summaryrefslogtreecommitdiffstats
path: root/kubernetes/common/serviceAccount/templates/role-binding.yaml
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2021-05-12 08:58:36 +0000
committerGerrit Code Review <gerrit@onap.org>2021-05-12 08:58:36 +0000
commitd82ed7c1549b5b90597552d62fbf2dd22121aeeb (patch)
tree0f7dc0c594fb95ba58d4e294f2f0da33cf75884b /kubernetes/common/serviceAccount/templates/role-binding.yaml
parent3ec69ace22277da78ba3de681078478e7f036bd0 (diff)
parent6f4e8c05f173a957c61acd0741541f52a552e12c (diff)
Merge "[COMMON][ROLES] Create default roles once"
Diffstat (limited to 'kubernetes/common/serviceAccount/templates/role-binding.yaml')
-rw-r--r--kubernetes/common/serviceAccount/templates/role-binding.yaml12
1 files changed, 9 insertions, 3 deletions
diff --git a/kubernetes/common/serviceAccount/templates/role-binding.yaml b/kubernetes/common/serviceAccount/templates/role-binding.yaml
index 2082f8466b..7c272aecda 100644
--- a/kubernetes/common/serviceAccount/templates/role-binding.yaml
+++ b/kubernetes/common/serviceAccount/templates/role-binding.yaml
@@ -16,18 +16,24 @@
{{- $dot := . -}}
{{- range $role_type := $dot.Values.roles }}
+{{/* retrieve the names for generic roles */}}
+{{ $name := printf "%s-%s" (include "common.release" $dot) $role_type }}
+{{- if not (has $role_type $dot.Values.defaultRoles) }}
+{{ $name = include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
+{{- end }}
---
apiVersion: rbac.authorization.k8s.io/v1
# This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
kind: RoleBinding
metadata:
- name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}}
+ name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
namespace: {{ include "common.namespace" $dot }}
subjects:
- kind: ServiceAccount
- name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}}
+ name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
roleRef:
kind: Role
- name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}}
+ name: {{ $name }}
apiGroup: rbac.authorization.k8s.io
{{- end }}
+