Merge "Sonobuoy: allow multiple simultaneous chart installations"
This commit is contained in:
commit
036e4b0c69
|
@ -19,11 +19,13 @@ limitations under the License.
|
||||||
|
|
||||||
{{- $serviceAccountName := "sonobuoy-serviceaccount" }}
|
{{- $serviceAccountName := "sonobuoy-serviceaccount" }}
|
||||||
{{ tuple $envAll "sonobuoy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
{{ tuple $envAll "sonobuoy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||||
|
|
||||||
|
{{ $controllerName := printf "%s-%s" .Release.Namespace $serviceAccountName }}
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ $serviceAccountName }}
|
name: {{ $controllerName | quote }}
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- '*'
|
- '*'
|
||||||
|
@ -35,11 +37,11 @@ rules:
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ $serviceAccountName }}-heptio-sonobuoy
|
name: {{ $controllerName | quote }}
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: {{ $serviceAccountName }}
|
name: {{ $controllerName | quote }}
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: {{ $serviceAccountName }}
|
name: {{ $serviceAccountName }}
|
||||||
|
|
|
@ -18,6 +18,9 @@ limitations under the License.
|
||||||
{{- if empty .Values.conf.sonobuoy.WorkerImage -}}
|
{{- if empty .Values.conf.sonobuoy.WorkerImage -}}
|
||||||
{{- $_ := set .Values.conf.sonobuoy "WorkerImage" .Values.images.tags.sonobuoy_api -}}
|
{{- $_ := set .Values.conf.sonobuoy "WorkerImage" .Values.images.tags.sonobuoy_api -}}
|
||||||
{{- end -}}
|
{{- end -}}
|
||||||
|
{{- if empty .Values.conf.sonobuoy.Namespace -}}
|
||||||
|
{{- $_ := set .Values.conf.sonobuoy "Namespace" .Release.Namespace -}}
|
||||||
|
{{- end -}}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
|
|
|
@ -59,13 +59,13 @@ may be referenced to list pods, etc.
|
||||||
{{- if .Values.manifests.serviceaccount_readonly }}
|
{{- if .Values.manifests.serviceaccount_readonly }}
|
||||||
{{- $envAll := . }}
|
{{- $envAll := . }}
|
||||||
|
|
||||||
{{- $serviceAccountName := "sonobuoy-readonly-serviceaccount" }}
|
{{- $controllerName := printf "%s-%s" $envAll.Release.Namespace "sonobuoy-readonly-serviceaccount" }}
|
||||||
{{ tuple $envAll "sonobuoy" $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
{{ tuple $envAll "sonobuoy" $controllerName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
|
||||||
---
|
---
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
metadata:
|
metadata:
|
||||||
name: sonobuoy-readonly-clusterrole
|
name: {{ $controllerName | quote }}
|
||||||
rules:
|
rules:
|
||||||
- apiGroups:
|
- apiGroups:
|
||||||
- "*"
|
- "*"
|
||||||
|
@ -79,24 +79,24 @@ rules:
|
||||||
apiVersion: rbac.authorization.k8s.io/v1
|
apiVersion: rbac.authorization.k8s.io/v1
|
||||||
kind: ClusterRoleBinding
|
kind: ClusterRoleBinding
|
||||||
metadata:
|
metadata:
|
||||||
name: sonobuoy-readonly-clusterrolebinding
|
name: {{ $controllerName | quote }}
|
||||||
roleRef:
|
roleRef:
|
||||||
apiGroup: rbac.authorization.k8s.io
|
apiGroup: rbac.authorization.k8s.io
|
||||||
kind: ClusterRole
|
kind: ClusterRole
|
||||||
name: sonobuoy-readonly-clusterrole
|
name: {{ $controllerName | quote }}
|
||||||
subjects:
|
subjects:
|
||||||
- kind: ServiceAccount
|
- kind: ServiceAccount
|
||||||
name: {{ $serviceAccountName }}
|
name: {{ $controllerName | quote }}
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Secret
|
kind: Secret
|
||||||
type: kubernetes.io/service-account-token
|
type: kubernetes.io/service-account-token
|
||||||
metadata:
|
metadata:
|
||||||
name: {{ $serviceAccountName }}-token-secret
|
name: sonobuoy-readonly-serviceaccount-token-secret
|
||||||
namespace: {{ .Release.Namespace }}
|
namespace: {{ .Release.Namespace }}
|
||||||
annotations:
|
annotations:
|
||||||
kubernetes.io/service-account.name: {{ $serviceAccountName }}
|
kubernetes.io/service-account.name: {{ $controllerName }}
|
||||||
{{/*
|
{{/*
|
||||||
post-install hook is required to cause ServiceAccount to be deployed
|
post-install hook is required to cause ServiceAccount to be deployed
|
||||||
before creating a secret token for it. By default helm deploys secrets
|
before creating a secret token for it. By default helm deploys secrets
|
||||||
|
|
|
@ -126,6 +126,8 @@ conf:
|
||||||
Limits:
|
Limits:
|
||||||
PodLogs:
|
PodLogs:
|
||||||
SizeLimitBytes: 10000
|
SizeLimitBytes: 10000
|
||||||
|
# NOTE: the Namespace should not be defined and is set in sonobuoy-etc
|
||||||
|
Namespace: null
|
||||||
# NOTE: the WorkerImage should not be defined and is set in sonobuoy-etc
|
# NOTE: the WorkerImage should not be defined and is set in sonobuoy-etc
|
||||||
WorkerImage: null
|
WorkerImage: null
|
||||||
ImagePullPolicy: IfNotPresent
|
ImagePullPolicy: IfNotPresent
|
||||||
|
|
|
@ -19,5 +19,12 @@ set -xe
|
||||||
helm dependency update sonobuoy
|
helm dependency update sonobuoy
|
||||||
helm upgrade --install sonobuoy sonobuoy \
|
helm upgrade --install sonobuoy sonobuoy \
|
||||||
--namespace=heptio-sonobuoy \
|
--namespace=heptio-sonobuoy \
|
||||||
--set endpoints.identity.namespace=openstack
|
--set endpoints.identity.namespace=openstack \
|
||||||
|
--set manifests.serviceaccount_readonly=true
|
||||||
helm test sonobuoy
|
helm test sonobuoy
|
||||||
|
|
||||||
|
helm upgrade --install another-sonobuoy sonobuoy \
|
||||||
|
--namespace=sonobuoy \
|
||||||
|
--set endpoints.identity.namespace=openstack \
|
||||||
|
--set manifests.serviceaccount_readonly=true
|
||||||
|
helm test another-sonobuoy
|
||||||
|
|
Loading…
Reference in New Issue