Near RT RIC Platform new-installer initial release
[ric-plt/ric-dep.git] / new-installer / helm / charts / nearrtric / appmgr / templates / serviceaccount.yaml
diff --git a/new-installer/helm/charts/nearrtric/appmgr/templates/serviceaccount.yaml b/new-installer/helm/charts/nearrtric/appmgr/templates/serviceaccount.yaml
new file mode 100644 (file)
index 0000000..443e662
--- /dev/null
@@ -0,0 +1,84 @@
+################################################################################
+#   Copyright (c) 2019-2020 AT&T Intellectual Property.                        #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+
+{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
+{{- $topCtx :=  . }}
+{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
+{{- $certName := include "common.tillerHelmClientTLSSecret" $ctx }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "common.serviceaccountname.appmgr" . }}
+  namespace: {{ include "common.namespace.platform" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
+rules:
+- apiGroups: [""]
+  resources: ["pods/portforward"]
+  verbs: ["create"]
+- apiGroups: [""]
+  resources: ["pods", "configmaps", "deployments", "services"]
+  verbs: ["get", "list", "create", "delete"]
+{{- if or (eq (include "common.tillerTLSVerify" $ctx) "true" )  (eq (include "common.tillerTLSAuthenticate" $ctx) "true") }}
+- apiGroups: [""]
+  resources: ["secrets"]
+  #resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
+  verbs: ["get","list"]
+{{- end }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
+  namespace: {{ include "common.namespace.platform" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "common.serviceaccountname.appmgr" . }}
+    namespace: {{ include "common.namespace.platform" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
+  #namespace: {{ include "common.tillerNameSpace" $ctx }}
+  #namespace: {{ include "common.namespace.platform" . }}
+rules:
+- apiGroups: [""]
+  resources: ["configmaps", "endpoints", "services"]
+  verbs: ["get", "list", "create", "update", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.namespace.xapp" . }}-getappconfig
+  namespace: {{ include "common.tillerNameSpace" $ctx }}
+  #namespace: {{ include "common.namespace.platform" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "common.serviceaccountname.appmgr" . }}
+    namespace: {{ include "common.namespace.platform" . }}