Maintain consistency in RBAC template definition with resources tied to

namespaces Signed-off-by: Kashif Saadat <[email protected]>
oracle · Sep 28, 2018 · 667191a · 667191a
1 parent df3e65a
commit 667191a
Showing 1 changed file with 14 additions and 14 deletions.
diff --git a/mysql-operator/templates/02-rbac.yaml b/mysql-operator/templates/02-rbac.yaml
@@ -3,22 +3,22 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: mysql-operator
-  namespace: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}mysql-operator{{ else }}{{ .Values.operator.namespace}}{{ end }}
+  namespace: {{ .Values.operator.namespace }}
 
 ---
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: mysql-agent
-  namespace: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}default{{ else }}{{ .Values.operator.namespace}}{{ end }}
+  namespace: {{ .Values.operator.namespace }}
 
 ---
 {{- if .Values.rbac.enabled -}}
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role
 metadata:
-  name: mysql-operator{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else}}
-  namespace: {{ .Values.operator.namespace}}{{ end }}
+  name: mysql-operator{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else }}
+  namespace: {{ .Values.operator.namespace }}{{ end }}
 rules:
   - apiGroups: [""]
     resources: ["pods"]
@@ -34,7 +34,7 @@ rules:
     verbs:
       {{- if hasPrefix "0.1" .Values.image.tag }}
       - get
-      {{- end}}
+      {{- end }}
       - create
 
   - apiGroups: [""]
@@ -88,7 +88,7 @@ rules:
 apiVersion: rbac.authorization.k8s.io/v1beta1
 kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role
 metadata:
-  name: mysql-agent{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else}}
+  name: mysql-agent{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else }}
   namespace: {{ .Values.operator.namespace}}{{ end }}
 rules:
   - apiGroups: [""]
@@ -127,13 +127,13 @@ rules:
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
-kind:  {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}RoleBinding
+kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}RoleBinding
 metadata:
-  name: mysql-operator
-  namespace: {{ .Values.operator.namespace}}
+  name: mysql-operator{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else }}
+  namespace: {{ .Values.operator.namespace }}{{ end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind:  {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role
+  kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role
   name: mysql-operator
 subjects:
 - kind: ServiceAccount
@@ -142,13 +142,13 @@ subjects:
 
 ---
 apiVersion: rbac.authorization.k8s.io/v1beta1
-kind:  {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}RoleBinding
+kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}RoleBinding
 metadata:
-  name: mysql-agent
-  namespace: {{ .Values.operator.namespace}}
+  name: mysql-agent{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else }}
+  namespace: {{ .Values.operator.namespace }}{{ end }}
 roleRef:
   apiGroup: rbac.authorization.k8s.io
-  kind:  {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role
+  kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role
   name: mysql-agent
 subjects:
 - kind: ServiceAccount