Fixed conflict due role configuration

Fixed conflict when user tries to apply more than two apps that uses this same secret-observer helm. The apps oidc-auth-apps and intel-device-plugins-operator wasn't being applied simultaneously on the same system due clusterrole configuration, only one of them could be applied at a time, the solution was to change ClusterRole and ClusterRoleBinding from secret-observer to be namespace specific Role and Rolebindings, each will have permission to operate on objects in their own namespaces. Test Plan: PASS: Build an ISO successfully. PASS: Deploy a SX. PASS: Apply the oidc-auth-apps that is present in the deployed system, the oidc-auth-apps should be successfully installed and on applied state, also check if oidc-secret-observer is present in the installed helm charts using the "helm list -A" command. PASS: Apply the intel-device-plugins-operator, the app should be successfully installed and on applied state. Both oidc-auth-apps and intel-device-plugins-operator should be in applied state and functional. PASS: Apply first intel-device-plugins-operator and then oidc, check if both apps have been applied Story: 2011085 Task: 50692 Change-Id: I274237a9e20874ff562d785474147944cefc0983 Signed-off-by: Joaci Morais <Joaci.deMorais@windriver.com>
2024-07-24 15:33:18 -03:00 · 2024-07-24 15:33:18 -03:00 · 98059c5bfc
commit 98059c5bfc
parent b546c75352
3 changed files with 14 additions and 12 deletions
--- a/secret-observer/secret-observer/helm-charts/secret-observer/templates/clusterrole.yaml
+++ b/secret-observer/secret-observer/helm-charts/secret-observer/templates/clusterrole.yaml
@ -1,16 +1,17 @@
 {{/*
 #
-# Copyright (c) 2021-2022 Wind River Systems, Inc.
+# Copyright (c) 2021-2024 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
 */}}

-{{- if .Values.clusterRole.create }}
+{{- if .Values.Role.create }}
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
+kind: Role
 metadata:
-  name: secret-observer-cr
+  namespace: "{{ .Values.namespace }}"
+  name: secret-observer-r
  labels:
    app: secret-observer
    release: "{{ .Release.Name }}"
--- a/secret-observer/secret-observer/helm-charts/secret-observer/templates/clusterrolebinding.yaml
+++ b/secret-observer/secret-observer/helm-charts/secret-observer/templates/clusterrolebinding.yaml
@ -1,22 +1,23 @@
 {{/*
 #
-# Copyright (c) 2021 Wind River Systems, Inc.
+# Copyright (c) 2021-2024 Wind River Systems, Inc.
 #
 # SPDX-License-Identifier: Apache-2.0
 #
 */}}

-{{- if .Values.clusterRoleBinding.create }}
+{{- if .Values.RoleBinding.create }}
 apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
+kind: RoleBinding
 metadata:
+  namespace: "{{ .Values.namespace }}"
  labels:
    release: "{{ .Release.Name }}"
-  name: secret-observer-crb
+  name: secret-observer-rb
 roleRef:
  apiGroup: rbac.authorization.k8s.io
-  kind: ClusterRole
-  name: secret-observer-cr
+  kind: Role
+  name: secret-observer-r
 subjects:
 - kind: ServiceAccount
  name: secret-observer
--- a/secret-observer/secret-observer/helm-charts/secret-observer/values.yaml
+++ b/secret-observer/secret-observer/helm-charts/secret-observer/values.yaml
@ -8,10 +8,10 @@ image: docker.io/curlimages/curl
 imageTag: 8.8.0
 namespace: default

-clusterRoleBinding:
+RoleBinding:
  create: true

-clusterRole:
+Role:
  create: true

 serviceAccount: