[monasca] add RBAC rules for monasca-agent and the cleanup job #403
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Adds RBAC rules based on the newest bits from the init charts. Note that the RBAC flag has been renamed to remain consistent with Helm community conventions as well as our other charts. - old: `rbac.enabled=true` - new: `rbac.create=true` The agent will now attempt to create and use its own `ServiceAccount` rather than applying a `ClusterRole` to the existing `default` account. A new account, role, and role binding will also be created for the cleanup job. Additionally, override ServiceAccounts can be specified with the following values: - `agent.serviceAccount=...` - `cleanup.serviceAccount=...` The built-in `ServiceAccount`, `Role`/`ClusterRole`, and `RoleBinding`/`ClusterRoleBinding` will not be created if a premade serviceAccount is configured using this flag. Signed-off-by: Tim Buckley <[email protected]>
|
I also disabled the TPR by default, which should work around #337 |
Signed-off-by: Tim Buckley <[email protected]>
|
I'm still seeing the agent fail in minikube due to #348 but the service accounts do seem to be applying correctly. |
joe-keen
approved these changes
Feb 27, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds RBAC rules based on the newest bits from the init charts. Note
that the RBAC flag has been renamed to remain consistent with Helm
community conventions as well as our other charts.
rbac.enabled=truerbac.create=trueThe agent will now attempt to create and use its own
ServiceAccountrather than applying a
ClusterRoleto the existingdefaultaccount. A new account, role, and role binding will also be created
for the cleanup job.
Additionally, override ServiceAccounts can be specified with the
following values:
agent.serviceAccount=...cleanup.serviceAccount=...The built-in
ServiceAccount,Role/ClusterRole, andRoleBinding/ClusterRoleBindingwill not be created if a premadeserviceAccount is configured using this flag.
Signed-off-by: Tim Buckley [email protected]