Commit 846d7ae4 authored by Jens Langhammer's avatar Jens Langhammer

add rbac to allow tier0 to use k8s API

parent 23ccb055
......@@ -21,8 +21,9 @@ spec:
app.kubernetes.io/instance: {{ .Release.Name }}
k8s.p2.io/component: tier0
spec:
serviceAccountName: {{ include "p2.fullname" . }}-tier0
containers:
- name: {{ .Chart.Name }}
- name: {{ .Chart.Name }}-tier0
image: "docker.beryju.org/p2/tier0:{{ .Values.image.tag }}"
imagePullPolicy: IfNotPresent
ports:
......@@ -33,15 +34,11 @@ spec:
containerPort: 8093
protocol: TCP
livenessProbe:
initialDelaySeconds: 20
timeoutSeconds: 5
httpGet:
path: /
path: /_/tier0/health
port: http
readinessProbe:
initialDelaySeconds: 20
timeoutSeconds: 5
httpGet:
path: /
path: /_/tier0/health
port: http
{{- end }}
{{- if .Values.beta_enable_tier0 -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "p2.fullname" . }}-tier0
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ include "p2.fullname" . }}-tier0-role
rules:
- apiGroups: [""]
resources:
- services
- pods
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ include "p2.fullname" . }}-tier0
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ include "p2.fullname" . }}-tier0-role
subjects:
- kind: ServiceAccount
name: {{ include "p2.fullname" . }}-tier0
{{- end }}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment