This commit adds a helm chart that deploys a rolebinding to the openstack application to allow deployments to the openstack namespace after PodSecurityPolicy plugin is enabled on the Kubernetes cluster. Change-Id: I57d3a31c9fcc7e03499e605d6d722fdb36004339 Partial-bug: 1878900 Depends-On: https://review.opendev.org/#/c/734408/ Depends-On: https://review.opendev.org/#/c/735998/ Signed-off-by: Jerry Sun <jerry.sun@windriver.com>changes/02/736002/2
parent
7ff175f60c
commit
92ed6fecc7
@ -0,0 +1,43 @@
|
||||
#
|
||||
# Copyright (c) 2020 Wind River Systems, Inc.
|
||||
#
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
|
||||
from k8sapp_openstack.common import constants as app_constants
|
||||
|
||||
from sysinv.common import constants
|
||||
from sysinv.common import exception
|
||||
|
||||
from sysinv.helm import base
|
||||
from sysinv.helm import common
|
||||
|
||||
|
||||
class PSPRolebindingHelm(base.BaseHelm):
|
||||
"""Class to encapsulate helm operations for the psp rolebinding chart"""
|
||||
|
||||
SUPPORTED_NAMESPACES = \
|
||||
base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK]
|
||||
SUPPORTED_APP_NAMESPACES = {
|
||||
constants.HELM_APP_OPENSTACK:
|
||||
base.BaseHelm.SUPPORTED_NAMESPACES + [common.HELM_NS_OPENSTACK]
|
||||
}
|
||||
|
||||
CHART = app_constants.HELM_CHART_PSP_ROLEBINDING
|
||||
SERVICE_NAME = 'psp-rolebinding'
|
||||
|
||||
def get_namespaces(self):
|
||||
return self.SUPPORTED_NAMESPACES
|
||||
|
||||
def get_overrides(self, namespace=None):
|
||||
overrides = {
|
||||
common.HELM_NS_OPENSTACK: {}
|
||||
}
|
||||
|
||||
if namespace in self.SUPPORTED_NAMESPACES:
|
||||
return overrides[namespace]
|
||||
elif namespace:
|
||||
raise exception.InvalidHelmNamespace(chart=self.CHART,
|
||||
namespace=namespace)
|
||||
else:
|
||||
return overrides
|
Loading…
Reference in new issue