Code Review
/
it
/
dep.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
review
|
tree
raw
|
inline
| side by side
IMPLEMENTS: RICPLT-1144: Support multiple Tillers
[it/dep.git]
/
ric-platform
/
50-RIC-Platform
/
helm
/
appmgr
/
templates
/
serviceaccount.yaml
diff --git
a/ric-platform/50-RIC-Platform/helm/appmgr/templates/serviceaccount.yaml
b/ric-platform/50-RIC-Platform/helm/appmgr/templates/serviceaccount.yaml
index
6164f73
..
1806889
100644
(file)
--- a/
ric-platform/50-RIC-Platform/helm/appmgr/templates/serviceaccount.yaml
+++ b/
ric-platform/50-RIC-Platform/helm/appmgr/templates/serviceaccount.yaml
@@
-1,3
+1,6
@@
+{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
+{{- $topCtx := . }}
+{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
---
apiVersion: v1
kind: ServiceAccount
---
apiVersion: v1
kind: ServiceAccount
@@
-8,23
+11,31
@@
metadata:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: Role
metadata:
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.
helmrepositorytillernamespace" .
}}-access
- namespace: {{ include "common.
helmrepositorytillernamespace" .
}}
+ name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.
tillerNameSpace" $ctx
}}-access
+ namespace: {{ include "common.
tillerDeployNameSpace" $ctx
}}
rules:
- apiGroups: [""]
resources: ["pods", "pods/portforward"]
verbs: ["get", "list", "create"]
rules:
- apiGroups: [""]
resources: ["pods", "pods/portforward"]
verbs: ["get", "list", "create"]
+
+{{- if or (eq (include "common.tillerTLSVerify" $ctx) "true" ) (eq (include "common.tillerTLSAuthenticate" $ctx) "true") }}
+- apiGroups: [""]
+ resources: ["secrets"]
+ resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
+ verbs: ["get"]
+{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: RoleBinding
metadata:
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.
helmrepositorytillernamespace" .
}}-access
- namespace: {{ include "common.
helmrepositorytillernamespace" .
}}
+ name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.
tillerNameSpace" $ctx
}}-access
+ namespace: {{ include "common.
tillerDeployNameSpace" $ctx
}}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.
helmrepositorytillernamespace" .
}}-access
+ name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.
tillerNameSpace" $ctx
}}-access
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceaccountname.appmgr" . }}
namespace: {{ include "common.namespace.platform" . }}
subjects:
- kind: ServiceAccount
name: {{ include "common.serviceaccountname.appmgr" . }}
namespace: {{ include "common.namespace.platform" . }}
+---