Acasă Explorează Ajutor
Autentificare
cecf
/
deploy
5
0
Bifurcare 0
Fisiere Probleme 0 Trageți solicitările 0 Wiki
Arbore: e4538f3d9b
Ramuri Etichete
deploy
/
timescaledb
/
stackgres-operator
/
templates
/
webapi-admin-cluster-role-binding.yaml

webapi-admin-cluster-role-binding.yaml 2.7 KB
Istoric Crud

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192 
  1. {{- if .Values.deploy.restapi }}
    2. 

  2. {{- if eq "true" (include "unmodificableWebapiAdminClusterRoleBinding" .) }}
    3. 

  3. ---
    4. 

  4. apiVersion: batch/v1
    5. 

  5. kind: Job
    6. 

  6. metadata:
    7. 

  7.   namespace: {{ .Release.Namespace }}
    8. 

  8.   name: "{{ .Release.Name }}-delete-webapi-admin-clusterrolebinding"
    9. 

  9.   labels:
    10. 

  10.     app: stackgres-operator-init
    11. 

  11.     job: delete-webapi-admin-clusterrolebinding
    12. 

  12.   annotations:
    13. 

  13.     "helm.sh/hook": pre-upgrade
    14. 

  14.     "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
    15. 

  15.     "helm.sh/hook-weight": "10"
    16. 

  16.     {{- with .Values.jobs.annotations }}
    17. 

  17.     {{- toYaml . | nindent 4 }}
    18. 

  18.     {{- end }}
    19. 

  19. spec:
    20. 

  20.   ttlSecondsAfterFinished: 3600
    21. 

  21.   template:
    22. 

  22.     metadata:
    23. 

  23.       labels:
    24. 

  24.         app: stackgres-operator-init
    25. 

  25.         job: delete-webapi-admin-clusterrolebinding
    26. 

  26.     spec:
    27. 

  27.       serviceAccountName: {{ .Release.Name }}-init
    28. 

  28.       restartPolicy: OnFailure
    29. 

  29.       terminationGracePeriodSeconds: 0
    30. 

  30.       {{- with .Values.jobs.affinity}}
    31. 

  31.       affinity:
    32. 

  32.         {{- toYaml . | nindent 8 }}
    33. 

  33.       {{- end}}
    34. 

  34.       {{- with .Values.jobs.nodeSelector}}
    35. 

  35.       nodeSelector:
    36. 

  36.         {{- toYaml . | nindent 8 }}
    37. 

  37.       {{- end }}
    38. 

  38.       {{- with .Values.jobs.tolerations }}
    39. 

  39.       tolerations:
    40. 

  40.         {{- toYaml . | nindent 8 }}
    41. 

  41.       {{- end }}
    42. 

  42.       containers:
    43. 

  43.       - name: "delete-webapi-admin-clusterrolebinding"
    44. 

  44.         image: {{ template "kubectl-image" . }}
    45. 

  45.         imagePullPolicy: "IfNotPresent"
    46. 

  46.         {{- with .Values.jobs.resources }}
    47. 

  47.         resources:
    48. 

  48.           {{- toYaml . | nindent 10 }}
    49. 

  49.         {{- end }}
    50. 

  50.         command:
    51. 

  51.           - "/bin/bash"
    52. 

  52.           - "-ecx"
    53. 

  53.           - |
    54. 

  54.             kubectl delete clusterrolebinding stackgres-restapi-admin --ignore-not-found
    55. 

  55. {{- end }}
    56. 

  56. {{- $allowedNamespaces := regexSplit " " (include "allowedNamespaces" .) -1 }}
    57. 

  57. {{- range $index, $namespace := $allowedNamespaces }}
    58. 

  58. {{- if and (eq $index 0) (or (eq $namespace "_all_namespaces_placeholder") (not $.Values.disableClusterRole)) }}
    59. 

  59. ---
    60. 

  60. apiVersion: rbac.authorization.k8s.io/v1
    61. 

  61. kind: ClusterRoleBinding
    62. 

  62. metadata:
    63. 

  63.   name: stackgres-restapi-admin
    64. 

  64. {{- with $.Values.clusterOwnerRefereces }}
    65. 

  65.   ownerReferences:
    66. 

  66.     {{- toYaml . | nindent 4 }}
    67. 

  67. {{- end }}
    68. 

  68. subjects:
    69. 

  69. - kind: User
    70. 

  70.   name: {{ $.Values.authentication.user | quote }}
    71. 

  71. roleRef:
    72. 

  72.   kind: ClusterRole
    73. 

  73.   name: stackgres-restapi-admin
    74. 

  74.   apiGroup: rbac.authorization.k8s.io
    75. 

  75. {{- end }}
    76. 

  76. {{- if not (eq $namespace "_all_namespaces_placeholder") }}
    77. 

  77. ---
    78. 

  78. apiVersion: rbac.authorization.k8s.io/v1
    79. 

  79. kind: RoleBinding
    80. 

  80. metadata:
    81. 

  81.   namespace: {{ $namespace }}
    82. 

  82.   name: stackgres-restapi-admin
    83. 

  83. subjects:
    84. 

  84. - kind: User
    85. 

  85.   name: {{ $.Values.authentication.user | quote }}
    86. 

  86. roleRef:
    87. 

  87.   kind: Role
    88. 

  88.   name: stackgres-restapi-admin
    89. 

  89.   apiGroup: rbac.authorization.k8s.io
    90. 

  90. {{- end }}
    91. 

  91. {{- end }}
    92. 

  92. {{- end }}
    93.