namespace: {{ include "common.namespace.platform" . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
+kind: ClusterRole
metadata:
name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
- namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
rules:
- apiGroups: [""]
resources: ["pods/portforward"]
{{- if or (eq (include "common.tillerTLSVerify" $ctx) "true" ) (eq (include "common.tillerTLSAuthenticate" $ctx) "true") }}
- apiGroups: [""]
resources: ["secrets"]
- resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
- verbs: ["get"]
+ #resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
+ verbs: ["get","list"]
{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
+kind: ClusterRoleBinding
metadata:
name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
- namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
+ namespace: {{ include "common.namespace.platform" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
- kind: Role
+ kind: ClusterRole
name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
subjects:
- kind: ServiceAccount
namespace: {{ include "common.namespace.platform" . }}
---
apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
+kind: ClusterRole
metadata:
name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
- namespace: {{ include "common.tillerNameSpace" $ctx }}
+ #namespace: {{ include "common.tillerNameSpace" $ctx }}
+ #namespace: {{ include "common.namespace.platform" . }}
rules:
- apiGroups: [""]
resources: ["configmaps", "endpoints", "services"]
verbs: ["get", "list", "create", "update", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
+kind: ClusterRoleBinding
metadata:
name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.namespace.xapp" . }}-getappconfig
namespace: {{ include "common.tillerNameSpace" $ctx }}
+ #namespace: {{ include "common.namespace.platform" . }}
roleRef:
apiGroup: rbac.authorization.k8s.io
- kind: Role
+ kind: ClusterRole
name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
subjects:
- kind: ServiceAccount