X-Git-Url: https://gerrit.o-ran-sc.org/r/gitweb?a=blobdiff_plain;f=helm%2Fappmgr%2Ftemplates%2Fserviceaccount.yaml;h=443e662b498f00a2634a5452e86fcd596b198250;hb=refs%2Fchanges%2F69%2F12969%2F1;hp=c873e302d6aa3ced8349764ffd0eecd7fe64a86b;hpb=33cdc684a7e95002533bc1480138543653c114b4;p=ric-plt%2Fric-dep.git

diff --git a/helm/appmgr/templates/serviceaccount.yaml b/helm/appmgr/templates/serviceaccount.yaml
index c873e30..443e662 100644
--- a/helm/appmgr/templates/serviceaccount.yaml
+++ b/helm/appmgr/templates/serviceaccount.yaml
@@ -25,11 +25,10 @@ metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}
   namespace: {{ include "common.namespace.platform" . }}
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
-  namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
 rules:
 - apiGroups: [""]
   resources: ["pods/portforward"]
@@ -40,44 +39,46 @@ rules:
 {{- if or (eq (include "common.tillerTLSVerify" $ctx) "true" )  (eq (include "common.tillerTLSAuthenticate" $ctx) "true") }}
 - apiGroups: [""]
   resources: ["secrets"]
-  resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
-  verbs: ["get"]
+  #resourceNames: [ {{ include "common.tillerHelmClientTLSSecret" $ctx | quote }} ]
+  verbs: ["get","list"]
 {{- end }}
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
-  namespace: {{ include "common.tillerDeployNameSpace" $ctx }}
+  namespace: {{ include "common.namespace.platform" . }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: Role
+  kind: ClusterRole
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-access
 subjects:
   - kind: ServiceAccount
     name: {{ include "common.serviceaccountname.appmgr" . }}
     namespace: {{ include "common.namespace.platform" . }}
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: Role
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
 metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
-  namespace: {{ include "common.tillerNameSpace" $ctx }}
+  #namespace: {{ include "common.tillerNameSpace" $ctx }}
+  #namespace: {{ include "common.namespace.platform" . }}
 rules:
 - apiGroups: [""]
-  resources: ["configmaps", "endpoints"]
+  resources: ["configmaps", "endpoints", "services"]
   verbs: ["get", "list", "create", "update", "delete"]
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
-kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
 metadata:
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.namespace.xapp" . }}-getappconfig
   namespace: {{ include "common.tillerNameSpace" $ctx }}
+  #namespace: {{ include "common.namespace.platform" . }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind: Role
+  kind: ClusterRole
   name: {{ include "common.serviceaccountname.appmgr" . }}-{{ include "common.tillerNameSpace" $ctx }}-getappconfig
 subjects:
   - kind: ServiceAccount
     name: {{ include "common.serviceaccountname.appmgr" . }}
-    namespace: {{ include "common.namespace.platform" . }}
\ No newline at end of file
+    namespace: {{ include "common.namespace.platform" . }}