Merge "Sonobuoy: allow multiple simultaneous chart installations"
This commit is contained in:
commit
036e4b0c69
|
@ -19,11 +19,13 @@ limitations under the License.
|
|||
|
||||
{{- $serviceAccountName := "sonobuoy-serviceaccount" }}
|
||||
{{ tuple $envAll "sonobuoy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
|
||||
{{ $controllerName := printf "%s-%s" .Release.Namespace $serviceAccountName }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}
|
||||
name: {{ $controllerName | quote }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- '*'
|
||||
|
@ -35,11 +37,11 @@ rules:
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}-heptio-sonobuoy
|
||||
name: {{ $controllerName | quote }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: {{ $serviceAccountName }}
|
||||
name: {{ $controllerName | quote }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
|
|
|
@ -18,6 +18,9 @@ limitations under the License.
|
|||
{{- if empty .Values.conf.sonobuoy.WorkerImage -}}
|
||||
{{- $_ := set .Values.conf.sonobuoy "WorkerImage" .Values.images.tags.sonobuoy_api -}}
|
||||
{{- end -}}
|
||||
{{- if empty .Values.conf.sonobuoy.Namespace -}}
|
||||
{{- $_ := set .Values.conf.sonobuoy "Namespace" .Release.Namespace -}}
|
||||
{{- end -}}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
|
|
|
@ -59,13 +59,13 @@ may be referenced to list pods, etc.
|
|||
{{- if .Values.manifests.serviceaccount_readonly }}
|
||||
{{- $envAll := . }}
|
||||
|
||||
{{- $serviceAccountName := "sonobuoy-readonly-serviceaccount" }}
|
||||
{{ tuple $envAll "sonobuoy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
{{- $controllerName := printf "%s-%s" $envAll.Release.Namespace "sonobuoy-readonly-serviceaccount" }}
|
||||
{{ tuple $envAll "sonobuoy" $controllerName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||
---
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: sonobuoy-readonly-clusterrole
|
||||
name: {{ $controllerName | quote }}
|
||||
rules:
|
||||
- apiGroups:
|
||||
- "*"
|
||||
|
@ -79,24 +79,24 @@ rules:
|
|||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: sonobuoy-readonly-clusterrolebinding
|
||||
name: {{ $controllerName | quote }}
|
||||
roleRef:
|
||||
apiGroup: rbac.authorization.k8s.io
|
||||
kind: ClusterRole
|
||||
name: sonobuoy-readonly-clusterrole
|
||||
name: {{ $controllerName | quote }}
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: {{ $serviceAccountName }}
|
||||
name: {{ $controllerName | quote }}
|
||||
namespace: {{ .Release.Namespace }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
type: kubernetes.io/service-account-token
|
||||
metadata:
|
||||
name: {{ $serviceAccountName }}-token-secret
|
||||
name: sonobuoy-readonly-serviceaccount-token-secret
|
||||
namespace: {{ .Release.Namespace }}
|
||||
annotations:
|
||||
kubernetes.io/service-account.name: {{ $serviceAccountName }}
|
||||
kubernetes.io/service-account.name: {{ $controllerName }}
|
||||
{{/*
|
||||
post-install hook is required to cause ServiceAccount to be deployed
|
||||
before creating a secret token for it. By default helm deploys secrets
|
||||
|
|
|
@ -126,6 +126,8 @@ conf:
|
|||
Limits:
|
||||
PodLogs:
|
||||
SizeLimitBytes: 10000
|
||||
# NOTE: the Namespace should not be defined and is set in sonobuoy-etc
|
||||
Namespace: null
|
||||
# NOTE: the WorkerImage should not be defined and is set in sonobuoy-etc
|
||||
WorkerImage: null
|
||||
ImagePullPolicy: IfNotPresent
|
||||
|
|
|
@ -19,5 +19,12 @@ set -xe
|
|||
helm dependency update sonobuoy
|
||||
helm upgrade --install sonobuoy sonobuoy \
|
||||
--namespace=heptio-sonobuoy \
|
||||
--set endpoints.identity.namespace=openstack
|
||||
--set endpoints.identity.namespace=openstack \
|
||||
--set manifests.serviceaccount_readonly=true
|
||||
helm test sonobuoy
|
||||
|
||||
helm upgrade --install another-sonobuoy sonobuoy \
|
||||
--namespace=sonobuoy \
|
||||
--set endpoints.identity.namespace=openstack \
|
||||
--set manifests.serviceaccount_readonly=true
|
||||
helm test another-sonobuoy
|
||||
|
|
Loading…
Reference in New Issue