ee/api/rest/)### Deploy with helm
```
helm install gitlab2rbac /path/to/chart/gitla2rbac --create-namespace gitlab2rbac --set data.GITLAB_URL=,data.GITLAB_PRIVATE_TOKEN=,data.KUBERNETES_LOAD_INCLUSTER_CONFIG=True
```or
### Configuration
`gitlab2rbac` requires a namespace, cluster roles and cluster role bindings. You can create these by executing:```sh
$ kubectl apply -f https://raw.githubusercontent.com/numberly/gitlab2rbac/master/deploy/configuration.yaml
```Next, create a [ConfigMap](https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/) containing the necessary configuration:
```sh
cat <