allow

FIWARE-Ops · Mar 12, 2024 · bdb8f55 · bdb8f55
1 parent a046dea
commit bdb8f55
Show file tree

Hide file tree

Showing 4 changed files with 40 additions and 0 deletions.
diff --git a/aws/fiware/dome-wallet/wallet-driving/templates/deployment.yaml b/aws/fiware/dome-wallet/wallet-driving/templates/deployment.yaml
@@ -21,6 +21,7 @@ spec:
       labels:
         {{ include "wallet-driving.labels" . | nindent 8 }}
     spec:
+      serviceAccountName: wallet-sa
       containers: 
         - name: {{ .Chart.Name }}
           imagePullPolicy: {{ .Values.deployment.image.pullPolicy }}

diff --git a/aws/fiware/dome-wallet/wallet-driving/templates/role-binding.yaml b/aws/fiware/dome-wallet/wallet-driving/templates/role-binding.yaml
@@ -0,0 +1,15 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ .Release.Name }}-cs-rb
+  labels:
+    heritage: {{ .Release.Service | quote }}
+    release: {{ .Release.Name | quote }}
+subjects:
+  - kind: ServiceAccount
+    name: wallet-sa
+    namespace: {{ .Release.Namespace | quote }}
+roleRef:
+  kind: Role
+  name: {{ .Release.Name }}-ca-scc-anyuid
+  apiGroup: rbac.authorization.k8s.io
diff --git a/aws/fiware/dome-wallet/wallet-driving/templates/role.yaml b/aws/fiware/dome-wallet/wallet-driving/templates/role.yaml
@@ -0,0 +1,17 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ .Release.Name }}-ca-scc-anyuid
+  labels:
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+rules:
+- apiGroups:
+  - security.openshift.io
+  resourceNames:
+  - anyuid
+  - privileged
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - use
diff --git a/aws/fiware/dome-wallet/wallet-driving/templates/service-account.yaml b/aws/fiware/dome-wallet/wallet-driving/templates/service-account.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: wallet-sa
+  labels:
+    heritage: {{ .Release.Service | quote }}
+    release: {{ .Release.Name | quote }}