X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=helm%2Fappmgr%2Ftemplates%2Fserviceaccount.yaml;h=13d1c393583b06b0a70cb8f8c1fb5c491911206a;hb=2a405b567ac69e725fff4a766778f398206eba35;hp=407fb1fe0aa5cd76e3619e388f75242fcb273379;hpb=e8cf06011b3a15ed711385bc180802c2d869c26c;p=ric-plt%2Fric-dep.git

diff --git a/helm/appmgr/templates/serviceaccount.yaml b/helm/appmgr/templates/serviceaccount.yaml
index 407fb1f..13d1c39 100644
--- a/helm/appmgr/templates/serviceaccount.yaml
+++ b/helm/appmgr/templates/serviceaccount.yaml
@@ -26,10 +26,9 @@ metadata:
   namespace: {{ include "common.namespace.platform" . }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
+kind: ClusterRole
 metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
-  namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
 rules:
 - apiGroups: [""]
   resources: ["pods/portforward"]
@@ -40,18 +39,18 @@ rules:
 {{- if or (eq (include "common.tillerTLSVerify" $ctx) "true" )  (eq (include "common.tillerTLSAuthenticate" $ctx) "true") }}
 - apiGroups: [""]
   resources: ["secrets"]
-  resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
-  verbs: ["get"]
+  #resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
+  verbs: ["get","list"]
 {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
+kind: ClusterRoleBinding
 metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
-  namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
+  namespace: {{ include "common.namespace.platform" . }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: Role
+  kind: ClusterRole
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
 subjects:
   - kind: ServiceAccount
@@ -59,23 +58,25 @@ subjects:
     namespace: {{ include "common.namespace.platform" . }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
+kind: ClusterRole
 metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
-  namespace: {{ include "common.tillerNameSpace" $ctx }}
+  #namespace: {{ include "common.tillerNameSpace" $ctx }}
+  #namespace: {{ include "common.namespace.platform" . }}
 rules:
 - apiGroups: [""]
   resources: ["configmaps", "endpoints", "services"]
   verbs: ["get", "list", "create", "update", "delete"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
+kind: ClusterRoleBinding
 metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.namespace.xapp" . }}-getappconfig
   namespace: {{ include "common.tillerNameSpace" $ctx }}
+  #namespace: {{ include "common.namespace.platform" . }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: Role
+  kind: ClusterRole
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
 subjects:
   - kind: ServiceAccount