+++ /dev/null
-{{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
-{{- $topCtx := . }}
-{{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: {{ include "common.serviceaccountname.appmgr" . }}
- namespace: {{ include "common.namespace.platform" . }}
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
-metadata:
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
- namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
-rules:
-- apiGroups: [""]
- resources: ["pods/portforward"]
- verbs: ["create"]
-- apiGroups: [""]
- resources: ["pods", "configmaps", "deployments", "services"]
- verbs: ["get", "list", "create", "delete"]
-{{- if or (eq (include "common.tillerTLSVerify" $ctx) "true" ) (eq (include "common.tillerTLSAuthenticate" $ctx) "true") }}
-- apiGroups: [""]
- resources: ["secrets"]
- resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
- verbs: ["get"]
-{{- end }}
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
- namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
-subjects:
- - kind: ServiceAccount
- name: {{ include "common.serviceaccountname.appmgr" . }}
- namespace: {{ include "common.namespace.platform" . }}
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
-metadata:
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
- namespace: {{ include "common.tillerNameSpace" $ctx }}
-rules:
-- apiGroups: [""]
- resources: ["configmaps", "endpoints"]
- verbs: ["get"]
----
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
-metadata:
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.namespace.xapp" . }}-getappconfig
- namespace: {{ include "common.tillerNameSpace" $ctx }}
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
-subjects:
- - kind: ServiceAccount
- name: {{ include "common.serviceaccountname.appmgr" . }}
- namespace: {{ include "common.namespace.platform" . }}