airship/shipyard
Code Issues Proposed changes

RBAC: Update serviceaccount and k8s rbac for shipyard

Browse Source 
This patch set brings the shipyard chart to be inline with OSH* RBAC
approach used in [0] and [1].

[0] https://review.openstack.org/#/c/526464/52
[1] https://review.openstack.org/#/c/529378/

Change-Id: I608d00a69729e347b4121745e80f1e9760e5f6d4
This commit is contained in:
Anthony Lin
2017-12-27 07:48:51 +00:00
parent 706bb69d2d
commit 5db6d42050
9 changed files with 42 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
charts/shipyard/templates/job-shipyard-db-sync.yaml
View File

@@ -17,6 +17,10 @@ limitations under the License.
{{- if .Values.manifests.job_shipyard_db_sync }}
{{- $envAll := . }}
{{- $dependencies := .Values.dependencies.shipyard_db_sync }}
{{- $mounts_shipyard_db_sync := .Values.pod.mounts.shipyard_db_sync.shipyard_db_sync }}
{{- $mounts_shipyard_db_sync_init := .Values.pod.mounts.shipyard_db_sync.init_container }}
{{- $serviceAccountName := "shipyard-db-sync" }}
{{ tuple $envAll $dependencies $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
---
apiVersion: batch/v1
kind: Job
@@ -28,11 +32,12 @@ spec:
labels:
{{ tuple $envAll "shipyard" "db-sync" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }}
spec:
serviceAccountName: {{ $serviceAccountName }}
restartPolicy: OnFailure
nodeSelector:
{{ .Values.labels.node_selector_key }}: {{ .Values.labels.node_selector_value }}
initContainers:
{{ tuple $envAll $dependencies "[]" | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
{{ tuple $envAll $dependencies list | include "helm-toolkit.snippets.kubernetes_entrypoint_init_container" | indent 8 }}
containers:
- name: shipyard-db-sync
image: {{ .Values.images.tags.shipyard_db_sync }}
@@ -65,6 +70,7 @@ spec:
mountPath: /etc/shipyard/shipyard.conf
subPath: shipyard.conf
readOnly: true
{{ if $mounts_shipyard_db_sync.volumeMounts }}{{ toYaml $mounts_shipyard_db_sync.volumeMounts | indent 10 }}{{ end }}
volumes:
- name: etc-shipyard
emptyDir: {}
@@ -76,4 +82,5 @@ spec:
configMap:
name: shipyard-bin
defaultMode: 0555
{{ if $mounts_shipyard_db_sync.volumes }}{{ toYaml $mounts_shipyard_db_sync.volumes | indent 6 }}{{ end }}
{{- end }}