Adding in role bindings for minio secrets if installed
This commit is contained in:
parent
600e7438a2
commit
07d5458258
5 changed files with 46 additions and 2 deletions
|
@ -10,7 +10,7 @@ spec:
|
||||||
activeDeadlineSeconds: 100
|
activeDeadlineSeconds: 100
|
||||||
template:
|
template:
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ .Values.init.serviceAccount }}
|
serviceAccountName: {{ .Values.init.serviceAccount | quote }}
|
||||||
containers:
|
containers:
|
||||||
- name: kubectl-apply
|
- name: kubectl-apply
|
||||||
image: lachlanevenson/k8s-kubectl
|
image: lachlanevenson/k8s-kubectl
|
||||||
|
|
|
@ -17,6 +17,7 @@ spec:
|
||||||
annotations:
|
annotations:
|
||||||
{{ toYaml .Values.ui.podAnnotations | indent 8}}{{- end }}
|
{{ toYaml .Values.ui.podAnnotations | indent 8}}{{- end }}
|
||||||
spec:
|
spec:
|
||||||
|
serviceAccountName: {{ .Values.ui.serviceAccount | quote }}
|
||||||
containers:
|
containers:
|
||||||
- name: ui
|
- name: ui
|
||||||
image: "{{ .Values.images.namespace }}/{{ .Values.images.ui }}:{{ .Values.images.tag }}"
|
image: "{{ .Values.images.namespace }}/{{ .Values.images.ui }}:{{ .Values.images.tag }}"
|
||||||
|
|
|
@ -0,0 +1,18 @@
|
||||||
|
{{ if .Values.minio.install }}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: Role
|
||||||
|
metadata:
|
||||||
|
name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret
|
||||||
|
rules:
|
||||||
|
- apiGroups:
|
||||||
|
- ""
|
||||||
|
resources:
|
||||||
|
- secrets
|
||||||
|
resourceNames:
|
||||||
|
- {{ .Values.artifactRepository.s3.accessKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }}
|
||||||
|
- {{ .Values.artifactRepository.s3.secretKeySecret.name | default (printf "%s-%s" .Release.Name "minio") | quote }}
|
||||||
|
verbs:
|
||||||
|
- get
|
||||||
|
- watch
|
||||||
|
- list
|
||||||
|
{{- end }}
|
|
@ -18,7 +18,7 @@ spec:
|
||||||
annotations:
|
annotations:
|
||||||
{{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }}
|
{{ toYaml .Values.controller.podAnnotations | indent 8}}{{- end }}
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: {{ .Values.controller.serviceAccount }}
|
serviceAccountName: {{ .Values.controller.serviceAccount | quote }}
|
||||||
containers:
|
containers:
|
||||||
- name: controller
|
- name: controller
|
||||||
image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ .Values.images.tag }}"
|
image: "{{ .Values.images.namespace }}/{{ .Values.images.controller }}:{{ .Values.images.tag }}"
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
{{ if .Values.minio.install }}
|
||||||
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
|
kind: RoleBinding
|
||||||
|
metadata:
|
||||||
|
name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-binding
|
||||||
|
roleRef:
|
||||||
|
apiGroup: rbac.authorization.k8s.io
|
||||||
|
kind: Role
|
||||||
|
name: {{ .Release.Name }}-{{ .Values.controller.name}}-minio-secret
|
||||||
|
subjects:
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ .Values.controller.serviceAccount }}
|
||||||
|
namespace: {{ .Release.Namespace }}
|
||||||
|
{{- if .Values.controller.workflowNamespaces }}
|
||||||
|
{{- $uiServiceAccount := .Values.controller.serviceAccount }}
|
||||||
|
{{- $namespace := .Release.Namespace }}
|
||||||
|
{{- range $key := .Values.controller.workflowNamespaces }}
|
||||||
|
{{- if not (eq $key $namespace) }}
|
||||||
|
- kind: ServiceAccount
|
||||||
|
name: {{ $uiServiceAccount }}
|
||||||
|
namespace: {{ $key }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
Loading…
Reference in a new issue