X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=helm%2Fappmgr%2Ftemplates%2Fserviceaccount.yaml;h=13d1c393583b06b0a70cb8f8c1fb5c491911206a;hb=8371333fe26e50f8c2bf37b70e9e96af22116e82;hp=f0da9a5a93ddf4ef0bc29e9e4640037d5a1c5c24;hpb=38dc857062b14145f5b9db89d10eba0ae5b90d11;p=ric-plt%2Fric-dep.git

diff --git a/helm/appmgr/templates/serviceaccount.yaml b/helm/appmgr/templates/serviceaccount.yaml
index f0da9a5..13d1c39 100644
--- a/helm/appmgr/templates/serviceaccount.yaml
+++ b/helm/appmgr/templates/serviceaccount.yaml
@@ -1,3 +1,19 @@
+################################################################################
+#   Copyright (c) 2019-2020 AT&T Intellectual Property.                        #
+#                                                                              #
+#   Licensed under the Apache License, Version 2.0 (the "License");            #
+#   you may not use this file except in compliance with the License.           #
+#   You may obtain a copy of the License at                                    #
+#                                                                              #
+#       http://www.apache.org/licenses/LICENSE-2.0                             #
+#                                                                              #
+#   Unless required by applicable law or agreed to in writing, software        #
+#   distributed under the License is distributed on an "AS IS" BASIS,          #
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
+#   See the License for the specific language governing permissions and        #
+#   limitations under the License.                                             #
+################################################################################
+
 {{- $tillerKey := .Values.appmgr.tillerkey | default "ricxapp" }}
 {{- $topCtx :=  . }}
 {{- $ctx := dict "ctx" $topCtx "key" $tillerKey }}
@@ -10,32 +26,31 @@ metadata:
   namespace: {{ include "common.namespace.platform" . }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
+kind: ClusterRole
 metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
-  namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
 rules:
 - apiGroups: [""]
   resources: ["pods/portforward"]
   verbs: ["create"]
-- apiGroups: [""]  
+- apiGroups: [""]
   resources: ["pods", "configmaps", "deployments", "services"]
   verbs: ["get", "list", "create", "delete"]
 {{- if or (eq (include "common.tillerTLSVerify" $ctx) "true" )  (eq (include "common.tillerTLSAuthenticate" $ctx) "true") }}
 - apiGroups: [""]
   resources: ["secrets"]
-  resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
-  verbs: ["get"]
+  #resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
+  verbs: ["get","list"]
 {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
+kind: ClusterRoleBinding
 metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
-  namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
+  namespace: {{ include "common.namespace.platform" . }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: Role
+  kind: ClusterRole
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
 subjects:
   - kind: ServiceAccount
@@ -43,23 +58,25 @@ subjects:
     namespace: {{ include "common.namespace.platform" . }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
+kind: ClusterRole
 metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
-  namespace: {{ include "common.tillerNameSpace" $ctx }}
+  #namespace: {{ include "common.tillerNameSpace" $ctx }}
+  #namespace: {{ include "common.namespace.platform" . }}
 rules:
-- apiGroups: [""]  
-  resources: ["configmaps", "endpoints"]
-  verbs: ["get"]
+- apiGroups: [""]
+  resources: ["configmaps", "endpoints", "services"]
+  verbs: ["get", "list", "create", "update", "delete"]
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
+kind: ClusterRoleBinding
 metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.namespace.xapp" . }}-getappconfig
   namespace: {{ include "common.tillerNameSpace" $ctx }}
+  #namespace: {{ include "common.namespace.platform" . }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: Role
+  kind: ClusterRole
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
 subjects:
   - kind: ServiceAccount