feat: add role bindings for witherr in other namespaces

poketwo · Oct 6, 2024 · 6208dfe · 6208dfe
1 parent cec12d4
commit 6208dfe
Showing 1 changed file with 20 additions and 25 deletions.
diff --git a/kubernetes/users/witherr.nix b/kubernetes/users/witherr.nix
@@ -1,32 +1,27 @@
 { ... }:
 
+let
+  adminRoleBinding = {
+    subjects = [{
+      kind = "ServiceAccount";
+      name = "witherr";
+      namespace = "poketwo";
+    }];
+    roleRef = {
+      kind = "ClusterRole";
+      name = "admin";
+      apiGroup = "rbac.authorization.k8s.io";
+    };
+  };
+in
 {
   namespaces.poketwo.resources = {
     v1.ServiceAccount.witherr = { };
-
-    "rbac.authorization.k8s.io/v1".RoleBinding.witherr = {
-      subjects = [{
-        kind = "ServiceAccount";
-        name = "witherr";
-      }];
-      roleRef = {
-        kind = "ClusterRole";
-        name = "admin";
-        apiGroup = "rbac.authorization.k8s.io";
-      };
-    };
-
-    "rbac.authorization.k8s.io/v1".ClusterRoleBinding.witherr = {
-      subjects = [{
-        kind = "ServiceAccount";
-        name = "witherr";
-        namespace = "poketwo";
-      }];
-      roleRef = {
-        kind = "ClusterRole";
-        name = "view";
-        apiGroup = "rbac.authorization.k8s.io";
-      };
-    };
+    "rbac.authorization.k8s.io/v1".RoleBinding.witherr = adminRoleBinding;
+    "rbac.authorization.k8s.io/v1".ClusterRoleBinding.witherr = adminRoleBinding;
   };
+
+  namespaces.guiduck.resources."rbac.authorization.k8s.io/v1".RoleBinding.witherr = adminRoleBinding;
+  namespaces.poketwo-staging.resources."rbac.authorization.k8s.io/v1".RoleBinding.witherr = adminRoleBinding;
+  namespaces.poketwo-staging-private.resources."rbac.authorization.k8s.io/v1".RoleBinding.witherr = adminRoleBinding;
 }