diff --git a/fluent-logging/templates/clusterrole.yaml b/fluent-logging/templates/clusterrole.yaml deleted file mode 100644 index 7fe755db9..000000000 --- a/fluent-logging/templates/clusterrole.yaml +++ /dev/null @@ -1,54 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.clusterrole }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: fluent-logging-runner -rules: -rules: - - apiGroups: - - "" - resources: - - namespaces - - nodes - - pods - - services - - replicationcontrollers - - limitranges - verbs: - - list - - watch - - apiGroups: - - extensions - resources: - - daemonsets - - deployments - - replicasets - verbs: - - list - - watch - - apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - list - - watch -{{- end }} diff --git a/fluent-logging/templates/clusterrolebinding-fluentbit.yaml b/fluent-logging/templates/clusterrolebinding-fluentbit.yaml deleted file mode 100644 index a389805e1..000000000 --- a/fluent-logging/templates/clusterrolebinding-fluentbit.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.clusterrolebinding_fluentbit }} -{{- $serviceAccountName := "fluentbit"}} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: run-fluent-bit-logging -subjects: - - kind: ServiceAccount - name: {{ $serviceAccountName }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: fluent-logging-runner - apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/fluent-logging/templates/clusterrolebinding-logging.yaml b/fluent-logging/templates/clusterrolebinding-logging.yaml deleted file mode 100644 index 7dc1cafe5..000000000 --- a/fluent-logging/templates/clusterrolebinding-logging.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -{{- if .Values.manifests.clusterrolebinding_logging }} -{{- $serviceAccountName := "fluentd"}} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRoleBinding -metadata: - name: run-fluent-logging -subjects: - - kind: ServiceAccount - name: {{ $serviceAccountName }} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: fluent-logging-runner - apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/fluent-logging/templates/daemonset-fluent-bit.yaml b/fluent-logging/templates/daemonset-fluent-bit.yaml index b53afe288..f4f7064b9 100644 --- a/fluent-logging/templates/daemonset-fluent-bit.yaml +++ b/fluent-logging/templates/daemonset-fluent-bit.yaml @@ -28,6 +28,55 @@ limitations under the License. {{- $serviceAccountName := "fluentbit"}} {{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ $serviceAccountName }} +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ $serviceAccountName }} + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $serviceAccountName }} +rules: +rules: + - apiGroups: + - "" + resources: + - namespaces + - nodes + - pods + - services + - replicationcontrollers + - limitranges + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch +--- apiVersion: extensions/v1beta1 kind: DaemonSet metadata: diff --git a/fluent-logging/templates/deployment-fluentd.yaml b/fluent-logging/templates/deployment-fluentd.yaml index 2119d1eed..60363ce4e 100644 --- a/fluent-logging/templates/deployment-fluentd.yaml +++ b/fluent-logging/templates/deployment-fluentd.yaml @@ -27,6 +27,55 @@ limitations under the License. {{- $serviceAccountName := "fluentd"}} {{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }} --- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ $serviceAccountName }} +subjects: + - kind: ServiceAccount + name: {{ $serviceAccountName }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ $serviceAccountName }} + apiGroup: rbac.authorization.k8s.io +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ $serviceAccountName }} +rules: +rules: + - apiGroups: + - "" + resources: + - namespaces + - nodes + - pods + - services + - replicationcontrollers + - limitranges + verbs: + - list + - watch + - apiGroups: + - extensions + resources: + - daemonsets + - deployments + - replicasets + verbs: + - list + - watch + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list + - watch +--- apiVersion: extensions/v1beta1 kind: Deployment metadata: diff --git a/fluent-logging/values.yaml b/fluent-logging/values.yaml index 1fe872500..459ff5bc8 100644 --- a/fluent-logging/values.yaml +++ b/fluent-logging/values.yaml @@ -261,9 +261,6 @@ pod: fluent_tests: manifests: - clusterrole: true - clusterrolebinding_fluentbit: true - clusterrolebinding_logging: true configmap_bin: true configmap_etc: true deployment_fluentd: true