Adding in role bindings for minio secrets if installed

This commit is contained in:
Justin Nauman 2018-08-13 20:47:49 -05:00
parent 600e7438a2
commit 07d5458258
5 changed files with 46 additions and 2 deletions

View file

@ -10,7 +10,7 @@ spec:
activeDeadlineSeconds: 100 activeDeadlineSeconds: 100
template: template:
spec: spec:
serviceAccountName: {{ .Values.init.serviceAccount }} serviceAccountName: {{ .Values.init.serviceAccount | quote }}
containers: containers:
- name: kubectl-apply - name: kubectl-apply
image: lachlanevenson/k8s-kubectl image: lachlanevenson/k8s-kubectl

View file

@ -17,6 +17,7 @@ spec:
annotations: annotations:
{{ toYaml .Values.ui.podAnnotations | indent 8}}{{- end }} {{ toYaml .Values.ui.podAnnotations | indent 8}}{{- end }}
spec: spec:
serviceAccountName: {{ .Values.ui.serviceAccount | quote }}
containers: containers:
- name: ui - name: ui
image: "{{ .Values.images.namespace }}/{{ .Values.images.ui }}:{{ .Values.images.tag }}" image: "{{ .Values.images.namespace }}/{{ .Values.images.ui }}:{{ .Values.images.tag }}"

View file

@ -0,0 +1,18 @@
{{ if .Values.minio.install }}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret
rules:
- apiGroups:
- ""
resources:
- secrets
resourceNames:
- {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }}
- {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }}
verbs:
- get
- watch
- list
{{- end }}

View file

@ -18,7 +18,7 @@ spec:
annotations: annotations:
{{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }} {{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }}
spec: spec:
serviceAccountName: {{ .Values.controller.serviceAccount }} serviceAccountName: {{ .Values.controller.serviceAccount | quote }}
containers: containers:
- name: controller - name: controller
image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ .Values.images.tag }}" image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ .Values.images.tag }}"

View file

@ -0,0 +1,25 @@
{{ if .Values.minio.install }}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret
subjects:
- kind: ServiceAccount
name: {{ .Values.controller.serviceAccount }}
namespace: {{ .Release.Namespace }}
{{- if .Values.controller.workflowNamespaces }}
{{- $uiServiceAccount := .Values.controller.serviceAccount }}
{{- $namespace := .Release.Namespace }}
{{- range $key := .Values.controller.workflowNamespaces }}
{{- if not (eq $key $namespace) }}
- kind: ServiceAccount
name: {{ $uiServiceAccount }}
namespace: {{ $key }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}