Flannel: Fix RBAC definitions

This PS fixes the RBAC declarations for the Flannel Chart. Change-Id: I9fab67b6089efcd11cac8a04ec5da0f8451b8f2c
2017-12-26 11:57:10 -05:00 · 2017-12-26 11:57:10 -05:00 · dc023525e0
commit dc023525e0
parent 8673d55243
5 changed files with 38 additions and 103 deletions
--- a/flannel/templates/clusterrole-flannel.yaml
+++ b/flannel/templates/clusterrole-flannel.yaml
@ -1,44 +0,0 @@
-{{/*
-Copyright 2017 The Openstack-Helm Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.clusterrole_flannel }}
-{{- $envAll := . }}
---
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: flannel
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - pods
-    verbs:
-      - get
-  - apiGroups:
-      - ""
-    resources:
-      - nodes
-    verbs:
-      - list
-      - watch
-  - apiGroups:
-      - ""
-    resources:
-      - nodes/status
-    verbs:
-      - patch
-{{- end }}
--- a/flannel/templates/clusterrolebinding-flannel.yaml
+++ b/flannel/templates/clusterrolebinding-flannel.yaml
@ -1,32 +0,0 @@
-{{/*
-Copyright 2017 The Openstack-Helm Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.clusterrolebinding_flannel }}
-{{- $envAll := . }}
---
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: flannel
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: flannel
-subjects:
- kind: ServiceAccount
-  name: flannel
-  namespace: {{ .Release.Namespace }}
-{{- end }}
--- a/flannel/templates/daemonset-kube-flannel-ds.yaml
+++ b/flannel/templates/daemonset-kube-flannel-ds.yaml
@ -25,6 +25,44 @@ limitations under the License.
 {{- $serviceAccountName := "flannel"}}
 {{ tuple $envAll $envAll.Values.pod_dependency $serviceAccountName | include "helm-toolkit.snippets.kubernetes_pod_rbac_serviceaccount" }}
 ---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: {{ $serviceAccountName }}
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+    verbs:
+      - get
+  - apiGroups:
+      - ""
+    resources:
+      - nodes
+    verbs:
+      - list
+      - watch
+  - apiGroups:
+      - ""
+    resources:
+      - nodes/status
+    verbs:
+      - patch
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+  name: {{ $serviceAccountName }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ $serviceAccountName }}
+subjects:
+- kind: ServiceAccount
+  name: {{ $serviceAccountName }}
+  namespace: {{ .Release.Namespace }}
+---
 apiVersion: extensions/v1beta1
 kind: DaemonSet
 metadata:
--- a/flannel/templates/serviceaccount-flannel.yaml
+++ b/flannel/templates/serviceaccount-flannel.yaml
@ -1,24 +0,0 @@
-{{/*
-Copyright 2017 The Openstack-Helm Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/}}
-
-{{- if .Values.manifests.serviceaccount_flannel }}
-{{- $envAll := . }}
---
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: flannel
-{{- end }}
--- a/flannel/values.yaml
+++ b/flannel/values.yaml
@ -78,10 +78,7 @@ endpoints:
        node: 5000

 manifests:
-  clusterrole_flannel: true
-  clusterrolebinding_flannel: true
  configmap_bin: true
  configmap_kube_flannel_cfg: true
  daemonset_kube_flannel_ds: true
  job_image_repo_sync: true
-  serviceaccount_flannel: true