Browse Source

Merge "Sonobuoy: allow multiple simultaneous chart installations"

Zuul 1 month ago
parent
commit
036e4b0c69

+ 5
- 3
sonobuoy/templates/pod-api.yaml View File

@@ -19,11 +19,13 @@ limitations under the License.
19 19
 
20 20
 {{- $serviceAccountName := "sonobuoy-serviceaccount" }}
21 21
 {{ tuple $envAll "sonobuoy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
22
+
23
+{{ $controllerName := printf "%s-%s" .Release.Namespace $serviceAccountName }}
22 24
 ---
23 25
 apiVersion: rbac.authorization.k8s.io/v1
24 26
 kind: ClusterRole
25 27
 metadata:
26
-  name: {{ $serviceAccountName }}
28
+  name: {{ $controllerName | quote }}
27 29
 rules:
28 30
 - apiGroups:
29 31
   - '*'
@@ -35,11 +37,11 @@ rules:
35 37
 apiVersion: rbac.authorization.k8s.io/v1
36 38
 kind: ClusterRoleBinding
37 39
 metadata:
38
-  name: {{ $serviceAccountName }}-heptio-sonobuoy
40
+  name: {{ $controllerName | quote }}
39 41
 roleRef:
40 42
   apiGroup: rbac.authorization.k8s.io
41 43
   kind: ClusterRole
42
-  name: {{ $serviceAccountName }}
44
+  name: {{ $controllerName | quote }}
43 45
 subjects:
44 46
 - kind: ServiceAccount
45 47
   name: {{ $serviceAccountName }}

+ 3
- 0
sonobuoy/templates/secret-etc.yaml View File

@@ -18,6 +18,9 @@ limitations under the License.
18 18
 {{- if empty .Values.conf.sonobuoy.WorkerImage -}}
19 19
 {{- $_ := set .Values.conf.sonobuoy "WorkerImage" .Values.images.tags.sonobuoy_api -}}
20 20
 {{- end -}}
21
+{{- if empty .Values.conf.sonobuoy.Namespace -}}
22
+{{- $_ := set .Values.conf.sonobuoy "Namespace" .Release.Namespace -}}
23
+{{- end -}}
21 24
 ---
22 25
 apiVersion: v1
23 26
 kind: Secret

+ 8
- 8
sonobuoy/templates/serviceaccount-readonly.yaml View File

@@ -59,13 +59,13 @@ may be referenced to list pods, etc.
59 59
 {{- if .Values.manifests.serviceaccount_readonly }}
60 60
 {{- $envAll := . }}
61 61
 
62
-{{- $serviceAccountName := "sonobuoy-readonly-serviceaccount" }}
63
-{{ tuple $envAll "sonobuoy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
62
+{{- $controllerName := printf "%s-%s" $envAll.Release.Namespace "sonobuoy-readonly-serviceaccount" }}
63
+{{ tuple $envAll "sonobuoy" $controllerName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
64 64
 ---
65 65
 apiVersion: rbac.authorization.k8s.io/v1
66 66
 kind: ClusterRole
67 67
 metadata:
68
-  name: sonobuoy-readonly-clusterrole
68
+  name: {{ $controllerName | quote }}
69 69
 rules:
70 70
 - apiGroups:
71 71
   - "*"
@@ -79,24 +79,24 @@ rules:
79 79
 apiVersion: rbac.authorization.k8s.io/v1
80 80
 kind: ClusterRoleBinding
81 81
 metadata:
82
-  name: sonobuoy-readonly-clusterrolebinding
82
+  name: {{ $controllerName | quote }}
83 83
 roleRef:
84 84
   apiGroup: rbac.authorization.k8s.io
85 85
   kind: ClusterRole
86
-  name: sonobuoy-readonly-clusterrole
86
+  name: {{ $controllerName | quote }}
87 87
 subjects:
88 88
 - kind: ServiceAccount
89
-  name: {{ $serviceAccountName }}
89
+  name: {{ $controllerName | quote }}
90 90
   namespace: {{ .Release.Namespace }}
91 91
 ---
92 92
 apiVersion: v1
93 93
 kind: Secret
94 94
 type: kubernetes.io/service-account-token
95 95
 metadata:
96
-  name: {{ $serviceAccountName }}-token-secret
96
+  name: sonobuoy-readonly-serviceaccount-token-secret
97 97
   namespace: {{ .Release.Namespace }}
98 98
   annotations:
99
-    kubernetes.io/service-account.name: {{ $serviceAccountName }}
99
+    kubernetes.io/service-account.name: {{ $controllerName }}
100 100
     {{/*
101 101
     post-install hook is required to cause ServiceAccount to be deployed
102 102
     before creating a secret token for it. By default helm deploys secrets

+ 2
- 0
sonobuoy/values.yaml View File

@@ -126,6 +126,8 @@ conf:
126 126
     Limits:
127 127
       PodLogs:
128 128
         SizeLimitBytes: 10000
129
+    # NOTE: the Namespace should not be defined and is set in sonobuoy-etc
130
+    Namespace: null
129 131
     # NOTE: the WorkerImage should not be defined and is set in sonobuoy-etc
130 132
     WorkerImage: null
131 133
     ImagePullPolicy: IfNotPresent

+ 8
- 1
tools/gate/scripts/sonobuoy.sh View File

@@ -19,5 +19,12 @@ set -xe
19 19
 helm dependency update sonobuoy
20 20
 helm upgrade --install sonobuoy sonobuoy \
21 21
     --namespace=heptio-sonobuoy \
22
-    --set endpoints.identity.namespace=openstack
22
+    --set endpoints.identity.namespace=openstack \
23
+    --set manifests.serviceaccount_readonly=true
23 24
 helm test sonobuoy
25
+
26
+helm upgrade --install another-sonobuoy sonobuoy \
27
+    --namespace=sonobuoy \
28
+    --set endpoints.identity.namespace=openstack \
29
+    --set manifests.serviceaccount_readonly=true
30
+helm test another-sonobuoy

Loading…
Cancel
Save