Merge "Sonobuoy: allow multiple simultaneous chart installations"

This commit is contained in:
Zuul 2019-03-02 03:20:14 +00:00 committed by Gerrit Code Review
commit 036e4b0c69
5 changed files with 26 additions and 12 deletions

View File

@ -19,11 +19,13 @@ limitations under the License.
{{- $serviceAccountName := "sonobuoy-serviceaccount" }}
{{ tuple $envAll "sonobuoy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{ $controllerName := printf "%s-%s" .Release.Namespace $serviceAccountName }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: {{ $serviceAccountName }}
name: {{ $controllerName | quote }}
rules:
- apiGroups:
- '*'
@ -35,11 +37,11 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: {{ $serviceAccountName }}-heptio-sonobuoy
name: {{ $controllerName | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: {{ $serviceAccountName }}
name: {{ $controllerName | quote }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}

View File

@ -18,6 +18,9 @@ limitations under the License.
{{- if empty .Values.conf.sonobuoy.WorkerImage -}}
{{- $_ := set .Values.conf.sonobuoy "WorkerImage" .Values.images.tags.sonobuoy_api -}}
{{- end -}}
{{- if empty .Values.conf.sonobuoy.Namespace -}}
{{- $_ := set .Values.conf.sonobuoy "Namespace" .Release.Namespace -}}
{{- end -}}
---
apiVersion: v1
kind: Secret

View File

@ -59,13 +59,13 @@ may be referenced to list pods, etc.
{{- if .Values.manifests.serviceaccount_readonly }}
{{- $envAll := . }}
{{- $serviceAccountName := "sonobuoy-readonly-serviceaccount" }}
{{ tuple $envAll "sonobuoy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
{{- $controllerName := printf "%s-%s" $envAll.Release.Namespace "sonobuoy-readonly-serviceaccount" }}
{{ tuple $envAll "sonobuoy" $controllerName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: sonobuoy-readonly-clusterrole
name: {{ $controllerName | quote }}
rules:
- apiGroups:
- "*"
@ -79,24 +79,24 @@ rules:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: sonobuoy-readonly-clusterrolebinding
name: {{ $controllerName | quote }}
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: sonobuoy-readonly-clusterrole
name: {{ $controllerName | quote }}
subjects:
- kind: ServiceAccount
name: {{ $serviceAccountName }}
name: {{ $controllerName | quote }}
namespace: {{ .Release.Namespace }}
---
apiVersion: v1
kind: Secret
type: kubernetes.io/service-account-token
metadata:
name: {{ $serviceAccountName }}-token-secret
name: sonobuoy-readonly-serviceaccount-token-secret
namespace: {{ .Release.Namespace }}
annotations:
kubernetes.io/service-account.name: {{ $serviceAccountName }}
kubernetes.io/service-account.name: {{ $controllerName }}
{{/*
post-install hook is required to cause ServiceAccount to be deployed
before creating a secret token for it. By default helm deploys secrets

View File

@ -126,6 +126,8 @@ conf:
Limits:
PodLogs:
SizeLimitBytes: 10000
# NOTE: the Namespace should not be defined and is set in sonobuoy-etc
Namespace: null
# NOTE: the WorkerImage should not be defined and is set in sonobuoy-etc
WorkerImage: null
ImagePullPolicy: IfNotPresent

View File

@ -19,5 +19,12 @@ set -xe
helm dependency update sonobuoy
helm upgrade --install sonobuoy sonobuoy \
--namespace=heptio-sonobuoy \
--set endpoints.identity.namespace=openstack
--set endpoints.identity.namespace=openstack \
--set manifests.serviceaccount_readonly=true
helm test sonobuoy
helm upgrade --install another-sonobuoy sonobuoy \
--namespace=sonobuoy \
--set endpoints.identity.namespace=openstack \
--set manifests.serviceaccount_readonly=true
helm test another-sonobuoy