diff --git a/instance-applications/130-ibm-mas-suite/templates/05-postsync-add-label_Job.yaml b/instance-applications/130-ibm-mas-suite/templates/05-postsync-add-label_Job.yaml index f2fc596a4..4bf6f7f43 100644 --- a/instance-applications/130-ibm-mas-suite/templates/05-postsync-add-label_Job.yaml +++ b/instance-applications/130-ibm-mas-suite/templates/05-postsync-add-label_Job.yaml @@ -38,6 +38,70 @@ metadata: {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: mas-route-prereq-role-{{ .Values.instance_id }} + annotations: + argocd.argoproj.io/sync-wave: "140" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +rules: + - verbs: + - get + - patch + - create + - update + apiGroups: + - "route.openshift.io" + resources: + - routes + - verbs: + - create + - delete + - get + - list + - patch + - update + - watch + apiGroups: + - core.mas.ibm.com + resources: + - suites + - verbs: + - create + - delete + - get + - list + - patch + - update + - watch + apiGroups: + - apps.mas.ibm.com + resources: + - assistworkspaces + - healthextworkspaces + - healthworkspaces + - manageworkspaces + - visualinspectionappworkspaces + - workspaces + - verbs: + - create + - delete + - get + - list + - patch + - update + - watch + apiGroups: + - iot.ibm.com + resources: + - iotworkspaces + --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -57,7 +121,7 @@ subjects: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: cluster-admin + name: mas-route-prereq-role-{{ .Values.instance_id }} --- apiVersion: batch/v1 @@ -134,7 +198,7 @@ spec: echo "Add label to routes updated ${routes}" for route in $routes; do - echo "Adding label to route $route" + echo "Adding label to route - ${route}" oc patch route/${route} -p '{"metadata":{"labels":{"type":"external"}}}' done restartPolicy: Never diff --git a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-add-label_Job.yaml b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-add-label_Job.yaml index 6afc16c89..35aa4e096 100644 --- a/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-add-label_Job.yaml +++ b/instance-applications/510-550-ibm-mas-suite-app-config/templates/04-postsync-add-label_Job.yaml @@ -1,8 +1,8 @@ {{- if .Values.ingress }} -{{ $ns := .Values.mas_app_namespace }} - +{{ $ns := .Values.mas_app_namespace }} {{ $job_label := "mas-app-route-patch" }} + --- # Permit outbound communication by the Job pods # (Needed to communicate with the K8S HTTP API and AWS SM) @@ -26,7 +26,6 @@ spec: policyTypes: - Egress - --- # Service account that is authorized to read k8s secrets (needed by the job) apiVersion: v1 @@ -41,6 +40,69 @@ metadata: {{ .Values.custom_labels | toYaml | indent 4 }} {{- end }} + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: mas-app-route-prereq-role-{{ .Values.instance_id }}-{{ .Values.mas_app_id }} + annotations: + argocd.argoproj.io/sync-wave: "140" +{{- if .Values.custom_labels }} + labels: +{{ .Values.custom_labels | toYaml | indent 4 }} +{{- end }} +rules: + - verbs: + - get + - patch + - create + - update + apiGroups: + - "route.openshift.io" + resources: + - routes + - verbs: + - create + - delete + - get + - list + - patch + - update + - watch + apiGroups: + - core.mas.ibm.com + resources: + - suites + - verbs: + - create + - delete + - get + - list + - patch + - update + - watch + apiGroups: + - apps.mas.ibm.com + resources: + - assistworkspaces + - healthextworkspaces + - healthworkspaces + - manageworkspaces + - visualinspectionappworkspaces + - workspaces + - verbs: + - create + - delete + - get + - list + - patch + - update + - watch + apiGroups: + - iot.ibm.com + resources: + - iotworkspaces --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding @@ -60,7 +122,7 @@ subjects: roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole - name: cluster-admin + name: mas-app-route-prereq-role-{{ .Values.instance_id }}-{{ .Values.mas_app_id }} --- apiVersion: batch/v1