Skip to content
This repository has been archived by the owner on Sep 27, 2024. It is now read-only.

Commit

Permalink
fixed RBAC generation logic
Browse files Browse the repository at this point in the history
  • Loading branch information
alexey-bogdanov committed Jul 30, 2024
1 parent bfbe273 commit c09f2d5
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 31 deletions.
39 changes: 11 additions & 28 deletions charts/testops/templates/infra/role.yaml
Original file line number Diff line number Diff line change
@@ -1,31 +1,14 @@
{{- if .Values.rbac.enabled }}
{{- if .Values.rbac.enabled -}}
# create rbac role with permission for discovery
kind: Role
apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: {{ include "common.names.fullname" . }}
namespace: {{ .Release.Namespace | quote }}
labels: {{- include "common.labels.standard" . | nindent 4 }}
{{- if .Values.commonLabels }}
{{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- end }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
# yamllint disable rule:indentation
name: {{ template "allure-testops.name" . }}-namespace-reader
labels:
app: {{ template "allure-testops.name" . }}
chart: {{ template "allure-testops.chart" . }}
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
rules:
{{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}}
{{- if and $pspAvailable .Values.psp.create }}
- apiGroups:
- 'policy'
resources:
- 'podsecuritypolicies'
verbs:
- 'use'
resourceNames:
- {{ include "common.names.fullname" . }}
{{- end }}
{{- if .Values.rbac.rules }}
{{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }}
{{- end }}
# yamllint enable rule:indentation
{{- end }}
{{ toYaml .Values.rbac.rules | indent 2}}
{{- end -}}
4 changes: 2 additions & 2 deletions charts/testops/templates/infra/rolebinding.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ metadata:
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
subjects:
- kind: ServiceAccount
name: {{ template "allure-testops.name" . }}-sa
- kind: ServiceAccount
name: {{ template "allure-testops.name" . }}-sa
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
Expand Down
2 changes: 1 addition & 1 deletion charts/testops/templates/testops/testops-dep.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ spec:
{{- end }}
spec:
{{- if .Values.rbac.enabled }}
serviceAccountName: {{ template "allure-testops.name" . }}-sa
serviceAccountName: {{ .Values.rbac.serviceAccountName }}
{{- end }}
imagePullSecrets:
- name: {{ .Values.image.authRequired.credsKubeSecretName }}
Expand Down

0 comments on commit c09f2d5

Please sign in to comment.