+################################################################################
+# Copyright (c) 2019-2020 AT&T Intellectual Property. #
+# #
+# Licensed under the Apache License, Version 2.0 (the "License"); #
+# you may not use this file except in compliance with the License. #
+# You may obtain a copy of the License at #
+# #
+# http://www.apache.org/licenses/LICENSE-2.0 #
+# #
+# Unless required by applicable law or agreed to in writing, software #
+# distributed under the License is distributed on an "AS IS" BASIS, #
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
+# See the License for the specific language governing permissions and #
+# limitations under the License. #
+################################################################################
+
{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
{{- $topCtx := . }}
{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
namespace: {{ include "common.namespace.platform" . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
+kind: ClusterRole
metadata:
name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
- namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
rules:
- apiGroups: [""]
resources: ["pods/portforward"]
verbs: ["create"]
-- apiGroups: [""]
+- apiGroups: [""]
resources: ["pods", "configmaps", "deployments", "services"]
verbs: ["get", "list", "create", "delete"]
{{- if or (eq (include "common.tillerTLSVerify" $ctx) "true" ) (eq (include "common.tillerTLSAuthenticate" $ctx) "true") }}
- apiGroups: [""]
resources: ["secrets"]
- resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
- verbs: ["get"]
+ #resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
+ verbs: ["get","list"]
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
+kind: ClusterRoleBinding
metadata:
name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
- namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
+ namespace: {{ include "common.namespace.platform" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
- kind: Role
+ kind: ClusterRole
name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
subjects:
- kind: ServiceAccount
namespace: {{ include "common.namespace.platform" . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
+kind: ClusterRole
metadata:
name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
- namespace: {{ include "common.tillerNameSpace" $ctx }}
+ #namespace: {{ include "common.tillerNameSpace" $ctx }}
+ #namespace: {{ include "common.namespace.platform" . }}
rules:
-- apiGroups: [""]
- resources: ["configmaps", "endpoints"]
- verbs: ["get"]
+- apiGroups: [""]
+ resources: ["configmaps", "endpoints", "services"]
+ verbs: ["get", "list", "create", "update", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
+kind: ClusterRoleBinding
metadata:
name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.namespace.xapp" . }}-getappconfig
namespace: {{ include "common.tillerNameSpace" $ctx }}
+ #namespace: {{ include "common.namespace.platform" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
- kind: Role
+ kind: ClusterRole
name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
subjects:
- kind: ServiceAccount