Skip to content

Commit 4ca1966

Browse files
NargiTNargiT
authored
[Bugfix] Pod rolebinding are requiered even with k8s_discovery_mode=serivce-name (#744)
* pod is mandatory because of sleep-mode Signed-off-by: nargit <[email protected]> * Simplify bindings Signed-off-by: nargit <[email protected]> --------- Signed-off-by: nargit <[email protected]> Co-authored-by: nargit <[email protected]>
1 parent 528f6d8 commit 4ca1966

File tree

2 files changed

+5
-29
lines changed

2 files changed

+5
-29
lines changed

helm/templates/role.yaml

Lines changed: 4 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -1,25 +1,17 @@
11
{{- if .Values.routerSpec.enableRouter -}}
2-
{{- if .Values.routerSpec.k8sServiceDiscoveryType | default "pod-ip" | eq "pod-ip" }}
32
apiVersion: rbac.authorization.k8s.io/v1
43
kind: Role
54
metadata:
6-
name: "{{ .Release.Name }}-pod-reader"
5+
name: "{{ .Release.Name }}-reader"
76
namespace: {{ .Release.Namespace }}
87
rules:
98
- apiGroups: [""] # "" indicates the core API group
9+
{{- if .Values.routerSpec.k8sServiceDiscoveryType | default "pod-ip" | eq "pod-ip" }}
1010
resources: ["pods"]
11-
verbs: ["get", "watch", "list", "patch"]
1211
{{- else }}
13-
apiVersion: rbac.authorization.k8s.io/v1
14-
kind: Role
15-
metadata:
16-
name: "{{ .Release.Name }}-service-reader"
17-
namespace: {{ .Release.Namespace }}
18-
rules:
19-
- apiGroups: [ "" ] # "" indicates the core API group
20-
resources: [ "services", "endpoints" ]
21-
verbs: [ "get", "watch", "list", "patch" ]
12+
resources: ["pods", "services", "endpoints"]
2213
{{- end }}
14+
verbs: ["get", "watch", "list", "patch"]
2315
{{- end }}
2416

2517
{{- if .Values.loraController.enableLoraController }}

helm/templates/rolebinding.yaml

Lines changed: 1 addition & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
{{- if .Values.routerSpec.enableRouter -}}
2-
{{- if .Values.routerSpec.k8sServiceDiscoveryType | default "pod-ip" | eq "pod-ip" }}
32
apiVersion: rbac.authorization.k8s.io/v1
43
kind: RoleBinding
54
metadata:
@@ -11,23 +10,8 @@ subjects:
1110
namespace: {{ .Release.Namespace }}
1211
roleRef:
1312
kind: Role
14-
name: {{ .Release.Name }}-pod-reader
13+
name: {{ .Release.Name }}-reader
1514
apiGroup: rbac.authorization.k8s.io
16-
{{ else }}
17-
apiVersion: rbac.authorization.k8s.io/v1
18-
kind: RoleBinding
19-
metadata:
20-
name: {{ .Release.Name }}-deployment-access-binding
21-
namespace: {{ .Release.Namespace }}
22-
subjects:
23-
- kind: ServiceAccount
24-
name: {{ .Release.Name }}-router-service-account
25-
namespace: {{ .Release.Namespace }}
26-
roleRef:
27-
kind: Role
28-
name: {{ .Release.Name }}-service-reader
29-
apiGroup: rbac.authorization.k8s.io
30-
{{- end }}
3115
{{- end }}
3216

3317
{{- if .Values.loraController.enableLoraController }}

0 commit comments

Comments
 (0)