From 207bb37124bb05c8e4c1c44e3761933811c31301 Mon Sep 17 00:00:00 2001 From: ajanikow Date: Wed, 25 Sep 2019 07:33:42 +0000 Subject: [PATCH] bug/add_default_role_access --- .../default-role-binding.yaml | 26 +++++++++++++ .../deployment-operator/default-role.yaml | 21 ++++++++++ manifests/arango-deployment-replication.yaml | 6 +++ manifests/arango-deployment.yaml | 38 +++++++++++++++++++ manifests/arango-storage.yaml | 6 +++ 5 files changed, 97 insertions(+) create mode 100644 chart/kube-arangodb/templates/deployment-operator/default-role-binding.yaml create mode 100644 chart/kube-arangodb/templates/deployment-operator/default-role.yaml diff --git a/chart/kube-arangodb/templates/deployment-operator/default-role-binding.yaml b/chart/kube-arangodb/templates/deployment-operator/default-role-binding.yaml new file mode 100644 index 000000000..606474ee4 --- /dev/null +++ b/chart/kube-arangodb/templates/deployment-operator/default-role-binding.yaml @@ -0,0 +1,26 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "kube-arangodb.rbac" . }}-default +subjects: + - kind: ServiceAccount + name: default + namespace: {{ .Release.Namespace }} + + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/kube-arangodb/templates/deployment-operator/default-role.yaml b/chart/kube-arangodb/templates/deployment-operator/default-role.yaml new file mode 100644 index 000000000..af530b233 --- /dev/null +++ b/chart/kube-arangodb/templates/deployment-operator/default-role.yaml @@ -0,0 +1,21 @@ +{{ if .Values.rbac.enabled -}} +{{ if .Values.operator.features.deployment -}} + +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "kube-arangodb.rbac" . }}-default + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "kube-arangodb.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + release: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] + +{{- end }} +{{- end }} \ No newline at end of file diff --git a/manifests/arango-deployment-replication.yaml b/manifests/arango-deployment-replication.yaml index a17892b04..73a12303a 100644 --- a/manifests/arango-deployment-replication.yaml +++ b/manifests/arango-deployment-replication.yaml @@ -233,6 +233,12 @@ spec: --- # Source: kube-arangodb/templates/deployment-operator/cluster-role.yaml +--- +# Source: kube-arangodb/templates/deployment-operator/default-role-binding.yaml + +--- +# Source: kube-arangodb/templates/deployment-operator/default-role.yaml + --- # Source: kube-arangodb/templates/deployment-operator/role-binding.yaml diff --git a/manifests/arango-deployment.yaml b/manifests/arango-deployment.yaml index 5d756fb08..6b160c8d2 100644 --- a/manifests/arango-deployment.yaml +++ b/manifests/arango-deployment.yaml @@ -56,6 +56,23 @@ subjects: name: arango-deployment-operator namespace: default --- +# Source: kube-arangodb/templates/deployment-operator/default-role.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: arango-deployment-operator-rbac-default + namespace: default + labels: + app.kubernetes.io/name: kube-arangodb + helm.sh/chart: kube-arangodb-1.0.0 + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/instance: deployment + release: deployment +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get"] +--- # Source: kube-arangodb/templates/deployment-operator/role.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -85,6 +102,27 @@ rules: resources: ["servicemonitors"] verbs: ["get", "create", "delete"] --- +# Source: kube-arangodb/templates/deployment-operator/default-role-binding.yaml +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: arango-deployment-operator-rbac-default + namespace: default + labels: + app.kubernetes.io/name: kube-arangodb + helm.sh/chart: kube-arangodb-1.0.0 + app.kubernetes.io/managed-by: Tiller + app.kubernetes.io/instance: deployment + release: deployment +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: arango-deployment-operator-rbac-default +subjects: + - kind: ServiceAccount + name: default + namespace: default +--- # Source: kube-arangodb/templates/deployment-operator/role-binding.yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/manifests/arango-storage.yaml b/manifests/arango-storage.yaml index cc7ad8e83..271199a2a 100644 --- a/manifests/arango-storage.yaml +++ b/manifests/arango-storage.yaml @@ -265,6 +265,12 @@ spec: --- # Source: kube-arangodb/templates/deployment-operator/cluster-role.yaml +--- +# Source: kube-arangodb/templates/deployment-operator/default-role-binding.yaml + +--- +# Source: kube-arangodb/templates/deployment-operator/default-role.yaml + --- # Source: kube-arangodb/templates/deployment-operator/role-binding.yaml