Merge "[CONTRIB] Correct serviceaccount for awx"

1 files changed, 44 insertions, 0 deletions

diff --git a/kubernetes/contrib/components/awx/templates/serviceaccount.yaml b/kubernetes/contrib/components/awx/templates/serviceaccount.yaml
new file mode 100644
index 0000000000..15baf0e308
--- /dev/null
+++ b/kubernetes/contrib/components/awx/templates/serviceaccount.yaml
@@ -0,0 +1,44 @@
+{{/*
+# Copyright © 2019 Bell Canada
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "common.fullname" . }}
+  namespace: {{ include "common.namespace" . }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ include "common.fullname" . }}-endpoint-reader
+  namespace: {{ include "common.namespace" . }}
+rules:
+- apiGroups: ["", "extensions", "apps", "batch"]
+  resources: ["endpoints", "deployments", "pods", "replicasets/status", "jobs/status"]
+  verbs: ["get", "list"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ include "common.fullname" . }}-endpoint-reader
+  namespace: {{ include "common.namespace" . }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ include "common.fullname" . }}-endpoint-reader
+subjects:
+- kind: ServiceAccount
+  name: {{ include "common.fullname" . }}
\ No newline at end of file