From 6a704d00d3a598039f926f80600f00a8b25e58de Mon Sep 17 00:00:00 2001 From: rameshiyer27 Date: Tue, 29 Mar 2022 14:33:10 +0100 Subject: [POLICY] Enable cluster role for k8s-ppnt Cluster role is required for the k8s-ppnt to perform helm deployments on the cluster Issue-ID: POLICY-3748 Signed-off-by: zrrmmua Change-Id: Ib916803d22f6ecf0ed16e8c75fe52b4e567069ca --- .../templates/service.yaml | 28 ++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) (limited to 'kubernetes') diff --git a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/service.yaml b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/service.yaml index be2449f890..73381c9e3b 100644 --- a/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/service.yaml +++ b/kubernetes/policy/components/policy-clamp-cl-k8s-ppnt/templates/service.yaml @@ -1,6 +1,6 @@ {{/* # ============LICENSE_START======================================================= -# Copyright (C) 2021 Nordix Foundation. All rights reserved. +# Copyright (C) 2021-2022 Nordix Foundation. All rights reserved. # ================================================================================ # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -18,4 +18,28 @@ # ============LICENSE_END========================================================= */}} -{{ include "common.service" . }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: policy-clamp-cl-k8s-ppnt + namespace: {{ include "common.namespace" . }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ include "common.namespace" . }}-policy-clamp-cl-k8s-ppnt-binding + namespace: {{ include "common.namespace" . }} + labels: + app: {{ include "common.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ include "common.release" . }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: + - kind: ServiceAccount + name: policy-clamp-cl-k8s-ppnt + namespace: {{ include "common.namespace" . }} + -- cgit 1.2.3-korg