Code Review / oom.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | inline | side by side
[COMMON][ROLES] Create default roles once
[oom.git] / kubernetes / common / serviceAccount / templates / role-binding.yaml
diff --git a/kubernetes/common/serviceAccount/templates/role-binding.yaml b/kubernetes/common/serviceAccount/templates/role-binding.yaml
index 2082f84..7c272ae 100644 (file)
--- a/kubernetes/common/serviceAccount/templates/role-binding.yaml
+++ b/kubernetes/common/serviceAccount/templates/role-binding.yaml
@@ -16,18 +16,24 @@
 
 {{- $dot := . -}}
 {{- range $role_type := $dot.Values.roles }}
+{{/* retrieve the names for generic roles */}}
+{{ $name := printf "%s-%s" (include "common.release" $dot) $role_type }}
+{{- if not (has $role_type $dot.Values.defaultRoles) }}
+{{ $name = include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
+{{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 # This cluster role binding allows anyone in the "manager" group to read secrets in any namespace.
 kind: RoleBinding
 metadata:
-  name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}}
+  name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
   namespace: {{ include "common.namespace" $dot }}
 subjects:
 - kind: ServiceAccount
-  name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}}
+  name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot ) }}
 roleRef:
   kind: Role
-  name: {{ include "common.fullname" (dict "suffix" $role_type "dot" $dot )}}
+  name: {{ $name }}
   apiGroup: rbac.authorization.k8s.io
 {{- end }}
+
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).