Skip to content

Commit

Permalink
[patch] [MASCORE-3232] cluster specific role
Browse files Browse the repository at this point in the history
  • Loading branch information
@padmankosalaram
padmankosalaram committed Aug 8, 2024
1 parent a57814b commit 9d1828f
Show file tree
Hide file tree
Showing 2 changed files with 132 additions and 6 deletions.
68 changes: 66 additions & 2 deletions instance-applications/130-ibm-mas-suite/templates/05-postsync-add-label_Job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,70 @@ metadata:
{{ .Values.custom_labels | toYaml | indent 4 }}
{{- end }}


---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mas-route-prereq-role-{{ .Values.instance_id }}
annotations:
argocd.argoproj.io/sync-wave: "140"
{{- if .Values.custom_labels }}
labels:
{{ .Values.custom_labels | toYaml | indent 4 }}
{{- end }}
rules:
- verbs:
- get
- patch
- create
- update
apiGroups:
- "route.openshift.io"
resources:
- routes
- verbs:
- create
- delete
- get
- list
- patch
- update
- watch
apiGroups:
- core.mas.ibm.com
resources:
- suites
- verbs:
- create
- delete
- get
- list
- patch
- update
- watch
apiGroups:
- apps.mas.ibm.com
resources:
- assistworkspaces
- healthextworkspaces
- healthworkspaces
- manageworkspaces
- visualinspectionappworkspaces
- workspaces
- verbs:
- create
- delete
- get
- list
- patch
- update
- watch
apiGroups:
- iot.ibm.com
resources:
- iotworkspaces

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand All @@ -57,7 +121,7 @@ subjects:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
name: mas-route-prereq-role-{{ .Values.instance_id }}

---
apiVersion: batch/v1
Expand Down Expand Up @@ -134,7 +198,7 @@ spec:
echo "Add label to routes updated ${routes}"
for route in $routes; do
echo "Adding label to route $route"
echo "Adding label to route - ${route}"
oc patch route/${route} -p '{"metadata":{"labels":{"type":"external"}}}'
done
restartPolicy: Never
Expand Down
70 changes: 66 additions & 4 deletions ...ce-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-add-label_Job.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
{{- if .Values.ingress }}

{{ $ns := .Values.mas_app_namespace }}

{{ $ns := .Values.mas_app_namespace }}
{{ $job_label := "mas-app-route-patch" }}

---
# Permit outbound communication by the Job pods
# (Needed to communicate with the K8S HTTP API and AWS SM)
Expand All @@ -26,7 +26,6 @@ spec:
policyTypes:
- Egress


---
# Service account that is authorized to read k8s secrets (needed by the job)
apiVersion: v1
Expand All @@ -41,6 +40,69 @@ metadata:
{{ .Values.custom_labels | toYaml | indent 4 }}
{{- end }}


---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: mas-app-route-prereq-role-{{ .Values.instance_id }}-{{ .Values.mas_app_id }}
annotations:
argocd.argoproj.io/sync-wave: "140"
{{- if .Values.custom_labels }}
labels:
{{ .Values.custom_labels | toYaml | indent 4 }}
{{- end }}
rules:
- verbs:
- get
- patch
- create
- update
apiGroups:
- "route.openshift.io"
resources:
- routes
- verbs:
- create
- delete
- get
- list
- patch
- update
- watch
apiGroups:
- core.mas.ibm.com
resources:
- suites
- verbs:
- create
- delete
- get
- list
- patch
- update
- watch
apiGroups:
- apps.mas.ibm.com
resources:
- assistworkspaces
- healthextworkspaces
- healthworkspaces
- manageworkspaces
- visualinspectionappworkspaces
- workspaces
- verbs:
- create
- delete
- get
- list
- patch
- update
- watch
apiGroups:
- iot.ibm.com
resources:
- iotworkspaces
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
Expand All @@ -60,7 +122,7 @@ subjects:
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
name: mas-app-route-prereq-role-{{ .Values.instance_id }}-{{ .Values.mas_app_id }}

---
apiVersion: batch/v1
Expand Down

0 comments on commit 9d1828f

Please sign in to comment.