From 667191aa2d09deebe5e3f984ccb3a8ee5ffac1e6 Mon Sep 17 00:00:00 2001 From: Kashif Saadat Date: Fri, 28 Sep 2018 16:00:45 +0100 Subject: [PATCH] Maintain consistency in RBAC template definition with resources tied to namespaces Signed-off-by: Kashif Saadat --- mysql-operator/templates/02-rbac.yaml | 28 +++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/mysql-operator/templates/02-rbac.yaml b/mysql-operator/templates/02-rbac.yaml index 39688516b..73f6f4229 100644 --- a/mysql-operator/templates/02-rbac.yaml +++ b/mysql-operator/templates/02-rbac.yaml @@ -3,22 +3,22 @@ apiVersion: v1 kind: ServiceAccount metadata: name: mysql-operator - namespace: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}mysql-operator{{ else }}{{ .Values.operator.namespace}}{{ end }} + namespace: {{ .Values.operator.namespace }} --- apiVersion: v1 kind: ServiceAccount metadata: name: mysql-agent - namespace: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}default{{ else }}{{ .Values.operator.namespace}}{{ end }} + namespace: {{ .Values.operator.namespace }} --- {{- if .Values.rbac.enabled -}} apiVersion: rbac.authorization.k8s.io/v1beta1 kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role metadata: - name: mysql-operator{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else}} - namespace: {{ .Values.operator.namespace}}{{ end }} + name: mysql-operator{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else }} + namespace: {{ .Values.operator.namespace }}{{ end }} rules: - apiGroups: [""] resources: ["pods"] @@ -34,7 +34,7 @@ rules: verbs: {{- if hasPrefix "0.1" .Values.image.tag }} - get - {{- end}} + {{- end }} - create - apiGroups: [""] @@ -88,7 +88,7 @@ rules: apiVersion: rbac.authorization.k8s.io/v1beta1 kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role metadata: - name: mysql-agent{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else}} + name: mysql-agent{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else }} namespace: {{ .Values.operator.namespace}}{{ end }} rules: - apiGroups: [""] @@ -127,13 +127,13 @@ rules: --- apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}RoleBinding +kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}RoleBinding metadata: - name: mysql-operator - namespace: {{ .Values.operator.namespace}} + name: mysql-operator{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else }} + namespace: {{ .Values.operator.namespace }}{{ end }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role + kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role name: mysql-operator subjects: - kind: ServiceAccount @@ -142,13 +142,13 @@ subjects: --- apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}RoleBinding +kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}RoleBinding metadata: - name: mysql-agent - namespace: {{ .Values.operator.namespace}} + name: mysql-agent{{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}{{ else }} + namespace: {{ .Values.operator.namespace }}{{ end }} roleRef: apiGroup: rbac.authorization.k8s.io - kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role + kind: {{ if and (.Values.operator.global) (eq .Values.operator.namespace "mysql-operator") }}Cluster{{ end }}Role name: mysql-agent subjects: - kind: ServiceAccount