From d03323797f02768ece42a047c14ae6cda3cc4974 Mon Sep 17 00:00:00 2001 From: Alexey Bogdanov <132354888+alexey-bogdanov@users.noreply.github.com> Date: Tue, 30 Jul 2024 14:22:23 +0300 Subject: [PATCH] Sts (#21) * fixed RBAC generation logic * up version --- charts/testops/Chart.yaml | 2 +- charts/testops/templates/infra/role.yaml | 39 ++++++------------- .../testops/templates/infra/rolebinding.yaml | 4 +- .../templates/testops/testops-dep.yaml | 2 +- 4 files changed, 15 insertions(+), 32 deletions(-) diff --git a/charts/testops/Chart.yaml b/charts/testops/Chart.yaml index 857c649..048a202 100644 --- a/charts/testops/Chart.yaml +++ b/charts/testops/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: testops -version: 5.6.5 +version: 5.6.6 appVersion: 5.6.4 description: TestOps diff --git a/charts/testops/templates/infra/role.yaml b/charts/testops/templates/infra/role.yaml index ec665ea..902cd8a 100644 --- a/charts/testops/templates/infra/role.yaml +++ b/charts/testops/templates/infra/role.yaml @@ -1,31 +1,14 @@ -{{- if .Values.rbac.enabled }} +{{- if .Values.rbac.enabled -}} +# create rbac role with permission for discovery kind: Role -apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }} +apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ include "common.names.fullname" . }} - namespace: {{ .Release.Namespace | quote }} - labels: {{- include "common.labels.standard" . | nindent 4 }} - {{- if .Values.commonLabels }} - {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} - {{- end }} - {{- if .Values.commonAnnotations }} - annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} - {{- end }} -# yamllint disable rule:indentation + name: {{ template "allure-testops.name" . }}-namespace-reader + labels: + app: {{ template "allure-testops.name" . }} + chart: {{ template "allure-testops.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} rules: - {{- $pspAvailable := (semverCompare "<1.25-0" (include "common.capabilities.kubeVersion" .)) -}} - {{- if and $pspAvailable .Values.psp.create }} - - apiGroups: - - 'policy' - resources: - - 'podsecuritypolicies' - verbs: - - 'use' - resourceNames: - - {{ include "common.names.fullname" . }} - {{- end }} - {{- if .Values.rbac.rules }} - {{- include "common.tplvalues.render" ( dict "value" .Values.rbac.rules "context" $ ) | nindent 2 }} - {{- end }} - # yamllint enable rule:indentation -{{- end }} +{{ toYaml .Values.rbac.rules | indent 2}} +{{- end -}} diff --git a/charts/testops/templates/infra/rolebinding.yaml b/charts/testops/templates/infra/rolebinding.yaml index 36936bc..ef87961 100644 --- a/charts/testops/templates/infra/rolebinding.yaml +++ b/charts/testops/templates/infra/rolebinding.yaml @@ -10,8 +10,8 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} subjects: -- kind: ServiceAccount - name: {{ template "allure-testops.name" . }}-sa + - kind: ServiceAccount + name: {{ template "allure-testops.name" . }}-sa roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/testops/templates/testops/testops-dep.yaml b/charts/testops/templates/testops/testops-dep.yaml index 1f53a8c..9c9761e 100644 --- a/charts/testops/templates/testops/testops-dep.yaml +++ b/charts/testops/templates/testops/testops-dep.yaml @@ -30,7 +30,7 @@ spec: {{- end }} spec: {{- if .Values.rbac.enabled }} - serviceAccountName: {{ template "allure-testops.name" . }}-sa + serviceAccountName: {{ .Values.rbac.serviceAccountName }} {{- end }} imagePullSecrets: - name: {{ .Values.image.authRequired.credsKubeSecretName }}