Code Review / it / dep.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
Fix tiller not being able to talk to kubeapi server issue. Fix appmgr not using xappt...
[it/dep.git] / ric-platform / 50-RIC-Platform / helm / appmgr / templates / serviceaccount.yaml
diff --git a/ric-platform/50-RIC-Platform/helm/appmgr/templates/serviceaccount.yaml b/ric-platform/50-RIC-Platform/helm/appmgr/templates/serviceaccount.yaml
index 1806889..4fd198b 100644 (file)
--- a/ric-platform/50-RIC-Platform/helm/appmgr/templates/serviceaccount.yaml
+++ b/ric-platform/50-RIC-Platform/helm/appmgr/templates/serviceaccount.yaml
@@ -15,9 +15,11 @@ metadata:
   namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
 rules:
 - apiGroups: [""]
-  resources: ["pods", "pods/portforward"]
-  verbs: ["get", "list", "create"]
-
+  resources: ["pods/portforward"]
+  verbs: ["create"]
+- apiGroups: [""]  
+  resources: ["pods", "configmaps", "deployments", "services"]
+  verbs: ["get", "list", "create", "delete"]
 {{- if or (eq (include "common.tillerTLSVerify" $ctx) "true" )  (eq (include "common.tillerTLSAuthenticate" $ctx) "true") }}
 - apiGroups: [""]
   resources: ["secrets"]
@@ -39,3 +41,26 @@ subjects:
     name: {{ include "common.serviceaccountname.appmgr" . }}
     namespace: {{ include "common.namespace.platform" . }}
 ---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: Role
+metadata:
+  name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
+  namespace: {{ include "common.tillerNameSpace" $ctx }}
+rules:
+- apiGroups: [""]  
+  resources: ["configmaps"]
+  verbs: ["get"]
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: RoleBinding
+metadata:
+  name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.namespace.xapp" . }}-getappconfig
+  namespace: {{ include "common.tillerNameSpace" $ctx }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
+subjects:
+  - kind: ServiceAccount
+    name: {{ include "common.serviceaccountname.appmgr" . }}
+    namespace: {{ include "common.namespace.platform" . }}
Repo for integration and deployment related scripts, Helm charts, etc.