67b4b38a12
* Add OCP support to helm chart. Signed-off-by: Bin Guo <bin.guo@casa-systems.com> Signed-off-by: Arthur <arthur@arthurvardevanyan.com> Co-authored-by: Bin Guo <bin.guo@casa-systems.com> Co-authored-by: David Ko <dko@suse.com> Co-authored-by: binguo-casa <70552879+binguo-casa@users.noreply.github.com>
50 lines
1.4 KiB
YAML
50 lines
1.4 KiB
YAML
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: longhorn-bind
|
|
labels: {{- include "longhorn.labels" . | nindent 4 }}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: longhorn-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: longhorn-service-account
|
|
namespace: {{ include "release_namespace" . }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: longhorn-support-bundle
|
|
labels: {{- include "longhorn.labels" . | nindent 4 }}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: cluster-admin
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: longhorn-support-bundle
|
|
namespace: {{ include "release_namespace" . }}
|
|
{{- if .Values.openshift.enabled }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: longhorn-ocp-privileged-bind
|
|
labels: {{- include "longhorn.labels" . | nindent 4 }}
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: longhorn-ocp-privileged-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: longhorn-service-account
|
|
namespace: {{ include "release_namespace" . }}
|
|
- kind: ServiceAccount
|
|
name: longhorn-ui-service-account
|
|
namespace: {{ include "release_namespace" . }}
|
|
- kind: ServiceAccount
|
|
name: default # supportbundle-agent-support-bundle uses default sa
|
|
namespace: {{ include "release_namespace" . }}
|
|
{{- end }}
|