From 1c48dbd1ced1afbd0f0f95eab95040322ad8b808 Mon Sep 17 00:00:00 2001 From: Jan-Hendrik Boll Date: Wed, 4 Sep 2024 14:20:11 +0200 Subject: [PATCH 1/2] Add Service Account and roles for integration --- cluster-service/Makefile | 5 +- .../cluster-service-namespace.yaml | 50 +++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 cluster-service/deploy/integration/cluster-service-namespace.yaml diff --git a/cluster-service/Makefile b/cluster-service/Makefile index 885d756f2..ca600e8df 100644 --- a/cluster-service/Makefile +++ b/cluster-service/Makefile @@ -28,9 +28,12 @@ deploy: -p IMAGE_REPOSITORY=app-sre/uhc-clusters-service \ -p IMAGE_TAG=2256c75 | oc apply -f - +deploy-integ: + oc process --local -f deploy/integration/cluster-service-namespace.yaml | oc apply -f - + # for local development provision-shard: @ZONE_RESOURCE_ID=$(shell az network dns zone list -g ${REGIONAL_RESOURCEGROUP} --query "[?zoneType=='Public'].id" -o tsv) && \ sed -e "s#ZONE_RESOURCE_ID#$${ZONE_RESOURCE_ID}#g" -e "s/REGION/${REGION}/g" -e "s/CONSUMER_NAME/${CONSUMER_NAME}/g" deploy/dev-provisioning-shards.yml -.PHONY: deploy +.PHONY: deploy deploy-integ provision-shard diff --git a/cluster-service/deploy/integration/cluster-service-namespace.yaml b/cluster-service/deploy/integration/cluster-service-namespace.yaml new file mode 100644 index 000000000..19ecffcc4 --- /dev/null +++ b/cluster-service/deploy/integration/cluster-service-namespace.yaml @@ -0,0 +1,50 @@ +--- +apiVersion: v1 +kind: Template +metadata: + name: cluster-service-admin +objects: + - apiVersion: v1 + kind: Namespace + metadata: + name: cluster-service-admin + - apiVersion: v1 + kind: ServiceAccount + metadata: + name: cluster-service-mgmt + namespace: cluster-service-admin + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRole + metadata: + name: namespace-admin + rules: + - apiGroups: + - "" + resources: + - namespace + verbs: + - "*" + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: cluster-service-admin + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: admin + subjects: + - kind: ServiceAccount + name: cluster-service-mgmt + namespace: cluster-service-admin + - apiVersion: rbac.authorization.k8s.io/v1 + kind: ClusterRoleBinding + metadata: + name: cluster-service-naemspace-admin + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: namespace-admin + subjects: + - kind: ServiceAccount + name: cluster-service-mgmt + namespace: cluster-service-admin From 40159254185bfc29a9f84f4640e8a31305715e58 Mon Sep 17 00:00:00 2001 From: Jan-Hendrik Boll Date: Thu, 5 Sep 2024 14:07:24 +0200 Subject: [PATCH 2/2] Update cluster-service/deploy/integration/cluster-service-namespace.yaml Co-authored-by: Ori Adler --- .../deploy/integration/cluster-service-namespace.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cluster-service/deploy/integration/cluster-service-namespace.yaml b/cluster-service/deploy/integration/cluster-service-namespace.yaml index 19ecffcc4..ea02c63dc 100644 --- a/cluster-service/deploy/integration/cluster-service-namespace.yaml +++ b/cluster-service/deploy/integration/cluster-service-namespace.yaml @@ -39,7 +39,7 @@ objects: - apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: - name: cluster-service-naemspace-admin + name: cluster-service-namespace-admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole